Code injection

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads tha...

CVE-2023-45085 When compute hosts are disabled and reenabled, they immediately transition to "ON", not "INIT"

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads tha...

CVE-2023-45085

CVE-2023-45085 affects SoftIron HyperCloud. The vulnerability arises when compute nodes come online without going through the proper initialization, allowing workloads to be scheduled on nodes that may deploy into a failed or erroneous state, impacting availability. Affected versions are HyperClo...

PT-2023-29402 · Softiron · Softiron Hypercloud

Name of the Vulnerable Software and Affected Versions: SoftIron HyperCloud versions 2.0.0 through 2.0.2 Description: An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be...

GHSA-PGPJ-83G3-MFR2 Jenkins Google Compute Engine Plugin has incorrect permission checks

Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: - Enumerate...

Jenkins Google Compute Engine Plugin has incorrect permission checks

Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: - Enumerate...

CVE-2023-49652

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...

CVE-2023-49652

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...

CVE-2023-49652

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...

CVE-2023-49652

The CVE-2023-49652 entry concerns Jenkins Google Compute Engine Plugin (versions up to 4.550.vb_327fca_3db_11 and earlier). The underlying issue is incorrect permission checks that enable attackers with global Item/Configure permission (but without Item/Configure on any specific job) to enumerate...

Jenkins plugins Multiple Vulnerabilities (2023-11-29)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Medium Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped...

Jenkins Google Compute Engine Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-35590 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write error. Technical details about the crash include the pcpp::PPP PPTPLayer::computeCalculateFields and...

kernel: drm/amdkfd: Fix double release compute pasid

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfdprocessdeviceinitvm returns failure after vm is converted to compute vm and vm-pasid set to compute pasid, KFD will not take pdd-drmfile reference. As a result, drm close file...

Intel® NUC Firmware Advisory

Summary: Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-34301Non-Intel issued Description:...

PT-2023-35579 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 2 crash has been reported. The crash occurs in the computeChecksum function, which is called by computeCalculateFields in the...

Invalid asset address can result to malicious Market Address and loss of fund

Lines of code Vulnerability details Impact The computeMarketAddress function is used to calculate the address where a market contract for a specific asset would be deployed. If an invalid asset address is passed, it could potentially lead to a collision with a valid market contract address, causi...

GATOR - GCP Attack Toolkit For Offensive Research, A Tool Designed To Aid In Research And Exploiting Google Cloud Environments

GATOR - GCP Attack Toolkit for Offensive Research , a tool designed to aid in research and exploiting Google Cloud Environments. It offers a comprehensive range of modules tailored to support users in various attack stages, spanning from Reconnaissance to Impact. Modules Resource Category |...

Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)

The Palo Alto Networks Product Security Assurance team is evaluating the recently disclosed denial-of-service DoS vulnerabilities in the HTTP/2 protocol including Rapid Reset CVE-2023-44487 and CVE-2023-35945. If HTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-service DDo...

aicscytoparam (>=0.1.1 <=0.1.2), aicsimageio (>=3.3.6 <=3.3.7) +45 more potentially affected by CVE-2023-4863 +1 more via imagecodecs (>=2019.12.31 <=2023.7.10)

imagecodecs PYPI version =2019.12.31, =0.1.1, =3.3.6, =1.10.0, =0.1.13, =1.2.9, =1.1.0, =1.1.15, =1.2.0, =2.0.0, =0.1.1, =0.4.0, =0.1.1, =2021.11.20, =2022.9.26 and more Source cves: CVE-2023-4863, CVE-2023-5129 Source advisory: OSV:GHSA-94VC-P8W7-5P49...