2124 matches found
ASB-A-240138318
In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
SUSE-SU-2022:3706-1 Security update for google-gson
This update for google-gson fixes the following issues: Fixed security issue: - CVE-2022-25647: Deserialization of Untrusted Data bsc1199064 Other non security fixes: - Build with Java = 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built wit...
CVE-2022-41575
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...
CVE-2022-41575
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...
How to Generate a support file for ADC
This article shows users how to generate a support bundle from there ADC device...
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2022:3486-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3486-1 advisory. - Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versio...
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
Summary A number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. Vulnerability 1: Bundle mismatch causes invalid verification. Summary A cosign bundle can be crafted to successfully verify a blob ev...
GHSA-8GW7-4J42-W388 Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
Summary A number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. Vulnerability 1: Bundle mismatch causes invalid verification. Summary A cosign bundle can be crafted to successfully verify a blob ev...
CVE-2022-39008
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps...
Self-spreading stealer attacks gamers via YouTube
UPD: A notice on Googles response to the issue was added. An unusual malicious bundle a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality recently caught our eye. Its main payload is the...
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
Design/Logic Flaw
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
cosign 数据伪造问题漏洞
cosign is a container signing, verification and storage in an OCI registry in the United States. A data forgery issue vulnerability exists in cosign versions prior to 1.12.0 that stems from Bundle mismatches leading to invalid validation, not checking certificate identity in some cases, invalid...
SUSE-SU-2022:3177-1 Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja = and = 23.0.0 bsc1201082 - Add support for name, pkgs and diffattr parameters to upgrade function for zypper and yum bsc1198489 - Fix possible errors on...
SUSE-SU-2022:3172-1 Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja = and = 23.0.0 bsc1201082 - Add support for name, pkgs and diffattr parameters to upgrade function for zypper and yum bsc1198489 - Fix possible errors on...
MAL-2022-7054 Malicious code in wcebpack-bunde-analyzer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c7a4300818daab208570421a84bcdd8e7b4950dcae1e6a5dd08f17d9e135497 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Design/Logic Flaw
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed...