Lucene search
K

7852 matches found

NVD
NVD
added 2019/09/09 5:15 p.m.21 views

CVE-2019-5483

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5.3CVSS5.1AI score0.01181EPSS
Exploits1References1
OSV
OSV
added 2019/09/09 5:15 p.m.11 views

CVE-2019-5483

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5.3CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2019/09/09 5:15 p.m.13 views

Design/Logic Flaw

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5CVSS5AI score0.01181EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/09 4:53 p.m.68 views

CVE-2019-5483

CVE-2019-5483 affects Seneca prior to 3.9.0, exposing environment variables when a process crashes. Connected sources (Red Hat, OSV, GHSA, npm advisory, Veracode) confirm Sensitive Data Exposure due to printing environment data in crash logs. Impact is information disclosure of sensitive data suc...

5.3CVSS4.9AI score0.01181EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/09 4:53 p.m.28 views

CVE-2019-5483

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5AI score0.01181EPSS
Exploits1References1
Node.js
Node.js
added 2019/09/06 6:20 p.m.21 views

Sensitive Data Exposure

Overview Versions of seneca prior to 3.9.0 are vulnerable to Sensitive Data Exposure. When a process using the package crashes all environment variables are printed. This may leak sensitive data such as access keys, especially given scenarios when log-monitoring systems store the error output...

5CVSS3.1AI score0.01181EPSS
Exploits1Affected Software1
Kitploit
Kitploit
added 2019/09/04 10:43 p.m.562 views

PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters

PyFuscation Requires python3 usage: PyFuscation.py -h -f -v -p --ps SCRIPT Optional arguments: • -h, --help show this help message and exit • -f Obfuscate functions ○ Do this First ... Its probably the most likely to work well • -v Obfuscate variables ○ If your going to obfuscate variables do the...

7.2AI score
Exploits0References1
Veracode
Veracode
added 2019/09/04 6:36 a.m.14 views

Information Disclosure

seneca is vulnerable to information disclosure. The vulnerability exists as it does not properly handle environment variables. An attacker is able to crash the application and obtain the environment variables information that is printed in the exception...

5.3CVSS1.4AI score0.01181EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/08/29 12:44 a.m.27 views

CVE-2017-14201 The shell DNS command can cause unpredictable results due to misuse of stack variables.

Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all...

8.1AI score0.01104EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/08/27 12:0 a.m.34 views

Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190806)

Security Fixes : - QEMU: Slirp: information leakage in tcpemu due to uninitialized stack variables CVE-2019-9824 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128257; scriptversion"1.4";...

5.5CVSS6.4AI score0.00515EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/08/22 12:0 a.m.3 views

The vulnerability of the config-variables.jelly component in the Jenkins Credentials Binding plugin allows a hacker to gain unauthorized access to protected information.

The vulnerability of the config-variables.jelly component in the Jenkins Credentials Binding plugin is related to the storage of passwords in a readable format. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.5CVSS5.5AI score0.01468EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2019/08/21 7:15 p.m.18 views

CVE-2019-14257

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...

7.8CVSS7.8AI score0.00644EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/08/21 6:35 p.m.18 views

CVE-2019-14257

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...

7.8AI score0.00644EPSS
Exploits1References2
Cisco
Cisco
added 2019/08/21 4:0 p.m.68 views

Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...

6.5CVSS2.1AI score0.0157EPSS
Exploits0References1
OSV
OSV
added 2019/08/18 12:39 p.m.9 views

MGASA-2019-0223 Updated mythtv packages fix security issues

This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes at least the following issue: The flvwritepacket function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure CVE-2018-15822. It...

7.5CVSS6.9AI score0.03266EPSS
Exploits0References5
OSV
OSV
added 2019/08/15 5:15 p.m.11 views

CVE-2019-13220

Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

7.1CVSS7AI score
Exploits0References4
Cvelist
Cvelist
added 2019/08/15 12:0 a.m.16 views

CVE-2019-13220

Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

7.5AI score0.00985EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2019/08/15 12:0 a.m.18 views

CVE-2019-13220

Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

7.1CVSS6.7AI score0.00985EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.35 views

FreeBSD : FreeBSD -- telnet(1) client multiple vulnerabilities (39f6cbff-b30a-11e9-a87f-a4badb2f4699)

Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack- based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects t...

7.8CVSS8AI score0.00587EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.17 views

FreeBSD : doas -- Prevent passing of environment variables (7f7d6412-bae5-11e9-be92-3085a9a95629)

Jesse Smith upstream author of the doas program reported : Previous versions of 'doas' transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or writte...

5.5AI score
Exploits0References3
Rows per page
Query Builder