7819 matches found
Privilege escalation
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...
Privilege escalation
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...
Pure Storage FlashBlade å FlashArray å®å Øę¼ę“
Pure Storage FlashArray and Pure Storage FlashBlade are both products of Pure Storage, Inc. the Pure Storage FlashArray is an all QLC flash storage array. the Pure Storage FlashBlade is a consolidated storage platform for file and object Pure Storage FlashBlade is a consolidated storage platform...
Pure Storage FlashBlade å FlashArray å®å Øę¼ę“
Pure Storage FlashArray and Pure Storage FlashBlade are both products of Pure Storage, Inc. the Pure Storage FlashArray is an all QLC flash storage array. the Pure Storage FlashBlade is a consolidated storage platform for file and object Pure Storage FlashBlade is a consolidated storage platform...
CVE-2022-32552
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...
CVE-2022-32553
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...
Malicious code in console-less-variables (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ece794298db615fecdf12771230e652484b7d626d61b19114cbc89431c3658a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2162 Malicious code in console-less-variables (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ece794298db615fecdf12771230e652484b7d626d61b19114cbc89431c3658a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
`array!` macro is unsound in presence of traits that implement methods it calls internally
Affected versions of this crate called some methods using auto-ref. The affected code looked like this. rust let mut arr = $crate::core::mem::MaybeUninit::uninit; let mut vec = $crate::ArrayVec::::newarr.asmutptr as mut T; In this case, the problem is that asmutptr is a method of &mut MaybeUninit...
Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens
An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs o...
Add a tme lock to VoterProxy.sol setter function
Lines of code%20external%20%7B,%7D,-function%20deposit Vulnerability details Impact More trust for user functions that are set key/critical variables should be behind a timelock. Proof of Concept%20external%20%7B,%7D,-function%20deposit Tools Used Manuel review Recommended Mitigation Steps Add a...
Path Traversal
firefox is vulnerable to Path Traversal. A remote attacker is able to use the % character in filenames to store the data outside of the intended directory using windows environment variables, such as %HOMEPATH% or %APPDATA%...
Reentrancy attack
Lines of code Vulnerability details Impact High impact. Reentrancy Attack may lead in lost of funds. Proof of Concept Reentrancy in RubiconMarket.matchouint256,ERC20,uint256,ERC20,uint256,bool c ontracts/RubiconMarket.sol1049-1108: External calls: - buybestmakerid,minmpayamt,t...
EulerOS 2.0 SP3 : hesiod (EulerOS-SA-2022-1729)
According to the versions of the hesiod package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment...
Malware in ctx
The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code that collected the content of os.environ.items when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query...
USN-4781-1 slurm-llnl vulnerabilities
It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10030 It was discovered that Slurm mishandled SPAN...
Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin
Jenkins Project Inheritance Plugin 19.08.02 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...
GHSA-XJ4W-R6GR-X5QM Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin
Jenkins Project Inheritance Plugin 19.08.02 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...
GHSA-FH5W-P2J4-4P8X Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin
Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 includes a feature to replace placeholders in pod template and container template fields with environment variable values. This feature allows low-privilege users to access possibly sensitive Jenkins controller environment...
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin
Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 includes a feature to replace placeholders in pod template and container template fields with environment variable values. This feature allows low-privilege users to access possibly sensitive Jenkins controller environment...