284 matches found
kernel security, bug fix, and enhancement update
5.14.0-70.26.1.0.10.OL9 - lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 5.14.0-70.26.10.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...
[SECURITY] Fedora 36 Update: golang-github-xordataexchange-crypt-0.0.2-13.20190412gitb2862e3.fc36
Store and retrieve encrypted configs from etcd or consul...
Directory Traversal
snyk-broker is vulnerable to directory traversal. The vulnerability exists in exports function in index.js when reading configs which allows an attacker to traverse through the directories to read and write on files...
[SECURITY] Fedora 35 Update: golang-github-xordataexchange-crypt-0.0.2-12.20190412gitb2862e3.fc35
Store and retrieve encrypted configs from etcd or consul...
[SECURITY] Fedora 35 Update: butane-0.15.0-2.fc35
Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition...
SUSE-SU-2022:2350-1 Security update for ignition
This update for ignition fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products bsc1199524. - Update to version 2.14.0...
[SECURITY] Fedora 36 Update: butane-0.15.0-1.fc36
Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition...
PT-2022-20525 · Weave · Weave Gitops
Name of the Vulnerable Software and Affected Versions: Weave GitOps versions prior to v0.8.1-rc.6 Description: A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters,...
MAL-2022-7066 Malicious code in web-configs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c96b10bfd307d8850ad62247ed233edf387ccec0c174af46412861b3f84be1ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tslint-test-configs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c84e254323b3ad1b3ee780e2e47a5c05d326d02f96418f636385f3092a4890eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6669 Malicious code in tslint-test-configs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c84e254323b3ad1b3ee780e2e47a5c05d326d02f96418f636385f3092a4890eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ymaps-host-configs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 136bf526edbd571631aa2b5414a822e072a10ab05d59c65282b999ead02f668d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7355 Malicious code in ymaps-host-configs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 136bf526edbd571631aa2b5414a822e072a10ab05d59c65282b999ead02f668d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CLSA-2022-1653507443 Update of copy-jdk-configs
commented out requires lua-posix, it was always commented out in el8, never in fedora. IDK...
Arbitrary file read vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...
Arbitrary file write vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...
GHSA-QV6Q-4JWX-7J5C Arbitrary file write vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...
GHSA-85WG-CG5P-M76P Arbitrary file read vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...
Jenkins Storable Configs Plugin跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Storable Configs Plugin 1.0 and...
Jenkins Storable Configs Plugin XML External Entity Injection Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An XML external entity injection...