Lucene search
K

941 matches found

OpenVAS
OpenVAS
added 2022/07/23 12:0 a.m.8 views

Fedora: Security Advisory for osbuild-composer (FEDORA-2022-99d17387ea)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/20 1:40 a.m.26 views

[SECURITY] Fedora 35 Update: osbuild-composer-56-2.fc35

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients...

0.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/07/15 5:17 a.m.5 views

io.apicurio:apicurio-registry-tenant-manager-api (>=2.0.0.Final <=2.0.2.Final), io.dekorate:core-junit (>=2.0.0 <=2.4.1) +105 more potentially affected by CVE-2021-4178 via io.fabric8:kubernetes-client (>=5.1.0 <=5.1.1)

io.fabric8:kubernetes-client MAVEN version =5.1.0, =2.0.0.Final, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.4.1 and more Source cves: CVE-2021-4178 Source advisory: OSV:GHSA-98G7-RXMF-RRXM...

6.7CVSS6.8AI score0.00309EPSS
Exploits0
NVD
NVD
added 2022/07/14 8:15 p.m.20 views

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS0.00467EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/07/14 8:15 p.m.19 views

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS5.9AI score0.00467EPSS
Exploits0References3
OSV
OSV
added 2022/07/14 8:15 p.m.1 views

UBUNTU-CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS5.9AI score0.00467EPSS
Exploits0References4
Fedora
Fedora
added 2022/07/09 1:24 a.m.17 views

[SECURITY] Fedora 36 Update: osbuild-composer-56-1.fc36

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients...

0.9AI score
Exploits0
OSV
OSV
added 2022/06/20 8:17 p.m.10 views

MAL-2022-6434 Malicious code in teamcity-build-artifacts-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235e70f767d4caae7345fc80ce5bf59a7609ad9293fb2e2a74f70477ae9cac1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.3 views

Malicious code in teamcity-build-artifacts-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235e70f767d4caae7345fc80ce5bf59a7609ad9293fb2e2a74f70477ae9cac1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.3 views

Malicious code in teamcity-build-artifacts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cade57254eb5cf373a486779a399b9ef62a40071ee86e84f5c8517c39bd231e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:17 p.m.7 views

MAL-2022-6433 Malicious code in teamcity-build-artifacts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cade57254eb5cf373a486779a399b9ef62a40071ee86e84f5c8517c39bd231e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:11 p.m.3 views

Malicious code in synapse-artifacts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0e1e584725221a12679c41002914f98d62a8350234cecb0d4c19abe4d3b301d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:11 p.m.6 views

MAL-2022-6384 Malicious code in synapse-artifacts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0e1e584725221a12679c41002914f98d62a8350234cecb0d4c19abe4d3b301d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2022/05/27 9:30 p.m.20 views

LEAF - Linux Evidence Acquisition Framework

Linux Evidence Acquisition Framework LEAF acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules and parameters as input, LEAF is able to use smart analysis to extract Linux artifact...

6.8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/24 10:0 p.m.5 views

cn.acooly:acooly-auth-google-authenticator (=5.2.1), cn.acooly:acooly-auth-parent (=5.2.1) +238 more potentially affected by CVE-2019-1010206 via com.github.kevinsawicki:http-request (>=0.6 <=6.0)

com.github.kevinsawicki:http-request MAVEN version =0.6, =6.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.kevinsawicki:http-request and may be impacted: - cn.acooly:acooly-auth-google-authenticator =5.2.1 - cn.acooly:acooly-auth-parent...

5.9CVSS6.2AI score0.0057EPSS
Exploits0
OSV
OSV
added 2022/05/24 7:16 p.m.3 views

GHSA-4PW5-R58H-FV24 Path traversal vulnerability on Windows in Jenkins

The file browser for workspaces, archived artifacts, and userContent/ in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows. This results in a path traversal vulnerability allowing attackers with Overall/Read permission Windows controller o...

6.5CVSS6AI score0.02103EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:44 p.m.24 views

Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...

8.1CVSS1.5AI score0.00434EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 4:44 p.m.12 views

GHSA-FG2Q-V428-2GPH Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...

8.1CVSS8.1AI score0.00434EPSS
Exploits0References3
OSV
OSV
added 2022/05/23 7:16 a.m.3 views

CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation...

6.5CVSS5.8AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/20 11:19 p.m.28 views

CVE-2019-10249

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...

8.1CVSS0.8AI score0.00645EPSS
Exploits1References1
Rows per page
Query Builder