GHSA-9XGH-XGW5-P5CW nodemssql is malware

The nodemssql package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security conce...

Brocade Fabric OS Restricted Configuration Shell Bypass Vulnerability

Fabric OS is the firmware for Brocade Communications Systems' Fibre Channel switches and Fibre Channel controllers. A restricted configuration shell bypass vulnerability exists in the Secure Shell implementation of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, and 7.4.2d. A local attacker can...

CVE-2018-6441

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell...

Authentication flaw

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell...

CVE-2018-6441

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell...

CVE-2018-6441

CVE-2018-6441 involves a local bypass in the Secure Shell implementation of Brocade Fabric OS. Affected: Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d. Root cause: ability for a local attacker to provide arbitrary environment variables, bypassing the restricted configuration shell. Impa...

GHSA-F7PH-P5RV-PHW2 Cross-Site Scripting in nunjucks

Affected versions of nunjucks do not properly escape specially structured user input in template vars when in auto-escape mode, resulting in a cross-site scripting vulnerability. Proof of Concept By using an array for the keys in a template var, escaping is bypassed. javascript name=alert1 A full...

GHSA-MWCV-M549-5CM8 node-tkinter is malware

The node-tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

node-tkinter is malware

The node-tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

GHSA-RWG6-3FMJ-W4WX tkinter is malware

The tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

tkinter is malware

The tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

Privilege Escalation

libhesiod.so is vulnerable to a privilege escalation. The library does not safely check the EUID with the UID parameters, overriding configuration values with environment variable. This can allow a malicious user to use the HESIODCONFIG or HESDOMAIN environment variable to run arbitrary binaries...

BSA-2018-734

Security Advisory ID : BSA-2018-734 Component : Secure Shell Revision : 1.0: Initial A vulnerability in Brocade Fabric OS Secure Shell implementation could allow a local attacker to provide arbitrary environment variables,which can be used to bypass the restricted configuration shell. Affected...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: he path module allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.The issue is mitigated by the fact that the user needs the...

GHSA-894F-RW44-QRW5 mongose is malware

The mongose package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

mongose is malware

The mongose package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

GHSA-J68R-23HJ-XF9C node-openssl is malware

The node-openssl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

node-openssl is malware

The node-openssl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

GHSA-JG4F-JQM5-4MGQ Ansible fails to properly sanitize fact variables sent from the Ansible controller

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

Ansible fails to properly sanitize fact variables sent from the Ansible controller

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...