Lucene search
+L

85 matches found

cvelist
cvelist
added 2022/07/14 8:5 p.m.42 views

CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS6.7AI score0.00507EPSS
Exploits0References2
osv
osv
added 2022/07/14 8:5 p.m.32 views

CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS4.9AI score0.00507EPSS
Exploits0References4
nvd
nvd
added 2022/02/10 8:15 p.m.26 views

CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

7.5CVSS0.0132EPSS
Exploits0References3
prion
prion
added 2022/02/10 8:15 p.m.19 views

Design/Logic Flaw

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

6CVSS7.5AI score0.0132EPSS
Exploits0References3Affected Software1
cve
cve
added 2022/02/10 8:10 p.m.117 views

CVE-2022-23630

CVE-2022-23630 affects Gradle’s dependency verification bypass. When verification is disabled on some configurations but enabled on others, and the disabled configuration resolves first, common dependencies may skip verification for the enabled configuration. Gradle 7.4 addresses this by validati...

7.5CVSS7.5AI score0.0132EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2021/07/22 12:0 a.m.7 views

The vulnerability of the Apache Ant build automation tool, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the Apache Ant build automation tool is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.3AI score0.0262EPSS
Exploits0References4Affected Software1
redhat
redhat
added 2021/06/03 10:58 a.m.58 views

Low: Red Hat Security Advisory: rust-toolset-1.49 and rust-toolset-1.49-rust update

New rust-toolset-1.49 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7.2AI score0.01676EPSS
Exploits2References4
cnnvd
cnnvd
added 2021/04/29 12:0 a.m.5 views

samurai 代码问题漏洞

samurai is a ninja-compatible build tool written in C. A security vulnerability exists in samurai 1.2, which stems from a NULL pointer dereference in the printstatus function in buildc...

5.5CVSS5.7AI score0.00747EPSS
Exploits1References3
almalinux
almalinux
added 2021/02/16 7:32 a.m.31 views

rust-toolset:rhel8 bug fix and enhancement update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Rust Toolset has been updated to version 1.47.0 BZ1883839. For detailed information on changes in this release, see the AlmaLinux.1...

2.3AI score
Exploits0
gitee
gitee
added 2021/01/24 10:43 a.m.3 views

emp3r0r

This is a Linux post-exploitation framework made by linux user, known as emp3r0r. The framework is designed to provide a comprehensive set of tools for exploiting and manipulating Linux systems. The framework is composed of several components, including a build script, a command-line interface CL...

7.4AI score
Exploits0
fedora
fedora
added 2020/10/25 1:20 a.m.59 views

[SECURITY] Fedora 32 Update: ant-1.10.9-1.fc32

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

7.5CVSS1.5AI score0.08235EPSS
Exploits0
osv
osv
added 2020/06/15 2:15 p.m.3 views

CVE-2020-8675

Insufficient control flow management in firmware build and signing tool for IntelR Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

6.8CVSS6.7AI score0.00371EPSS
Exploits0References1
fedora
fedora
added 2020/06/02 3:54 a.m.43 views

[SECURITY] Fedora 32 Update: ant-1.10.8-1.fc32

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

6.3CVSS1.5AI score0.01793EPSS
Exploits0
fedora
fedora
added 2020/06/02 3:14 a.m.48 views

[SECURITY] Fedora 31 Update: ant-1.10.8-1.fc31

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

6.3CVSS1.5AI score0.01793EPSS
Exploits0
fireeye
fireeye
added 2019/04/24 5:30 p.m.24 views

CARBANAK Week Part Three: Behind the CARBANAK Backdoor

We covered a lot of ground in Part One and Part Two of our CARBANAK Week blog series. Now let's take a look back at some of our previous analysis and see how it holds up. In June 2017, we published a blog post sharing novel information about the CARBANAK backdoor, including technical details, int...

7.4AI score
Exploits0References8
redhat
redhat
added 2018/11/13 3:25 p.m.6 views

Moderate: Red Hat Enhancement Advisory: new packages: rust-toolset-1.29

New rust-toolset-1.29 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. This enhancement...

7.8CVSS6.7AI score0.01819EPSS
Exploits0References12
debian
debian
added 2018/07/24 8:6 p.m.25 views

[SECURITY] [DSA 4255-1] ant security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4255-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...

0.7AI score
Exploits0
ubuntu
ubuntu
added 2018/07/24 5:58 p.m.80 views

USN-3721-1: Apache Ant vulnerability

Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files...

5.8AI score
Exploits0
fedora
fedora
added 2018/07/03 4:56 p.m.14 views

[SECURITY] Fedora 28 Update: ant-1.10.1-10.fc28

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

1.5AI score
Exploits0
nvd
nvd
added 2018/06/04 4:29 p.m.26 views

CVE-2016-10656

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

9.3CVSS8.4AI score0.01682EPSS
Exploits0References1
Rows per page
Query Builder