Lucene search
K

941 matches found

CVE
CVE
added 2023/03/06 6:5 p.m.218 views

CVE-2023-26054

BuildKit's CVE-2023-26054 vulnerability occurs when a build request includes a Git URL containing credentials and BuildKit creates a provenance attestation; the credentials could be exposed to anyone with access to the attestation. This affects builds using provenance attestations and VCS hints i...

6.5CVSS6.6AI score0.01026EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/03/03 8:2 p.m.5 views

@aragon/core-contracts (>=0.7.0-alpha <=0.8.0-alpha), @aragon/osx (>=1.2.0 <=1.3.0-rc0.4) +42 more potentially affected by CVE-2023-26488 via @openzeppelin/contracts-upgradeable (>=4.8.0 <=4.8.1)

@openzeppelin/contracts-upgradeable NPM version =4.8.0, =0.7.0-alpha, =1.2.0, =0.0.1, =0.0.1, =0.0.1, =1.0.4, =2.0.0, =1.0.1, =1.0.15, =1.0.27, =1.0.16, =1.0.29 and more Source cves: CVE-2023-26488 Source advisory: OSV:GHSA-878M-3G6Q-594Q...

6.5CVSS6.5AI score0.00713EPSS
Exploits0
Fedora
Fedora
added 2023/02/23 2:21 a.m.27 views

[SECURITY] Fedora 37 Update: golang-oras-0.15.1-1.20221105git690716b.fc37

Work with OCI registries, but for secure supply chain - managing content like artifacts, images, SBOM...

9.3CVSS8.4AI score0.05623EPSS
Exploits1
Fedora
Fedora
added 2023/02/23 1:26 a.m.36 views

[SECURITY] Fedora 36 Update: golang-oras-0.15.1-1.20221105git690716b.fc36

Work with OCI registries, but for secure supply chain - managing content like artifacts, images, SBOM...

9.3CVSS8.4AI score0.05623EPSS
Exploits1
CVE
CVE
added 2023/02/20 12:0 a.m.397 views

CVE-2023-25656

The CVE affects notation-go (notaryproject) prior to 1.0.0-rc.3, where signature verification may cause memory exhaustion leading to process death and availability impact. Root cause is excessive memory use during verification; a patch is available in v1.0.0-rc.3. Remediation: upgrade to v1.0.0-r...

7.5CVSS7.4AI score0.0044EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/20 12:0 a.m.9 views

CVE-2023-25656 notation-go has excessive memory allocation on verification

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

7.5CVSS7AI score0.0044EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/20 12:0 a.m.36 views

CVE-2023-25656 notation-go has excessive memory allocation on verification

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

7.5CVSS7.7AI score0.0044EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.4 views

SUSE CVE-2014-8111

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

5CVSS6.4AI score0.07109EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.3 views

SUSE CVE-2015-7536

Cross-site scripting XSS vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts...

5.4CVSS5.4AI score0.01251EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.5 views

SUSE CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...

5.3CVSS5.3AI score0.00897EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.1 views

SUSE CVE-2022-37866

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

6.3CVSS8.9AI score0.01596EPSS
Exploits0References7
0day.today
0day.today
added 2023/02/01 12:0 a.m.328 views

vmwgfx Driver File Descriptor Handling Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...

7.8CVSS7.1AI score0.02579EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/11/15 7:0 p.m.4 views

org.apache.archiva:archiva-artifact-converter (>=1.4-M1 <=2.1.0), org.apache.archiva:archiva-checksum (>=1.4-M1 <=2.2.10) +74 more potentially affected by CVE-2022-40308 via org.apache.archiva:archiva-common (>=1.1 <=2.2.8)

org.apache.archiva:archiva-common MAVEN version =1.1, =1.4-M1, =1.4-M1, =1.3, =1.1, =1.1, =1.4-M3, =1.1, =1.2, =1.1, =1.1, =1.4-M4, =1.1, =1.1, =1.4-M3, =1.4-M1, =2.2.10 and more Source cves: CVE-2022-40308 Source advisory: OSV:GHSA-463W-HXFV-G9F6...

7.5CVSS7.1AI score0.01192EPSS
Exploits0
Rockylinux
Rockylinux
added 2022/11/15 3:35 p.m.18 views

osbuild-composer bug fix and enhancement update

An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The osbuild-composer package is a service for building customized OS...

1.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/15 12:38 p.m.44 views

Low: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.5CVSS6.7AI score0.0198EPSS
Exploits1References14
OSV
OSV
added 2022/11/15 6:11 a.m.25 views

RLSA-2022:7950 Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...

6.5CVSS7.4AI score0.0198EPSS
Exploits1References13
OSV
OSV
added 2022/11/15 12:0 a.m.21 views

ALSA-2022:7950 Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...

7.5CVSS7.5AI score0.0198EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2022/11/15 12:0 a.m.47 views

Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...

7.5CVSS7.8AI score0.0198EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/11/08 9:47 a.m.40 views

Low: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.5CVSS6.7AI score0.0198EPSS
Exploits1References10
Rockylinux
Rockylinux
added 2022/11/08 6:22 a.m.37 views

Image Builder security, bug fix, and enhancement update

An update is available for cockpit-composer, weldr-client. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Image Builder is a service for building customized OS...

7.5CVSS7.8AI score0.0198EPSS
Exploits1
Rows per page
Query Builder