CVE-2023-32982

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins Plugin Ansible 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-24115 · Jenkins · Jenkins Ansible Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Plugin versions 204.v8191fd551eb f and earlier Description: The issue concerns the storage of extra variables, often used to pass secrets, in an unencrypted manner in job config.xml files on the Jenkins controller. These...

PT-2023-24116 · Jenkins · Jenkins Ansible Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Plugin versions 204.v8191fd551eb f and earlier Description: The issue concerns the Jenkins Ansible Plugin, which allows the specification of extra variables that can be passed to Ansible, commonly used to pass secrets. These...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:2203-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2203-1 advisory. - CVE-2021-32751: Fixed arbitrary code execution in application plugin and the gradlew script bsc1188569...

Vyper vulnerable to integer overflow in loop

Impact Due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. In the following example, calling test returns 354, meaning that the variable a did store 354 a value out of bound for the type uint8. Vyp...

Teltonika RUT router 安全漏洞

Teltonika RUT router is a series of industrial routers. A security vulnerability exists in Teltonika RUT router versions 00.07.00 through 00.07.03.4, which stems from variables used for authentication checks being stored in an external configuration file. An attacker could exploit the vulnerabili...

CVE-2023-32058

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

Vyper 输入验证错误漏洞

Vyper is the Pythonic smart contract language for EVM. An input validation error vulnerability exists in versions of Vyper prior to 0.3.8, which stems from a lack of overflow checking for cyclic variables...

Imprecise block calculation

Lines of code Vulnerability details Vulnerability details Impact @dev Roughly equivalent to the number of blocks in 7 days. @dev Roughly equivalent to the number of blocks in 90 days. @dev Roughly equivalent to the number of blocks in 10 days. As described in the NatSpec comment above these are...

kernel: icmp: Fix data-races around sysctl.

A flaw was found in the Linux kernel's ICMP protocol. A race condition can occur when reading the ICMP sysctl variables due to a missing lock, potentially impacting system stability and resulting in a denial of service...

kernel: cipso: Fix data-races around sysctl.

In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READONCE to avoid data-races...

EulerOS 2.0 SP11 : sudo (EulerOS-SA-2023-1770)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR,...

EulerOS 2.0 SP11 : sudo (EulerOS-SA-2023-1792)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR,...

AppDomain Manager Injection: New Techniques For Red Teams

AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin Living Off the Land Binary by forcing the application to load a specially crafted .NET assembly,...

State variables are initialized in an upgradeable contract + there is constructor

Lines of code Vulnerability details Impact Due to a requirement of the proxy-based upgradeability system, no constructors can be used in upgradeable contracts. State variables are initialized in an upgradeable contract Proof of Concept See -upgradeableavoid-initial-values-in-field-declarations...

CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

UBUNTU-CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...