Lucene search
K

62 matches found

CVE
CVE
added 2022/09/14 12:0 a.m.84 views

CVE-2022-36113

Cargo vulnerability (CVE-2022-36113): Cargo would extract packages into ~/.cargo and mark success with a .cargo-ok file. A malicious package could include a .cargo-ok symlink; when Cargo wrote ok, it would overwrite the first two bytes of the symlink target, enabling corruption of a single file o...

8.1CVSS7.2AI score0.01004EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/14 12:0 a.m.30 views

CVE-2022-36114 Extracting malicious crates can fill the file system

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

4.8CVSS7.2AI score0.00792EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/05/18 10:56 a.m.4 views

gradle: repository content filters do not work in Settings pluginManagement

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...

8CVSS5.7AI score0.01307EPSS
Exploits1References4
Gitee
Gitee
added 2021/08/05 4:38 p.m.8 views

vulhub111

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and more. The repository is maintained by Vulhub, a community-driven project for...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/12/02 2:8 p.m.3 views

HackSysExtremeVulnerableDriver

This is a repository for the HackSys Extreme Vulnerable Driver HEVD, a tool for testing and demonstrating various types of vulnerabilities in Windows drivers. The repository contains build scripts for both 32-bit and 64-bit architectures on Windows and Linux. The repository includes scripts for...

7.2AI score
Exploits0
NVD
NVD
added 2020/10/12 1:15 p.m.17 views

CVE-2020-4780

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158...

5.3CVSS0.00986EPSS
Exploits0References2
Prion
Prion
added 2020/10/12 1:15 p.m.15 views

Buffer overflow

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158...

5CVSS5AI score0.00986EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/08 5:39 p.m.21 views

Security Bulletin: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management (CVE-2020-4780)

Summary OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorised parties. Vulnerability Details CVEID: CVE-2020-4780 DESCRIPTION: OOT...

5.3CVSS1.5AI score0.00986EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/09/09 4:15 p.m.3 views

DEBIAN-CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

9.8CVSS8.4AI score0.09931EPSS
Exploits0References1
OSV
OSV
added 2020/09/09 4:15 p.m.14 views

CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

9.8CVSS6.9AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/09/09 4:15 p.m.15 views

CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

9.8CVSS7.2AI score0.09931EPSS
Exploits0References3
Gitee
Gitee
added 2020/08/25 9:9 p.m.4 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments, including Flask,...

8.1AI score
Exploits0
Gitee
Gitee
added 2019/10/16 11:39 p.m.4 views

razzer

It is an offensive tool for Linux kernel exploitation. The primary CVE ID is not explicitly mentioned in the provided context, but the tool is designed to exploit kernel vulnerabilities, particularly those related to race conditions. The tool, named Razzer, is a kernel fuzzer that uses a modified...

6.5AI score
Exploits0
NVD
NVD
added 2018/02/01 9:29 p.m.26 views

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

7.4CVSS7.2AI score0.03825EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/02/01 9:0 p.m.27 views

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

7.7AI score0.03825EPSS
Exploits1References3
Veracode
Veracode
added 2018/01/11 7:44 a.m.12 views

Information Disclosure

gatsby is vulnerable to information disclosure. Absolute paths of the build machine can be leaked in the source map files when gatsby build scripts are executed, exposing sensitive information such as the current user name...

6.2AI score
Exploits0
n0where
n0where
added 2017/03/30 6:42 p.m.61 views

AntiVirus Evasion Tool: AVET

AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. What & Why: when running an exe file made with msfpayload & co, the exe file will often be recognized by the antivirus software avet is a antivirus...

7.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2016/05/11 12:0 a.m.35 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description SECURITY-170 / CVE-2016-3721 Arbitrary build parameters are passed to build scripts as environment variables SECURITY-243 / CVE-2016-3722 Malicious users with multiple user accounts can prevent other users from logging in SECURITY-250 / CVE-2016-3723...

7.4CVSS3.1AI score0.02388EPSS
Exploits1References1
n0where
n0where
added 2016/01/07 10:17 a.m.33 views

Kali Linux NetHunter

Official Offensive Security have obsessively been building Kali on weird and wonderful ARM hardware and today, we are proud to reveal their latest creation – the Kali Linux NetHunter. NetHunter is a Android penetration testing platform for Nexus devices built on top of Kali Linux, which includes...

7.5AI score
Exploits0References4
Kitploit
Kitploit
added 2016/01/06 10:25 p.m.889 views

Kali NetHunter 3.0 - Android Mobile Penetration Testing Platform

What’s New in Kali NetHunter 3.0 NetHunter Android Application Rewrite The NetHunter Android application has been totally redone and has become much more “application centric”. Many new features and attacks have been added, not to mention a whole bunch of community-driven bug fixes. The NetHunter...

9.6AI score
Exploits0
Rows per page
Query Builder