941 matches found
CVE-2023-38944
creationtimestamp| type| source ---|---|--- 2024-03-03 02:07:19+00:00| published-proof-of-concept| https://t.me/ctinow/198540 2024-03-06 01:26:09+00:00| seen| https://t.me/ctinow/200911 2024-03-06 01:26:19+00:00| seen| https://t.me/ctinow/200918...
CVE-2024-1669
creationtimestamp| type| source ---|---|--- 2024-02-21 05:26:44+00:00| seen| https://t.me/ctinow/189207 2024-02-21 05:27:01+00:00| seen| https://t.me/ctinow/189218 2024-02-22 03:50:05+00:00| seen| https://t.me/arpsyndicate/3902 2024-02-23 22:46:23+00:00| seen| https://t.me/ctinow/192245 2024-03-0...
RCE to Sliver: IR Tales from the Field
Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the sourc...
CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users e.g. mail notifications. This issue has been patched in version 15.4.99.140 of Tuleap...
CVE-2024-23652
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the...
CVE-2024-23651
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...
CVE-2024-23651
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...
Design/Logic Flaw
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...
CVE-2024-23653
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
CVE-2024-23650
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...
CVE-2024-23905
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2024-23905
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
PT-2024-2759 · Red Hat +2 · Jenkins Red Hat Dependency Analytics Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Red Hat Dependency Analytics Plugin versions 0.7.1 and earlier Description: The issue is related to the lack of Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers...
Jenkins Plugin Red Hat Dependency Analytics Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PRTG Authenticated Remote Code Execution Exploit
class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...
Amazon Linux AMI : apache-ivy (ALAS-2024-1910)
The version of apache-ivy installed on the remote host is prior to 2.2.0-5.3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1910 advisory. When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied pattern...
Design/Logic Flaw
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...
CVE-2024-23332
CVE-2024-23332 affects the Notary Project: client configurations using permissive trust policies can enable rollback attacks if a compromised registry serves outdated artifacts. The connected sources describe that artifact publishers can set signature expiry and revoke certificates to keep artifa...
CVE-2024-23332 Client configured with permissive trust policies susceptible to rollback attack in Notary Project
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...