CVE-2019-4620

CVE-2019-4620 affects IBM MQ Appliance 8.0 and 9.0 LTS, where a local attacker could bypass security restrictions due to improper validation of environment variables. The connected IBM bulletin specifies the remediation: upgrade IBM MQ Appliance to 8.0.0.14 or later for the 8.x line; for 9.x, app...

CVE-2019-4620

IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863...

ALPINE-CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...

DEBIAN-CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...

Security Bulletin: IBM MQ Appliance could allow a local attacker to bypass security restrictions (CVE-2019-4620)

Summary IBM MQ Appliance has addressed the following security restrictions bypass vulnerability. Vulnerability Details CVEID: CVE-2019-4620 DESCRIPTION: IBM MQ Appliance could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. CVSS Base...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2017-1032)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2017-1031)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1418)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-10561

Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

Input validation

Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-10561

Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-12399

CVE-2019-12399 affects Apache Kafka Connect: when Connect workers are configured with config providers and a connector uses an externalized secret variable within a substring of a configuration value, an attacker can request a cluster’s task configuration and receive the plaintext secret instead ...

Linux: SSH PermitUserEnvironment

The PermitUserEnvironment option allows users to present environment options to the sshdaemon. Permitting users the ability to set environment variables through the SSH daemon could potentially allow users to bypass security controls e.g. setting an execution path that has sshexecuting trojan...

LKWA - Lesser Known Web Attack Lab

Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. Installation Just clone the git with git clone https://github.com/weev3/LKWA and mov...

AWS Report - Tool For Analyzing Amazon Resources

AWS Report is a tool for analyzing amazon resources. Features Search iam users based on creation date Search buckets public Search security group with inbound rule for 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways...

Improper Authorization

Overview All versions of passport-cognito are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated users may...

Amazon Linux AMI : rssh (ALAS-2019-1328)

Insufficient sanitation of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. CVE-2019-3464 Insufficient sanitation of arguments...

PT-2020-9609 · Ksh +3 · Ksh +3

Name of the Vulnerable Software and Affected Versions: ksh version 20120801 Description: A flaw was found in the way ksh evaluates certain environment variables, allowing an attacker to override or bypass environment restrictions to execute shell commands. Services and applications that allow...

EulerOS 2.0 SP2 : ppp (EulerOS-SA-2019-2399)

According to the versions of the ppp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Buffer overflow in the rcmksid function in plugins/radius/util.c in Paul's PPP Package ppp 2.4.6 and earlier, when the PID for pppd is greater than...

Unspecified vulnerability in radare2

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 4.0.0 and earlier versions, which stems from the program not validating content variables. An attacker can exploit the vulnerability to perform arbitrary write operations with special...