941 matches found
Fedora: Security Advisory for osbuild-composer (FEDORA-2022-99d17387ea)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 35 Update: osbuild-composer-56-2.fc35
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients...
io.apicurio:apicurio-registry-tenant-manager-api (>=2.0.0.Final <=2.0.2.Final), io.dekorate:core-junit (>=2.0.0 <=2.4.1) +105 more potentially affected by CVE-2021-4178 via io.fabric8:kubernetes-client (>=5.1.0 <=5.1.1)
io.fabric8:kubernetes-client MAVEN version =5.1.0, =2.0.0.Final, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.4.1 and more Source cves: CVE-2021-4178 Source advisory: OSV:GHSA-98G7-RXMF-RRXM...
CVE-2022-31156
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...
CVE-2022-31156
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...
UBUNTU-CVE-2022-31156
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...
[SECURITY] Fedora 36 Update: osbuild-composer-56-1.fc36
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients...
MAL-2022-6434 Malicious code in teamcity-build-artifacts-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235e70f767d4caae7345fc80ce5bf59a7609ad9293fb2e2a74f70477ae9cac1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in teamcity-build-artifacts-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235e70f767d4caae7345fc80ce5bf59a7609ad9293fb2e2a74f70477ae9cac1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in teamcity-build-artifacts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cade57254eb5cf373a486779a399b9ef62a40071ee86e84f5c8517c39bd231e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6433 Malicious code in teamcity-build-artifacts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cade57254eb5cf373a486779a399b9ef62a40071ee86e84f5c8517c39bd231e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in synapse-artifacts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0e1e584725221a12679c41002914f98d62a8350234cecb0d4c19abe4d3b301d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6384 Malicious code in synapse-artifacts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0e1e584725221a12679c41002914f98d62a8350234cecb0d4c19abe4d3b301d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
LEAF - Linux Evidence Acquisition Framework
Linux Evidence Acquisition Framework LEAF acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules and parameters as input, LEAF is able to use smart analysis to extract Linux artifact...
cn.acooly:acooly-auth-google-authenticator (=5.2.1), cn.acooly:acooly-auth-parent (=5.2.1) +238 more potentially affected by CVE-2019-1010206 via com.github.kevinsawicki:http-request (>=0.6 <=6.0)
com.github.kevinsawicki:http-request MAVEN version =0.6, =6.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.kevinsawicki:http-request and may be impacted: - cn.acooly:acooly-auth-google-authenticator =5.2.1 - cn.acooly:acooly-auth-parent...
GHSA-4PW5-R58H-FV24 Path traversal vulnerability on Windows in Jenkins
The file browser for workspaces, archived artifacts, and userContent/ in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows. This results in a path traversal vulnerability allowing attackers with Overall/Read permission Windows controller o...
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
GHSA-FG2Q-V428-2GPH Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...
CVE-2021-41834
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation...
CVE-2019-10249
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...