Lucene search
K

1393 matches found

Prion
Prion
added 2022/09/06 7:15 p.m.464 views

Design/Logic Flaw

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

5CVSS4.9AI score0.00775EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/06 6:20 p.m.27 views

CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

5.3CVSS6AI score0.00775EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2022/08/30 2:43 p.m.15 views

Microsoft is committed to the success of Java developers

Hi, Spring fans! This is a guest post from our friend Julia Liuson, President, Developer Division, Microsoft As a company, we are committed to making Java developers as efficient and productive as possible. This commitment means empowering you to use any tool, framework, and application server on...

7.4AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2022/08/20 11:11 a.m.100 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Description Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to ...

5CVSS6.5AI score0.05029EPSS
Exploits2Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/08/17 12:0 a.m.14 views

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows...

4.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/01 1:58 p.m.21 views

Shift Left: Secure Your Innovation Pipeline

There’s no shortage of buzzwords in the tech world. Some are purely marketing spin. But others are colloquial ways for the industry to talk about complex topics that have a massive impact on how organizations and teams drive innovation and work more efficiently. Here at Rapid7, we believe the...

Exploits0
The Hacker News
The Hacker News
added 2022/07/29 10:5 a.m.22 views

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber...

0.1AI score
Exploits0
OSV
OSV
added 2022/07/27 10:5 p.m.23 views

GHSA-8274-H5JP-97VR Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack

Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...

6.1CVSS6.3AI score0.00594EPSS
Exploits0References8
CNVD
CNVD
added 2022/07/08 12:0 a.m.23 views

HCL Technologies HCL Launch Information Disclosure Vulnerability

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from storing...

5.5CVSS5.1AI score0.00423EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/08 12:0 a.m.39 views

HCL Technologies HCL Launch Information Disclosure Vulnerability (CNVD-2022-58411)

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from the...

5.5CVSS5.2AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.5 views

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from storing...

5.5CVSS5.6AI score0.00423EPSS
Exploits0References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/06/30 12:0 a.m.7 views

DevOps vs SRE: Differences & Similarities

While DevOps and site reliability engineering teams often work together and have shared goals, there are important distinctions between the two. This article explores the differences between their functions and responsibilities...

2.6AI score
Exploits0
Kitploit
Kitploit
added 2022/06/28 12:30 p.m.18 views

secureCodeBox (SCB) - Continuous Secure Delivery Out Of The Box

secureCodeBox is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box. For additional documentation aspects please have a look at our documentation website:...

7.5AI score
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/06/22 12:0 a.m.10 views

Azure vs. AWS Developer Tools

Both AWS and Azure developer tools provide key efficiencies in your DevOps environment, learn the comparison between tools, any overlap, and use cases for both...

2.5AI score
Exploits0
OSV
OSV
added 2022/06/20 8:21 p.m.8 views

MAL-2022-6035 Malicious code in servicenow_cicd_azuredevops (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98a23171679bfa9a049d94bfb3237b0fec15acf590f8517b59255ef1285829c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Imperva Blog
Imperva Blog
added 2022/06/16 12:56 p.m.15 views

7 Facts About Insider Threats That Should Make you Rethink Data Security

In the report, Insider Threats Drive Data Protection Improvements, Forrester Research asserts that most organizations are making positive steps toward protecting the sensitive data they are migrating to the cloud. However, Forrester suggests that many have not devised a comprehensive plan that...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/03 3:1 p.m.59 views

GitLab Issues Security Patch for Critical Account Takeover Vulnerability

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of...

1.4AI score0.15471EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.25 views

Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4.5AI score0.00852EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:3 p.m.11 views

GHSA-8RFC-V3VJ-J62W Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.2AI score0.00852EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:3 p.m.17 views

GHSA-PV4C-RJ4H-GR9M Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.6AI score0.00691EPSS
Exploits0References3
Rows per page
Query Builder