CVE-2019-3464

CVE-2019-3464 involves insufficient sanitization of environment variables passed to rsync, enabling bypass of rssh restrictions and potential execution of arbitrary shell commands. The vulnerability affects setups using rssh as a restricted shell paired with rsync; attackers could exploit environ...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Removed by vendor...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

Firmware Denial of Service - US

Lenovo Security Advisory: LEN-24816 Potential Impact: Denial of service Severity: Low Scope of Impact: Industry-wide Summary Description: Lenovo was notified by AMI of a vulnerability that can prevent firmware from booting when certain modifiable UEFI variables are intentionally corrupted during...

UBUNTU-CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

AddressSanitizer (ASan) - SUID Executable Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the...

AddressSanitizer (ASan) SUID Executable Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AddressSanitizer ASan SUID Executable Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems usi...

Microsoft Team Foundation Server Information Disclosure Vulnerability

Microsoft Team Foundation Server is a source code management, project management and team collaboration platform within the Application Lifecycle Management ALM suite of tools from Microsoft. The platform helps teams collaborate more flexibly and effectively and deliver high-quality software more...

CVE-2019-0647

An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation. The VMX code sets the GDT.LIMIT to 64 KB and does not restore it to the previous host value. This allows an attacker is able to escalate their privileges by placing malicious entries to the per-cpu variables in the GDT with a corrupted GDT limit...

Remote Code Execution (RCE)

kernel is vulnerable to remote code execution RCE attacks. The vulnerability exists as the Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of...

Remote Code Execution (RCE)

bash is vulnerable to remote code execution RCE attacks. The vulnerability exists as GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrate...

Authorization Bypass

sudo is vulnerable to authorization bypass attacks. The vulnerability exists as Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions v...

Arbitrary Code Execution

spice-gtk is vulnerable to arbitrary code execution attacks. The vulnerability exists as libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment...

Arbitrary Code Execution

abrt is vulnerable to arbitrary code execution. The /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool does not sufficiently sanitize its environment variables, allowing arbitrary Python modules to be loaded and run from non-standard directories such as /tmp. A local attacker is able t...

Team Foundation Server Information Disclosure Vulnerability

An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret. An authenticated attacker who successfully exploited this vulnerability could view variables that were hidden by other users. To exploit the vulnerability, an...

AddressSanitizer (ASan) SUID Executable Privilege Escalation

This module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the ASANOPTIONS...