10 matches found
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
Linux Distros Unpatched Vulnerability : CVE-2026-39860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix...
EUVD-2019-2188
Malware in sbrugna...
EUVD-2024-45958
Malicious code in bioql PyPI...
EUVD-2022-4184
Malicious code in bioql PyPI...
GHSA-HPH9-9VCQ-F7GP Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...
atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository
It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output...
CVE-2018-1000862
An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...
CVE-2018-1000862
CVE-2018-1000862 concerns Jenkins prior to 2.154 (2.153 and earlier) and LTS prior to 2.138.4 (2.138.3 and earlier) where DirectoryBrowserSupport.java allows an attacker who can control build output to browse the filesystem on agents via the workspace browser after a build. Related advisories (GH...