CVE-2018-4180

It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. Affected backends use attacker-controlled environment variables without proper sanitization. A local attacker, who is part of one of the groups specified in the SystemGroups directive, could use the...

Security Bulletin: IBM Security SiteProtector System is affected by GSKit vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in GSKit. Vulnerability Details CVEID: CVE-2018-1428 DESCRIPTION: IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Scor...

GHSA-85FQ-56WQ-GMCF Withdrawn Advisory: mariadb was malware

Withdrawn Advisory This advisory has been withdrawn because MariaDB now owns https://www.npmjs.com/package/mariadb and the package is no longer malicious. This link is maintained to preserve external references. Original Description The mariadb package is a piece of malware that steals environmen...

Cloud Foundry and Cloud Foundry Java Buildpack Information Disclosure Vulnerability

Cloud Foundry and Cloud Foundry Java Buildpack are both products of the Cloud Foundry Foundation, an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment.Cloud Foundry Java Buildpack is an...

CloudBees Jenkins AWS CodeDeploy Plugin Information Disclosure Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . AWS CodeDeploy Plugin is used in one of the deployment components . An information...

CVE-2018-11049

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious co...

CVE-2016-0708

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

Platform firmware included insecure handling of certain UEFI variables

Summary: This update improves the security of the firmware and the ability to enable secure configuration. Description: Insecure handling of UEFI variables in Intel® Xeon® Scalable processors, Intel® Xeon® Processor E5 v4 Family, Intel® Xeon® Processor E5 v3 Family system firmware potentially...

CVE-2018-1000402

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later...

Information disclosure

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later...

CVE-2018-1000402

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later...

CVE-2018-1000402

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later...

Command Line Injection

github.com/kubernetes/kubernetes is vulnerable to command line injection attack. The vulnerability exists when mounting smb on windows where a command line injection attack can occur through values supplied by the environment variables...

Attack on Pseudo-random number generator (PRNG) used in 1000 Guess, an Ethereum lottery game. (CVE-2018–12454)

Abstract An Ethereum lottery game, 1000 Guess, has a vulnerability that it generates random numbers predictable by anyone. This game decides a winner by a random number when the number of players who bet on the contract reaches to the predetermined number. The contract generates the random number...

1000 Guess has an unspecified vulnerability

1000 Guess is an ethereum-based random number guessing game. A security vulnerability in the 'addguess' function of the implementation of the simplelottery smart contract in 1000 Guess stems from the program's use of publicly readable variables to generate random values. An attacker could exploit...

Command injection

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...