361 matches found
EXOCET - AV-evading, Undetectable, Payload Delivery Tool
EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode Galois/Counter Mode. Metasploit's Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, i...
GHSA-VRW4-W73R-6MM8 TimelockController vulnerability in OpenZeppelin Contracts
Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...
GHSA-FG47-3C2X-M2WR TimelockController vulnerability in OpenZeppelin Contracts
Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...
Privilege Escalation
@openzeppelin/contracts is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization of roles in the TimelockController function which allowed an actor with executor role to escalate privileges...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Code injection
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Code injection
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39167 TimelockController vulnerability in OpenZeppelin Contracts
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZeppelin's TimelockController vulnerability (OpenZeppelin Contracts) allows an actor with the executor role to escalate privileges. Affected: TimelockController in OpenZeppelin Contracts (readable as part of the OpenZeppelin Contracts library). Root cause: insufficient sanitization/controls a...
OpenZepplin 安全漏洞
OpenZepplin is a library for smart contract development. OpenZepplin has a security vulnerability that stems from a vulnerability in the TimelockController in the affected version that allows elevation of privilege for participants with the executor role...
OpenZepplin 安全漏洞
OpenZepplin is a library for smart contract development. A security vulnerability exists in OpenZepplin that allows a participant with the role of executor to elevate privileges...
PYSEC-2021-122
If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...
Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments And Gives Recommendations For Standard Practices
For complete documentation visit www.botkube.io BotKube integration with Slack, Mattermost or Microsoft Teams helps you monitor your Kubernetes cluster, debug critical deployments and gives recommendations for standard practices by running checks on the Kubernetes resources. You can also ask...
MK-AUTH Cross-Site Request Forgery Vulnerability
MK-AUTH is an access control system developed by Pedro Filho, an individual developer in Brazil. A cross-site request forgery vulnerability exists in MK-AUTH through version 19.01 K4.9, which allows passwords to be changed via the central executor central.php. No details of the vulnerability are...
openSUSE Security Update : pacemaker (openSUSE-2020-1825)
This update for pacemaker fixes the following issues : - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: add vim modelines to agents - extra: quote shell variables in agent code where appropriate bsc1175557 - extra: remove trailing whitespace from...
CVE-2020-13347
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...
Command injection
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...
UBUNTU-CVE-2020-13347
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...