85 matches found
CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...
CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...
CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
Design/Logic Flaw
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
CVE-2022-23630
CVE-2022-23630 affects Gradle’s dependency verification bypass. When verification is disabled on some configurations but enabled on others, and the disabled configuration resolves first, common dependencies may skip verification for the enabled configuration. Gradle 7.4 addresses this by validati...
The vulnerability of the Apache Ant build automation tool, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.
The vulnerability of the Apache Ant build automation tool is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Low: Red Hat Security Advisory: rust-toolset-1.49 and rust-toolset-1.49-rust update
New rust-toolset-1.49 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
samurai 代码问题漏洞
samurai is a ninja-compatible build tool written in C. A security vulnerability exists in samurai 1.2, which stems from a NULL pointer dereference in the printstatus function in buildc...
rust-toolset:rhel8 bug fix and enhancement update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Rust Toolset has been updated to version 1.47.0 BZ1883839. For detailed information on changes in this release, see the AlmaLinux.1...
emp3r0r
This is a Linux post-exploitation framework made by linux user, known as emp3r0r. The framework is designed to provide a comprehensive set of tools for exploiting and manipulating Linux systems. The framework is composed of several components, including a build script, a command-line interface CL...
[SECURITY] Fedora 32 Update: ant-1.10.9-1.fc32
Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...
CVE-2020-8675
Insufficient control flow management in firmware build and signing tool for IntelR Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...
[SECURITY] Fedora 32 Update: ant-1.10.8-1.fc32
Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...
[SECURITY] Fedora 31 Update: ant-1.10.8-1.fc31
Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...
CARBANAK Week Part Three: Behind the CARBANAK Backdoor
We covered a lot of ground in Part One and Part Two of our CARBANAK Week blog series. Now let's take a look back at some of our previous analysis and see how it holds up. In June 2017, we published a blog post sharing novel information about the CARBANAK backdoor, including technical details, int...
Moderate: Red Hat Enhancement Advisory: new packages: rust-toolset-1.29
New rust-toolset-1.29 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. This enhancement...
[SECURITY] [DSA 4255-1] ant security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4255-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...
USN-3721-1: Apache Ant vulnerability
Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files...
[SECURITY] Fedora 28 Update: ant-1.10.1-10.fc28
Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...
CVE-2016-10656
qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...