Lucene search
K

20 matches found

OSV
OSV
added 2026/06/11 7:15 p.m.8 views

MAL-2026-5677 Malicious code in worker-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e11b6161f4fe3c591bddadbf275003eaac33a1478cda408ac51d85230292e6d package.json declares "postinstall": "node main.js", so installation of [email protected] unconditionally executes main.js on npm install. main.js...

5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/02/04 8:48 p.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in values including series paths, patch filenames, and numeric parameters, which are read from patch.yaml. An attacker who can control inputs to this file can cause shell commands to be run on the build host by injecti...

8.5CVSS5.6AI score0.00175EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/17 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2025-eb0eab6793)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.01265EPSS
Exploits3References6
Fedora
Fedora
added 2025/11/05 2:13 a.m.8 views

[SECURITY] Fedora 43 Update: python-uv-build-0.9.5-1.fc43

This package is a slimmed down version of uv containing only the build backend...

8.1CVSS6.9AI score0.00688EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/03/17 12:0 a.m.5 views

SUSE: Security Advisory (SUSE-SU-2025:0857-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3CVSS6.5AI score0.00209EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2023/04/12 8:46 p.m.285 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

Tippa My Tongue Tippa My Tongue is an exploit that uses CVE-2...

9.8CVSS9.9AI score0.99956EPSS
Exploits70
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2019:0387-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS5.7AI score0.01744EPSS
Exploits0References2
CNVD
CNVD
added 2018/03/05 12:0 a.m.4 views

Unspecified Vulnerability in Micro Focus openSUSE

Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the UK. openSUSE Leap is a version of openSUSE. A security vulnerability exists in the build package of Micro Focus openSUSE Leap, which stems from the program's failure to validate directory names. An attacker could...

9.9CVSS6.9AI score0.01744EPSS
Exploits0References1
Prion
Prion
added 2018/03/01 8:29 p.m.20 views

Design/Logic Flaw

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

5CVSS5.1AI score0.01744EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2018/03/01 8:29 p.m.18 views

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS9.3AI score0.01744EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 8:29 p.m.3 views

DEBIAN-CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

5.3CVSS7.1AI score0.01744EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/03/01 8:29 p.m.25 views

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS6.8AI score0.01744EPSS
Exploits0References2
OSV
OSV
added 2018/03/01 8:29 p.m.3 views

UBUNTU-CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS6.8AI score0.01744EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/03/01 7:0 p.m.21 views

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS7.3AI score0.01744EPSS
Exploits0
CVE
CVE
added 2018/03/01 7:0 p.m.123 views

CVE-2017-14804

Summary (CVE-2017-14804) : The vulnerability affects the build package prior to 20171128, which fails to validate directory names during extraction of build results, enabling writes outside the target buildroot. This is documented in multiple sources (OpenSUSE SUSE announcements, OSS updates, and...

9.9CVSS5.9AI score0.01744EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/12/08 12:54 p.m.8 views

SUSE-SU-2017:3253-1 Fixing security issues on OBS toolchain

This OBS toolchain update fixes the following issues: Package 'build': - CVE-2010-4226: force use of bsdtar for VMs bnc665768 - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo fate32321...

9.9CVSS8.8AI score0.02897EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.4 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-build-2.6.8-3-powerpc Debian GNU/Linux operating system can be exploited, resulting in a violation of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS5.4AI score0.05357EPSS
Exploits20References61Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.7 views

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The kernel-build-2.4.27-apus package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

5CVSS5.5AI score0.04626EPSS
Exploits4References25Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.8 views

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The kernel-build-2.4.27-powerpc-small package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

5CVSS5.5AI score0.04626EPSS
Exploits4References25Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.7 views

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The kernel-build-2.4.27-2 package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

5CVSS5.5AI score0.04626EPSS
Exploits4References25Affected Software1
Rows per page
Query Builder