7817 matches found
CVE-2021-30913
The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables...
CVE-2021-30913
The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables...
Compilation database: An alternative way to configure your C or C++ analysis
Analyzing C or C++ code requires - in addition to the source code - the configuration that is used to build the code. At SonarSource, we have provided a tool to automate the extraction of this information, the build wrapper. This tool has been used successfully with many projects, yet there are...
CVE-2021-22252
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...
CVE-2021-22252
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...
Type confusion
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...
CVE-2021-22252
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...
UBUNTU-CVE-2021-22252
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...
CVE-2021-22252
CVE-2021-22252 describes a logic issue in GitLab CE/EE where a confusion between tag and branch names since version 13.7 allowed a Developer to access protected CI variables that should be Maintainer-only. Affected: GitLab CE/EE, all versions since 13.7. Root cause: misinterpretation between tag ...
CVE-2021-22252
Removed by vendor...
PT-2021-6602 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7 and later Description: The issue is related to a confusion between tag and branch names in GitLab, allowing a remote attacker to access confidential data. Specifically, it enables a Developer to access protected CI...
curl supports the `-t` command line option known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
...
4images 1.8 SQL Injection
Exploit Title: 4images 1.8 - 'limitnumber' SQL Injection Authenticated Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.8 Tested on: Linux Source Analysis: Line 658 - User action defined if $action == "findimages" Line 661 - Vulnerable condition...
CVE-2020-28397
A vulnerability has been identified in SIMATIC Drive Controller family All versions V2 V2.5 V2.5 V21.9, TIM 1531 IRC incl. SIPLUS NET variants Version V2.1. Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program...
CVE-2020-28397
A vulnerability has been identified in SIMATIC Drive Controller family All versions V2 V2.5 V2.5 V21.9, TIM 1531 IRC incl. SIPLUS NET variants Version V2.1. Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program...
Gitlab -- Gitlab
Gitlab reports: Stored XSS in Mermaid when viewing Markdown files Stored XSS in default branch name Perform Git actions with an impersonation token even if impersonation is disabled Tag and branch name confusion allows Developer to access protected CI variables New subscriptions generate OAuth...
Malicious Package
Overview acookie is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the acookie package. Credit: Snyk Research...
Malicious Package
Overview vscode-npm-script is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the vscode-npm-script package. Credit: Snyk Research...
Malicious Package
Overview firebase-extensions is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the firebase-extensions package. Credit: Snyk Research...
SUSE-SU-2021:2473-1 Security update for slurm
This update for slurm fixes the following issues: Updated to 20.11.7 Summary of new features: CVE-2021-31215: Fixed a remote code execution as SlurmUser bsc1186024. slurmd - handle configless failures gracefully instead of hanging indefinitely. select/constres - fix Dragonfly topology not selecti...