Enhancing Fuzz Testing Efficiency through Automated Fuzz Target Generation

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise critical sections of the client code. Various studies have...

EUVD-2020-7760

Malware in sbrugna...

EUVD-2022-34366

Malicious code in bioql PyPI...

PT-2025-36640

Summary Atlantis publicly exposes detailed version information on its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. Details The /statu...

Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

Fortinet FortiManager Detection Consolidation

Consolidation of Fortinet FortiManager detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

CVE-2023-5720

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from not properly cleaning artifacts created using the Gradle plugin, which allows for the retention of certain build system information, allowing an...

SUSE CVE-2017-1000399

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/ID/api showed information about tasks in the queue typically builds waiting to start. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This h...

Design/Logic Flaw

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...

CVE-2022-2075

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...

PT-2022-14841 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows for a Regex Denial of Service targeting the build information request validation. Recommendations: At the moment, there is no information about a newer version that...

Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy that stems from performing a regular expression denial of service against build information request validation...

CVE-2020-28576

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information...

CVE-2020-28583

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information...

Information disclosure

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information...

CVE-2020-15775

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously...

CVE-2020-15775

Mode C: The CVE-2020-15775 entry affects Gradle Enterprise 2017.1–2020.2.4. The /usage page exposes high-level build information (e.g., project names and build counts over time) and is viewable anonymously, creating an information-disclosure risk. No exploit details are provided in the sources be...

Shopify: CircleCI token in github repo allows for access to sensitive build information

While looking through some Shopify Github repos I came across the following CircleCI token: ca84774a88598f639b174d498c219163e04adbb2 in the js-buy-sdk repo. curl https://circleci.com/api/v1.1/me?circle-token=ca84774a88598f639b174d498c219163e04adbb2 returns information about the user which confirm...

Moxa MGate Detection (Telnet)

Telnet based detection of Moxa MGate. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105822";...