EUVD-2024-53110

Malicious code in bioql PyPI...

EUVD-2024-53109

Malicious code in bioql PyPI...

CVE-2024-56324

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

CVE-2024-56324

GoCD versions prior to 24.4.0 allow group admins to abuse the ability to edit raw XML configuration for groups, triggering an XML External Entity (XXE) injection on the GoCD server. This can potentially lead to SSRF, information disclosure, and directory traversal, though exploitation specifics a...

CVE-2024-56321

CVE-2024-56321 (GoCD) affects GoCD 18.9.0–24.4.0. The issue allows admins to abuse the backup configuration “post-backup script” to run arbitrary scripts on the hosting server/container as the GoCD user. In practice, impact is limited since an admin typically has host permissions, but in restrict...

CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

GoCD 代码问题漏洞

GoCD is an open source continuous delivery server from GoCD. A code issue vulnerability exists in GoCD versions prior to 24.5.0 that stems from allowing abuse of the ability to edit raw XML configurations, which triggers an XML External Entity XXE injection vulnerability...

Sentry Security Vulnerability

SENTRY is a bug tracking and performance monitoring platform for developers from SENTRY, Inc. A security vulnerability exists in Sentry versions 24.3.0 through 24.5.0, which stems from a Slack integration that discloses deprecated authentication tokens in logs...

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0640-1)

This is a MozillaThunderbird update to version 24.5.0 : - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards - MFSA 2014-37/CVE-2014-1523 bmo969226 Out of bounds read while decoding JPG images - MFSA 2014-38/CVE-2014-1524 bmo989183 Buffer overflow when using non-XBL object as XBL - MF...

CentOS Update for firefox CESA-2014:0448 centos5

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2014:0448 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...