Privilege Escalation

Bash is vulnerable to privilege escalation. This allows to local authenticated user to inject arbitrary commands via crafted SHELLOPTS and PS4 environment variables leading to data modification and disclosure of information...

Information Disclosure

kernel-rt is vulnerable to information disclosure. The vulnerability exists as the crypto API does not initialize certain length variables...

CVE-2019-11632

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. These permissions are only used in custom...

SGI IRIX 6.4.x Run-Time Linker Arbitrary File Creation

!/bin/sh SGI IRIX /etc/passwd" /tmp/.x.sh chmod 755 /tmp/.x.sh RLDARGS="-log /.cshrc |/tmp/.x.sh" /sbin/su last -3 root echo " waiting 5mins for root to login..." sleep 300 su - w00t...

drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux

Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try this tool. Usage You need to specify DRRUNPATH to point to drrun launcher and LIBCOVPATH to point to libbinafl.so coverage library. You also need to switc...

Tower: credentials leaked through environment variables

When running Tower on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges...

Design/Logic Flaw

Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch...

CVE-2018-10959

Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch...

CVE-2018-10959

CVE-2018-10959 affects Avecto Defendpoint 4 (before 4.4 SR6) and 5 (before 5.1 SR1). The vulnerability is an Untrusted Search Path issue allowing elevation by modifying environment variables to launch the attacker’s process. Exploitation details beyond this are not provided in the documents. Reme...

CVE-2018-10959

Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : rssh vulnerabilities (USN-3946-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3946-1 advisory. It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user...

USN-3946-1: rssh vulnerabilities

It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands...

Node.js third-party modules: environment variable leakage in error reporting

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report the leak of...

Nextcloud: In Dockerized Environments, Failing to Read config.php Grants Any Anonymous User Full Admin Access

Consider this deployment: - Nextcloud is already installed in a Dockerized environment. - There are two Nextcloud containers running in the environment. - Both containers share the same MySQL database. - Both containers share the same data /var/www/html/data and config /var/www/html/config via...

Code injection

When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges...

CVE-2019-3869

When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges...

CVE-2019-0728

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'...

CVE-2019-0728

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'...

CVE-2019-0728

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'...

Remote code execution

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'...