1775 matches found
CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...
CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...
CVE-2024-2307
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Mitigation Mitigation for this issue is...
osbuild-composer Data Forgery Issue Vulnerability
osbuild-composer is a set of HTTP services for writing operating system images from osbuild. A data forgery issue vulnerability exists in osbuild-composer, which stems from a GPG validation condition that can be triggered to disable package repositories, and could be subject to a man-in-the-middl...
[SECURITY] Fedora 40 Update: maven-resolver-1.9.18-3.fc40
Apache Maven Artifact Resolver is a library for working with artifact repositories and dependency resolution. Maven Artifact Resolver deals with the specification of local repository, remote repository, developer workspaces, artifact transports and artifact resolution...
[SECURITY] Fedora 40 Update: maven-dependency-plugin-3.6.1-3.fc40
The dependency plugin provides the capability to manipulate artifacts. It can copy and/or unpack artifacts from local or remote repositories to a specified location...
BIT-GITLAB-2021-22167
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository...
BIT-GITLAB-2022-2455
A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing ...
Improper Authorization
github.com/stacklok/minder is vulnerable to Improper Authorization. The vulnerability due to improper input validation and insufficient access controls in handlersrepositories.go file by using GetRepository function, allowing users to manipulate the query parameters to access or delete repositori...
Over 100 Malicious AI/ML Models Found on Hugging Face Platform
As many as 100 malicious artificial intelligence AI/machine learning ML models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. "The model's payload grants the attacker a...
GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories
GitHub on Thursday announced that it's enabling secret scanning push protection by default for all pushes to public repositories. "This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you dee...
Apache Archiva Security Vulnerability
Apache Archiva is a suite of software from the Apache USA Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. A security vulnerability exists in Apache Archiva that stem...
Veeam Backup for AWS Private Network Deployment Automation
Purpose This article provides information about Veeam Backup for AWS support for private deployment mode. It will explain how to use the attached script to configure network settings for buckets used as repositories and workers used for backups. To learn more about implementing Private Deployment...
RepoReaper - An Automated Tool Crafted To Meticulously Scan And Identify Exposed .Git Repositories Within Specified Domains And Their Subdomains
RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid...
Fedora: Security Advisory for rust-git2 (FEDORA-2024-993d3a78dd)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: rust-git2-0.18.2-1.fc38
Bindings to libgit2 for interoperating with git repositories. This library is both threadsafe and memory safe and allows both reading and writing git repositories...
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics
Cybersecurity researchers have discovered two malicious packages on the Python Package Index PyPI repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttpe...
CVE-2024-1482
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...
CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...
CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...