Lucene search
K

942 matches found

Vulnrichment
Vulnrichment
added 2024/04/19 2:25 p.m.17 views

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

8CVSS8AI score0.01095EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.7 views

PT-2024-27175 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 Description: A server side reques...

8CVSS7.4AI score0.01095EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.3 views

PT-2024-4739 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: An issue in GitLab CE/EE allows private job artifacts to be accessed by any user due to improper...

6.8CVSS6.9AI score0.00427EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2024/04/15 11:12 p.m.3 views

SUSE CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

4.2CVSS7.1AI score0.00851EPSS
Exploits1References5
Veracode
Veracode
added 2024/04/15 9:2 a.m.21 views

Denial Of Service (DOS)

github.com/sigstore/cosign is vulnerable to a Denial of Service DoS. The vulnerability is due to allocating excessive memory when creating slices based on the number of signatures, manifests, or attestations in untrusted artifacts. This flaw allows an attacker to trigger a Denial of Service via...

7.5CVSS4.2AI score0.00851EPSS
Exploits1References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/15 12:0 a.m.5 views

The vulnerability of the Jenkins Red Hat Dependency Analytics plugin, related to improper input handling during the creation of web pages, allows attackers to execute XSS attacks with control over files in the working areas.

The vulnerability of the Jenkins Red Hat Dependency Analytics plugin is related to the lack of Content-Security-Policy protection for user-generated content in working areas, archived artifacts, etc., which Jenkins provides for loading. Exploiting this vulnerability allows a malicious actor to...

5.5CVSS5.8AI score0.00564EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/04/11 5:15 p.m.22 views

GHSA-95PR-FXF5-86GV Cosign malicious artifacts can cause machine-wide DoS

Maliciously-crafted software artifacts can cause denial of service of the machine running Cosign, thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted...

4.2CVSS6AI score0.00851EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/04/10 10:30 p.m.35 views

CVE-2024-29903 Cosign vulnerable to machine-wide denial of service via malicious artifacts

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

4.2CVSS4.8AI score0.00851EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2024/04/10 10:30 p.m.4 views

CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

7.5CVSS5.6AI score0.00851EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.6 views

PT-2024-23124 · Cosign +1 · Cosign +1

Name of the Vulnerable Software and Affected Versions: Cosign versions prior to 2.2.4 Description: Cosign provides code signing and transparency for containers and binaries. Maliciously-crafted software artifacts can cause denial of service of the machine running Cosign, thereby impacting all...

7.5CVSS6.9AI score0.00851EPSS
Exploits1References33
Veracode
Veracode
added 2024/04/02 8:42 a.m.22 views

Cross-Site Scripting (XSS)

Jenkins is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of workspaces and archived artifacts, allowing remote authenticated users to inject arbitrary web scripts or HTML...

5.4CVSS6AI score0.01251EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/29 4:15 p.m.25 views

CVE-2024-30246

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which...

7.6CVSS7.6AI score0.00621EPSS
Exploits0References4
CVE
CVE
added 2024/03/29 3:50 p.m.62 views

CVE-2024-30246

CVE-2024-30246 affects Tuleap Community Edition before 15.7.99.6 and Tuleap Enterprise Edition before 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, 14.12-6. The vulnerability lets a malicious user delete information on the instance and may lead to disclosure of restricted artifa...

7.6CVSS7.6AI score0.00621EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2024/03/14 10:23 a.m.37 views

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant PCA to execute malicious commands. "The Program Compatibility Assistant Service pcalua.exe is a Windows service designed to identify and address...

7.8AI score
Exploits0
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.20 views

Fedora: Security Advisory for maven-dependency-plugin (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.26 views

[SECURITY] Fedora 40 Update: maven-dependency-analyzer-1.13.2-6.fc40

Analyzes the dependencies of a project for undeclared or unused artifacts. Warning: Analysis is not done at source but bytecode level, then some cases a re not detected constants, annotations with source-only retention, links in javadoc which can lead to wrong result if they are the only use of a...

8.8CVSS9AI score0.02557EPSS
Exploits3
OSV
OSV
added 2024/03/06 11:23 a.m.20 views

BIT-GITLAB-2020-13274

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1...

7.5CVSS7.3AI score0.01149EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:15 a.m.20 views

BIT-GITLAB-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

7.5CVSS7.3AI score0.0082EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:2 a.m.30 views

BIT-JENKINS-2021-21615

Jenkins LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

5.3CVSS5.5AI score0.00899EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:0 a.m.30 views

BIT-ORAS-2021-21272 zip slip in ORAS

ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloade...

7.7CVSS7.5AI score0.01448EPSS
Exploits0References5
Rows per page
Query Builder