193 matches found
EUVD-2021-8628
Malicious code in bioql PyPI...
EUVD-2021-8630
Malicious code in bioql PyPI...
EUVD-2021-8626
Malicious code in bioql PyPI...
EUVD-2021-8627
Malicious code in bioql PyPI...
EUVD-2021-8629
Malicious code in bioql PyPI...
EUVD-2022-40893
Malicious code in bioql PyPI...
EUVD-2022-41745
Malicious code in bioql PyPI...
EUVD-2023-28821
Malicious code in bioql PyPI...
EUVD-2022-41744
Malicious code in bioql PyPI...
EUVD-2022-41746
Malicious code in bioql PyPI...
The vulnerability of the OneDev collaborative development platform, related to insufficient protection of service data, allows a hacker to read arbitrary files.
The vulnerability of the OneDev collaborative development platform is related to insufficient protection for service data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...
CVE-2024-45309
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...
CVE-2023-24828
Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...
CVE-2022-39207
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same...
CVE-2021-21250
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migratebuildSpecString; which processes the XML document withou...
CVE-2021-21245
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...
CVE-2021-21247
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener AbstractPostAjaxBehavior in all pages other than the login page. This listener decodes and deserializes the data query parameter. We can access this listener by...
CVE-2021-21246
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the /users/id endpoint there are no security checks enforced so it is possible to retrieve...
CVE-2021-21242
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the Attachment-Support header. This Servlet does not enforce any authentication or...
CVE-2021-32651
OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The...