Linux Distros Unpatched Vulnerability : CVE-2014-8991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

CVE-2024-50611

CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...

CVE-2024-50611

CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...

CycloneDX Generator 安全漏洞

CycloneDX Generator cdxgen is a CLI tool, library, REPL and server for CycloneDX open source. It is used to create valid and compatible CycloneDX bill of materials. A security vulnerability exists in CycloneDX Generator version 10.10.7 and prior versions, which stems from the possibility of...

PT-2024-34357 · Node.Js +3 · Node.Js +3

Name of the Vulnerable Software and Affected Versions: CycloneDX cdxgen versions prior to 11.1.7 Description: The issue allows execution of code contained within build-related files, such as build.gradle.kts, when run against an untrusted codebase. This is similar to a previously identified issue...

cri-o security update

cri-o 1.26.4-2 - Address CVE-2024-24786 cri-tools 1.26.1-5 - Address CVE-2024-24786 etcd 3.5.10-3 - Address protobuf CVE-2024-24786 3.5.10-1 - Added Oracle specific build files istio 1.17.8-3 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323,...

GHSA-4VRV-93C7-M92J snyk Code Injection vulnerability

The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...

kubernetes security update

kubernetes 1.24.8-2 - libct/cg: add misc controller to v1 drivers upstream runc patch 1.24.8-1 - Added Oracle specific build files for Kubernetes olcne 1.5.13-1 - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.24.15 - Added script to support upgrade from OL7 to OL8 using leapp...

SUSE CVE-2014-8991

pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

CVE-2022-24441

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

GHSA-27J5-2H6R-C9Q2 OpenAPI Tools OpenAPI Generator uses HTTP in various files

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...

olcne security update

coredns 1.7.0-1 - Added Oracle specific build files cri-o 1.18.4-2 - Fix for CVE-2021-27918 1.18.4-1 - Added Oracle Specifile Files for cri-o cri-tools 1.18.0-2 - Address CVE-2021-27918 etcd 3.4.3-1.0.5 - Address CVE-2021-27918 flannel 0.12.0-2 - Address CVE-2021-27918 yq 3.4.0-2 - Address...

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Threat actors are abusing Microsoft Build Engine MSBuild to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding th...

Fedora: Security Advisory for ant (FEDORA-2020-3ce0f55bc5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for ant (FEDORA-2020-2640aa4e19)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

kubernetes-cni-plugins kubernetes-cni kubernetes olcne security update

kubernetes-cni-plugins 0.8.6-1.0.1 - Added Oracle specific build files for Kubernetes CNI Plugins kubernetes-cni 0.7.1-1.0.1 - Added Oracle specific build files for Kubernetes CNI kubernetes 1.14.9-1.0.4 - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router...

Fedora: Security Advisory for ant (FEDORA-2020-7f07da3fef)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Man-in-the-Middle(MitM)

unomi-rest is vulnerable to man-in-the-middle MitM attack. This attack exists because the project dependencies are downloaded over HTTP instead of HTTPS, allowing a Man in the Middle MITM attacker to manipulate the dependencies in the build files and eventually leading to an execution of maliciou...