8697 matches found
CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
CVE-2023-35946
CVE-2023-35946 is a path-traversal vulnerability in Gradle’s dependency caching. When Gradle writes a dependency into the cache, it uses the dependency coordinates to determine the file path; crafted coordinates can cause writes outside the cache or overwrite other files in the cache. This can en...
CVE-2023-35947
CVE-2023-35947 affects Gradle, a build tool. The vulnerability arises when unpacking Tar archives: Gradle did not prevent path traversal, allowing potential writes outside the unpack directory and, in reads from a Tar entry, possible disclosure of sensitive files. This is commonly referred to as ...
CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
CVE-2023-35938 User access not updated with privilege change in Tuleap
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users tha...
CVE-2023-35938
CVE-2023-35938 affects Tuleap, where during a visibility change from restricted to a more private setting, users who were project admins did not have their restricted-user access updated and could continue to access and administer the project. The issue is documented as resolved in Tuleap version...
CVE-2023-35938 User access not updated with privilege change in Tuleap
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users tha...
CVE-2023-36467
CVE-2023-36467 concerns AWS data.all, an open-source data marketplace framework. The connected sources confirm that versions 1.2.0 through 1.5.1 are vulnerable to remote code execution when an authenticated user injects Python commands into the Template field during data pipeline configuration. T...
The vulnerability of the application development environment for ISaGRAF programmable logic controllers arises from the use of an unreliable search path during the loading of dynamic libraries. This allows a hacker to execute arbitrary code.
The vulnerability in the application development environment for ISaGRAF Runtime Rockwell Automation relates to the use of an unreliable search path during the loading of dynamic libraries. Exploiting this vulnerability allows a local attacker to execute arbitrary code...
SUSE: Security Advisory (SUSE-SU-2023:2624-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...
CVE-2023-35165 AWS CDK EKS overly permissive trust policies
AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...
The vulnerability of Microsoft Visual Studio, a software development tool, and the Microsoft.NET platform allows attackers to enhance their privileges.
The vulnerability of Microsoft Visual Studio, a software development tool, and the Microsoft.NET platform is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
AWS Cloud Development Kit 安全漏洞
AWS Cloud Development Kit is an open source software development framework for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A security vulnerability exists in AWS Cloud Development Kit that stems from two roles created by eks.Cluster and eks.FargateCluster that...
Improved Testcontainers Support in Spring Boot 3.1
There's been support for Testcontainers in Spring Boot for some time now, and Spring Boot 3.1 improves it further. But first, let's take a look at what Testcontainers is and how it's usually used. Testcontainers is an open source framework for providing throwaway, lightweight instances of...
CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...
Information Exposure
gatsby is vulnerable to Information Exposure. The vulnerability exists due to a lack of local file validation in file-code-frame or original-stack-frame, which allows an attacker to access sensitive information in the system if gatsby is run in development mode...
WordPress BookIt 2.3.7 Authentication Bypass
On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for...