Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-48205

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00353EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/19 3:32 p.m.3 views

Malicious code in azure-pipelines (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3befea97b94282d8ce4388e647f5f86caea89c7727ce5f913eb233b357335d0f Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/06/19 3:32 p.m.2 views

MAL-2025-5180 Malicious code in azure-pipelines (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3befea97b94282d8ce4388e647f5f86caea89c7727ce5f913eb233b357335d0f Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.6 views

CVE-2022-45306

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder...

4.3CVSS7AI score0.00353EPSS
Exploits0References1
Kitploit
Kitploit
added 2024/01/30 11:30 a.m.33 views

PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run Atomic Tests

With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs Endpoint Detection and Response and custom-created ones, the need for constant functional testing of detection rules has become evident. However, manually re-running...

7.2AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/11/17 12:0 a.m.244 views

Security Updates for Azure Pipelines Agent (November 2023)

The Microsoft Azure Pipelines Agent running on the remote host is prior to 2.217.2. It is, therefore affected by a remote code execution vulnerability due to an integer overflow in the embedded mingit component. Note that Nessus has not tested for this issue but has instead relied only on the...

8.8CVSS8.9AI score0.01951EPSS
Exploits0References2
CNVD
CNVD
added 2022/12/01 12:0 a.m.16 views

Chocolatey Azure Pipelines Agent Privilege Design Vulnerability

Chocolatey can handle various types of installation packages.Azure Pipelines Agent Also known as Azure Pipelines Agent, it is mainly used to generate code or deploy software in the Devops process. A privilege design vulnerability exists in the Chocolatey Azure Pipelines Agent package v2.211.1 and...

4.3CVSS4.9AI score0.00353EPSS
Exploits0References1
OSV
OSV
added 2022/11/29 2:15 a.m.5 views

CVE-2022-45306

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder...

4.3CVSS5.8AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2022/11/29 2:15 a.m.18 views

CVE-2022-45306

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder...

4.3CVSS0.00353EPSS
Exploits0References1
CVE
CVE
added 2022/11/29 12:0 a.m.43 views

CVE-2022-45306

CVE-2022-45306 affects Chocolatey Azure-Pipelines-Agent package versions 2.211.1 and earlier. The vulnerability is insecure permissions: all users in the Authenticated Users group have write privileges to the subfolder C:\agent and all files within. This is documented across multiple sources (Red...

4.3CVSS4.7AI score0.00353EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.3 views

Chocolatey Azure-Pipelines-Agent 安全漏洞

Chocolatey can handle various types of installation packages.Azure Pipelines Agent Also known as Azure Pipelines Agent, it is mainly used to generate code or deploy software in the Devops process. A privilege design vulnerability exists in the Chocolatey Azure Pipelines Agent package v2.211.1 and...

4.3CVSS7.3AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.4 views

PT-2022-27464 · Microsoft · Chocolatey Azure-Pipelines-Agent

Name of the Vulnerable Software and Affected Versions: Chocolatey Azure-Pipelines-Agent versions 2.211.1 and below Description: The issue is related to insecure permissions in the Chocolatey Azure-Pipelines-Agent package, which grants all users in the Authenticated Users group write privileges fo...

4.3CVSS6.8AI score0.00353EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:8 p.m.3 views

Malicious code in snyk-azure-pipelines-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1415763e729b09889f3cb0714d88b936b6c14f499ccbdd82f5697fe861fcc1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:8 p.m.8 views

MAL-2022-6194 Malicious code in snyk-azure-pipelines-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1415763e729b09889f3cb0714d88b936b6c14f499ccbdd82f5697fe861fcc1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/01 9:27 a.m.3 views

Malicious code in azure-pipelines-dependency-track (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d8de0a03478a809b8f29b605fa046f7b89e682904f1dbfb3321aa9e64df94f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/01 9:27 a.m.7 views

MAL-2022-1362 Malicious code in azure-pipelines-dependency-track (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d8de0a03478a809b8f29b605fa046f7b89e682904f1dbfb3321aa9e64df94f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2022/01/20 11:30 a.m.100 views

Dep-Scan - Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild

dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you hav...

7.2AI score
Exploits0References12
Rows per page
Query Builder