Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

Impact The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. Patch...

Malicious Package

Overview paychex-common-npm is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-common-npm package. Credit: Snyk Research...

Malicious Package

Overview paychex-framework-core-ui is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework-core-ui package. Credit: Snyk Research...

Malicious Package

Overview paychex-framework-forms is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework-forms package. Credit: Snyk Research...

Malicious Package

Overview paychex-framework-approvals is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework-approvals package. Credit: Snyk Research...

Malicious Package

Overview paychex-framework is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework package. Credit: Snyk Research...

Malicious Package

Overview paychex-app-common-html is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-app-common-html package. Credit: Snyk Research...

CVE-2021-27363

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsitransport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file...

Information Disclosure

containerd is vulnerable to information disclosure. The vulnerability exists through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect environment variables, including...

OESA-2021-1043 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug wa...

grub2 code execution vulnerability

grub2 is a Linux system boot program from the GNU community. A security vulnerability exists in versions of grub2 prior to 2.06 where it incorrectly enables the ACPI command when enabling secure boot. The vulnerability allows an attacker with privileged access to create an auxiliary system...

container-tools:2.0 security update

buildah 1.11.6-8.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-8 - exclude i686 arch - Related: 1821193 1.11.6-7 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file...

GitLab 安全漏洞

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...

CVE-2021-21334

In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...

EulerOS Virtualization 3.0.6.6 : perl (EulerOS-SA-2021-1508)

According to the version of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment...

jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...

CVE-2021-23960

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

DEBIAN-CVE-2021-23960

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

Code injection

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

Nagios XI 5.7.5 Remote Code Execution Exploit

nagios-xi-5.7.5-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php Code snippet php if !empty$pluginoutputlen $diskwmicommand .= " --forcetruncateoutput " . $pluginoutputlen; $servicewmicommand .= "...