Jenkins Plugin Script Security 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software ... A security vulnerabili...

PT-2024-25716 · Jenkins · Jenkins Script Security Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1335.vf07d9ce377a e and earlier Description: A sandbox bypass issue involves sandbox-defined classes that shadow specific non-sandbox-defined classes, allowing attackers with permission to define and ru...

DEBIAN-CVE-2024-26992

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host...

UBUNTU-CVE-2024-26976

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

kernel: untrusted VMM can trigger int80 syscall handling

A flaw was found in the Linux kernel. A VMM can inject external interrupts on any arbitrary vector at any time, which may allow the guest OS to be manipulated from the VMM side...

kernel: untrusted VMM can trigger int80 syscall handling

A flaw was found in the Linux kernel. A VMM can inject external interrupts on any arbitrary vector at any time, which may allow the guest OS to be manipulated from the VMM side...

PT-2024-25172 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version ff9ff8f Description: A segmentation violation was discovered in Jerryscript via the vm loop component at jerry-core/vm/vm.c. Recommendations: For Jerryscript version ff9ff8f, consider avoiding the use of the vm loop...

PYSEC-2024-209

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

PYSEC-2024-163

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a default function is a very sparsely...

PYSEC-2024-209

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

PYSEC-2024-208

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

PYSEC-2024-207

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-32649

Vyper CVE-2024-32649 affects versions 0.3.10 and earlier, where the sqrt builtin’s build_IR does not cache its argument, allowing potential double evaluation when the argument has side-effects. The affected component is the sqrt builtin in Vyper’s IR generation, leading to multiple evaluations of...

CVE-2024-32649 vyper performs double eval of the argument of sqrt

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

CVE-2024-32648 vyper default functions don't respect nonreentrancy keys

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a default function is a very sparsely...

CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

CVE-2024-32647

Vyper vulnerability CVE-2024-32647 concerns the create_from_blueprint builtin prior to version 0.3.11. The root cause is that the _build_create_IR path does not cache the args parameter on the stack when raw_args=True and args have side-effects, allowing the argument to be evaluated multiple time...

CVE-2024-32646

Vyper CVE-2024-32646 affects the Pythonic smart contract language. The vulnerability concerns the builtin slice when the buffer is msg.data, self.code, or .code and either the start or length has side-effects, causing a double evaluation of those side-effects. It is triggerable only in versions e...

CVE-2024-32645 vyper performs incorrect topic logging in raw_log

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...