GHSA-36VC-CW62-FQVR Shadowsock is malware

The shadowsock package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Shadowsock is malware

The shadowsock package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

NoMachine App for Android vulnerable to environment variables alteration

Overview NoMachine App for Android contains an information alteration vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may alte...

All For One Information Disclosure Vulnerability

All For One is an Ether-based gambling game. An information disclosure vulnerability exists in the 'maxRandom' function in All For One's smart contract implementation, which stems from the program's use of publicly readable variables to generate arbitrary values. An attacker could use the...

JVN#14451678: NoMachine App for Android vulnerable to environment variables alteration

NoMachine App for Android contains an information alteration vulnerability. Impact A remote attacker may alter environemt variables of the NoMachine App. As a result, arbitrary code may be executed. Solution Update the Software Update to the latest version of software according to the information...

kernel: kvm: vmx: host GDT limit corruption

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cp...

kernel: kvm: vmx: host GDT limit corruption

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cp...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by GSKit

Summary Multiple security vulnerabilities have been identified in GSKit and GSKit-Crypto that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denia...

Monitorix Cross-Site Scripting Vulnerability

Monitorix is a set of free tools for monitoring system status. The tool supports customization of monitoring settings and analyzes CPU and memory usage, disk access usage, network usage, and more. A cross-site scripting vulnerability exists in versions of Monitorix prior to 3.10.1. The...

Cross site scripting

Monitorix before 3.10.1 allows XSS via CGI variables...

CVE-2018-7649

Monitorix before 3.10.1 allows XSS via CGI variables...

CVE-2018-7649

Monitorix before 3.10.1 allows XSS via CGI variables...

PYSEC-2018-38

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

Design/Logic Flaw

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

CVE-2016-8628

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

PYSEC-2018-38

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

DEBIAN-CVE-2016-8628

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

Homebrew: GitHub API Key for BrewTestBot is publicly exposed

Hello! While browsing through some old reports, I found that https://jenkins.brew.sh was publicly accessible. I got curious when I saw one of the brew bottle builds doing a git push to BrewTestBot/homebrew-core, and wondered if the credentials to make authenticated pushes were accessible. Sure...

UBUNTU-CVE-2018-10901

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cp...