7852 matches found
CVE-2019-5483
Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...
CVE-2019-5483
Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...
Design/Logic Flaw
Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...
CVE-2019-5483
CVE-2019-5483 affects Seneca prior to 3.9.0, exposing environment variables when a process crashes. Connected sources (Red Hat, OSV, GHSA, npm advisory, Veracode) confirm Sensitive Data Exposure due to printing environment data in crash logs. Impact is information disclosure of sensitive data suc...
CVE-2019-5483
Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...
Sensitive Data Exposure
Overview Versions of seneca prior to 3.9.0 are vulnerable to Sensitive Data Exposure. When a process using the package crashes all environment variables are printed. This may leak sensitive data such as access keys, especially given scenarios when log-monitoring systems store the error output...
PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters
PyFuscation Requires python3 usage: PyFuscation.py -h -f -v -p --ps SCRIPT Optional arguments: • -h, --help show this help message and exit • -f Obfuscate functions ○ Do this First ... Its probably the most likely to work well • -v Obfuscate variables ○ If your going to obfuscate variables do the...
Information Disclosure
seneca is vulnerable to information disclosure. The vulnerability exists as it does not properly handle environment variables. An attacker is able to crash the application and obtain the environment variables information that is printed in the exception...
CVE-2017-14201 The shell DNS command can cause unpredictable results due to misuse of stack variables.
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all...
Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190806)
Security Fixes : - QEMU: Slirp: information leakage in tcpemu due to uninitialized stack variables CVE-2019-9824 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128257; scriptversion"1.4";...
The vulnerability of the config-variables.jelly component in the Jenkins Credentials Binding plugin allows a hacker to gain unauthorized access to protected information.
The vulnerability of the config-variables.jelly component in the Jenkins Credentials Binding plugin is related to the storage of passwords in a readable format. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2019-14257
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...
CVE-2019-14257
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...
Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability
A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...
MGASA-2019-0223 Updated mythtv packages fix security issues
This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes at least the following issue: The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure CVE-2018-15822. It...
CVE-2019-13220
Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...
CVE-2019-13220
Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...
CVE-2019-13220
Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...
FreeBSD : FreeBSD -- telnet(1) client multiple vulnerabilities (39f6cbff-b30a-11e9-a87f-a4badb2f4699)
Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack- based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects t...
FreeBSD : doas -- Prevent passing of environment variables (7f7d6412-bae5-11e9-be92-3085a9a95629)
Jesse Smith upstream author of the doas program reported : Previous versions of 'doas' transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or writte...