Lucene search
K

178 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

4.9CVSS9.6AI score0.01793EPSS
Exploits0References12
Snyk
Snyk
added 2023/01/29 3:29 p.m.3 views

Malicious Package

Overview sgt-build-process is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2020-0237)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS7.4AI score0.01793EPSS
Exploits0References5
Prion
Prion
added 2021/09/14 4:15 p.m.20 views

Design/Logic Flaw

The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior if .travis.yml has been created locally by a customer, and...

4.3CVSS7.5AI score0.01485EPSS
Exploits0References6Affected Software1
Rosalinux
Rosalinux
added 2021/07/02 4:31 p.m.25 views

Advisory ROSA-SA-2021-1805

Software: ant 1.9.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-1945 CVE-Crit: MEDIUM CVE-DESC: Apache Ant 1.1 through 1.9.14 and 1.10.0 through 1.10.7 uses the default temporary directory defined by the Java system property java.io.tmpdir for several tasks, and thus may leak sensitive information. The fixcr...

6.3CVSS6.8AI score0.01793EPSS
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/05/26 12:0 a.m.7 views

Simple Application Security Integrations for DevOps

Explore why application security matters and how you can integrate it into your build process without added stress or interruption...

3.5AI score
Exploits0
UbuntuCve
UbuntuCve
added 2021/04/30 12:15 p.m.40 views

CVE-2021-20266

A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability...

4.9CVSS6.7AI score0.01706EPSS
Exploits0References3
OSV
OSV
added 2021/04/26 4:15 p.m.10 views

CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS6.9AI score0.00334EPSS
Exploits0References2
Prion
Prion
added 2021/04/26 4:15 p.m.21 views

Design/Logic Flaw

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

2.1CVSS5.6AI score0.00334EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/26 3:35 p.m.54 views

CVE-2021-27851 Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed'

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.9AI score0.00334EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/04/26 3:35 p.m.22 views

CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS5.6AI score0.00334EPSS
Exploits0
CNNVD
CNNVD
added 2021/04/26 12:0 a.m.6 views

GNU Guix 后置链接漏洞

GNU Guix is an open source, cross-platform package manager for the GNU community. A backlink vulnerability exists in GNU guix-daemon that allows an unprivileged user to spawn a build process...

5.5CVSS5.7AI score0.00334EPSS
Exploits0References3
Veracode
Veracode
added 2021/04/11 8:34 p.m.22 views

Privilege Escalation

bullseye is vulnerable to privilege escalation.The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. ...

5.5CVSS1.2AI score0.00334EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/04/03 1:16 p.m.10 views

MGASA-2021-0173 Updated ant packages fix security vulnerability

Updated ant packages fix security vulnerability: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one withou...

7.5CVSS6.9AI score0.08235EPSS
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/03/23 12:0 a.m.9 views

Maintain File Security during Compliance Scanning

Learn how to integrate security into the build process to protect downstream workflows from risk...

3.7AI score
Exploits0
OSV
OSV
added 2021/03/15 11:5 p.m.4 views

USN-4874-1 ant vulnerability

It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant...

6.3CVSS6.8AI score0.01793EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/03/03 4:19 a.m.6 views

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS7.2AI score0.01793EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/02/17 7:6 p.m.2 views

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS7.2AI score0.01793EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/02/16 5:35 p.m.35 views

CVE-2021-21316 Arbitrary code execution in less-openui5

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

6.3CVSS7.8AI score0.00988EPSS
Exploits0References5
OSV
OSV
added 2021/02/03 7:16 p.m.7 views

GHSA-F62V-XPXF-3V68 Code injection in Apache Ant

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

7.5CVSS6.8AI score0.08235EPSS
Exploits0References22
Rows per page
Query Builder