52 matches found
Nx 安全漏洞
Nx is an application from Nx, Inc. A security vulnerability exists in Nx that stems from a design flaw in the bucket-based remote cache that could lead to the injection of compromised artifacts into a trusted production environment...
PT-2025-24926 · Nx +1 · Aws S3 Remote Cache Plugin For Nx +6
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A critical security issue exists in remote cache extensions for common build systems that utilize bucket-based remote cache, such as those using Amazon S3 or Google Cloud Storage. This issue...
SUSE-SU-2025:20107-1 Security update for buildkit
This update for buildkit fixes the following issues: - Update to version 0.12.5: update runc to v1.1.12 exec: add extra validation for submount sources fixes CVE-2024-23651, bsc1219267 oci: fix error handling on submount calls executor: recheck mount stub path within root after container run fixe...
Security update for buildkit
This update for buildkit fixes the following issues: Update to version 0.12.5: update runc to v1.1.12 exec: add extra validation for submount sources fixes CVE-2024-23651, bsc1219267 oci: fix error handling on submount calls executor: recheck mount stub path within root after container run fixes...
OESA-2024-2422 sbt security update
sbt is the simple build tool for Scala and Java projects. Security Fixes: sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code...
CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...
SUSE CVE-2010-2431
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the 1 /var/cache/cups/remote.cache or 2 /var/cache/cups/job.cache file...
Open-Xchange OX App Suite 操作系统命令注入漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An operating system command injection vulnerability exists in Open-Xchange OX App Suite versions 7.10.6 and below, which stems from a compatibility layer of the documentconverter API that can b...
The vulnerability of the Dnsmasq DNS server lies in its improperly implemented security checks for standard elements, allowing attackers to execute a DNS cache poisoning attack.
The vulnerability of the Dnsmasq DNS server is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to execute a DNS cache poisoning attack remotely...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...
CVE-2020-25926
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...
Vulnerabilities fixed in Squid
Squid's developers have fixed three vulnerabilities. Of one vulnerability no CVE-id is known. The vulnerabilities allow a remote malicious party the ability to use cache poisoning to potentially gain access to sensitive data, or to cause a Denial-of-Service. The developers have released updates t...
The vulnerability of Cisco IPS’s intrusion detection system’s microprogramming software allows a remote attacker to trigger a service failure.
The vulnerability of the Context Directory Agent component allows a remote attacker to modify device cache using specially crafted RADIUS protocol packets...
djbdns 1.05 Long Response Packet Remote Cache Poisoning Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33937/info The 'djbdns' package is prone to a remote cache-poisoning vulnerability. An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or...
WordPress TimThumb Plugin - Remote Code Execution
Exploit for php platform in category web applications Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link:...
WordPress Plugin TimThumb 1.32 - Remote Code Execution
WordPress Plugin TimThumb 1.32 - Remote Code Execution Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link:...
cups: latent privilege escalation vulnerability
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the 1 /var/cache/cups/remote.cache or 2 /var/cache/cups/job.cache file...
DEBIAN-CVE-2010-2431
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the 1 /var/cache/cups/remote.cache or 2 /var/cache/cups/job.cache file...
CVE-2010-2431
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the 1 /var/cache/cups/remote.cache or 2 /var/cache/cups/job.cache file...