CVE-2024-54143 openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection

openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious...

CVE-2021-41394

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations...

CVE-2021-41394

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 are affected by CVE-2021-41394, which allows alteration of build artifacts in some situations. The connected sources provide product/version ranges and the impact, but do not include exploitation details or a publis...

CVE-2019-11770

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of thes...

Unsafe Dependency Resolution

Overview com.paypal.selion:SeLion-Parent is a builds on top of TestNG and Selenium to provide a set of capabilities that get you up and running with WebDriver in a short time. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an...

Apache Archiva Detection

The remote web server hosts Apache Archiva, an extensible repository management tool for working with personal or enterprise-wide build artifact repositories, such as those used with Maven, Continuum, and ANT. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid54969;...