7807 matches found
Sensitive Data Exposure
Overview Versions of seneca prior to 3.9.0 are vulnerable to Sensitive Data Exposure. When a process using the package crashes all environment variables are printed. This may leak sensitive data such as access keys, especially given scenarios when log-monitoring systems store the error output...
PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters
PyFuscation Requires python3 usage: PyFuscation.py -h -f -v -p --ps SCRIPT Optional arguments: • -h, --help show this help message and exit • -f Obfuscate functions ○ Do this First ... Its probably the most likely to work well • -v Obfuscate variables ○ If your going to obfuscate variables do the...
Information Disclosure
seneca is vulnerable to information disclosure. The vulnerability exists as it does not properly handle environment variables. An attacker is able to crash the application and obtain the environment variables information that is printed in the exception...
CVE-2017-14201 The shell DNS command can cause unpredictable results due to misuse of stack variables.
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all...
Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190806)
Security Fixes : - QEMU: Slirp: information leakage in tcpemu due to uninitialized stack variables CVE-2019-9824 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128257; scriptversion"1.4";...
The vulnerability of the config-variables.jelly component in the Jenkins Credentials Binding plugin allows a hacker to gain unauthorized access to protected information.
The vulnerability of the config-variables.jelly component in the Jenkins Credentials Binding plugin is related to the storage of passwords in a readable format. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2019-14257
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...
CVE-2019-14257
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...
Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability
A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...
MGASA-2019-0223 Updated mythtv packages fix security issues
This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes at least the following issue: The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure CVE-2018-15822. It...
CVE-2019-13220
Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...
CVE-2019-13220
Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...
CVE-2019-13220
Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...
FreeBSD : doas -- Prevent passing of environment variables (7f7d6412-bae5-11e9-be92-3085a9a95629)
Jesse Smith upstream author of the doas program reported : Previous versions of 'doas' transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or writte...
FreeBSD : FreeBSD -- telnet(1) client multiple vulnerabilities (39f6cbff-b30a-11e9-a87f-a4badb2f4699)
Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack- based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects t...
cPanel Input Validation Error Vulnerability (CNVD-2019-29610)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 67.9999.103 that stems from the program not properly filtering...
doas -- Prevent passing of environment variables
Jesse Smith upstream author of the doas program reported: Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or written...
CloudBees Jenkins Configuration as Code Plugin Input Validation Error Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...
CVE-2019-10362
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...