941 matches found
CVE-2023-26054
BuildKit's CVE-2023-26054 vulnerability occurs when a build request includes a Git URL containing credentials and BuildKit creates a provenance attestation; the credentials could be exposed to anyone with access to the attestation. This affects builds using provenance attestations and VCS hints i...
@aragon/core-contracts (>=0.7.0-alpha <=0.8.0-alpha), @aragon/osx (>=1.2.0 <=1.3.0-rc0.4) +42 more potentially affected by CVE-2023-26488 via @openzeppelin/contracts-upgradeable (>=4.8.0 <=4.8.1)
@openzeppelin/contracts-upgradeable NPM version =4.8.0, =0.7.0-alpha, =1.2.0, =0.0.1, =0.0.1, =0.0.1, =1.0.4, =2.0.0, =1.0.1, =1.0.15, =1.0.27, =1.0.16, =1.0.29 and more Source cves: CVE-2023-26488 Source advisory: OSV:GHSA-878M-3G6Q-594Q...
[SECURITY] Fedora 37 Update: golang-oras-0.15.1-1.20221105git690716b.fc37
Work with OCI registries, but for secure supply chain - managing content like artifacts, images, SBOM...
[SECURITY] Fedora 36 Update: golang-oras-0.15.1-1.20221105git690716b.fc36
Work with OCI registries, but for secure supply chain - managing content like artifacts, images, SBOM...
CVE-2023-25656
The CVE affects notation-go (notaryproject) prior to 1.0.0-rc.3, where signature verification may cause memory exhaustion leading to process death and availability impact. Root cause is excessive memory use during verification; a patch is available in v1.0.0-rc.3. Remediation: upgrade to v1.0.0-r...
CVE-2023-25656 notation-go has excessive memory allocation on verification
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...
CVE-2023-25656 notation-go has excessive memory allocation on verification
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...
SUSE CVE-2014-8111
Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...
SUSE CVE-2015-7536
Cross-site scripting XSS vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts...
SUSE CVE-2017-1000105
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...
SUSE CVE-2022-37866
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...
vmwgfx Driver File Descriptor Handling Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...
org.apache.archiva:archiva-artifact-converter (>=1.4-M1 <=2.1.0), org.apache.archiva:archiva-checksum (>=1.4-M1 <=2.2.10) +74 more potentially affected by CVE-2022-40308 via org.apache.archiva:archiva-common (>=1.1 <=2.2.8)
org.apache.archiva:archiva-common MAVEN version =1.1, =1.4-M1, =1.4-M1, =1.3, =1.1, =1.1, =1.4-M3, =1.1, =1.2, =1.1, =1.1, =1.4-M4, =1.1, =1.1, =1.4-M3, =1.4-M1, =2.2.10 and more Source cves: CVE-2022-40308 Source advisory: OSV:GHSA-463W-HXFV-G9F6...
osbuild-composer bug fix and enhancement update
An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The osbuild-composer package is a service for building customized OS...
Low: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update
An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RLSA-2022:7950 Low: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...
ALSA-2022:7950 Low: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...
Low: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...
Low: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update
An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Image Builder security, bug fix, and enhancement update
An update is available for cockpit-composer, weldr-client. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Image Builder is a service for building customized OS...