Information disclosure

An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 and before 2018.10.4 LTS allows remote authenticated users to view sensitive Terraform output variables via log files...

Insecure Default Configuration in airbrake

Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information...

CVE-2015-4615

Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables...

CVE-2015-4615

CVE-2015-4615 affects the Easy2Map-Photos WordPress Plugin (v1.0.9). The vulnerability is an SQL Injection via unsanitized inputs including mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML, and mapID, caused by non-parameterized SQL queries in Functions.php....

Security Update for Microsoft Visual Studio Code (February 2019)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.31.1. It is, therefore, affected by a remote code execution vulnerability that exists due to how environment variables are processed. An attacker who successfully exploited the vulnerability could run...

HPSBHF03604 rev. 2 - Intel Xeon® Platform Firmware Included Unsecure Handling of Certain UEFI Variables

Potential Security Impact Escalation of Privilege, Denial of Service. Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Insecure handling of UEFI variables in Intel® Xeon® Scalable processors, Intel® Xeon® Processor E5 v4 Family, Intel® Xeon® Processor E5...

Design/Logic Flaw

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782 CredHub CLI writes environment variable credentials to disk

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782

The CVE-2019-3782 issue affects Cloud Foundry CredHub CLI prior to version 2.2.1. The vulnerability arises when credentials supplied via environment variables are written to the CLI’s persistent config file, potentially exposing them to a local authenticated attacker who has access to the CredHub...

Visual Studio Code Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

[SECURITY] Fedora 28 Update: mingw-libconfuse-3.2.2-1.fc28

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

Design/Logic Flaw

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

ALPINE-CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

CVE-2019-3464 involves insufficient sanitization of environment variables passed to rsync, enabling bypass of rssh restrictions and potential execution of arbitrary shell commands. The vulnerability affects setups using rssh as a restricted shell paired with rsync; attackers could exploit environ...

CVE-2019-3464

Removed by vendor...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...