Lucene search
K

72 matches found

NVD
NVD
added 2019/10/01 6:15 p.m.22 views

CVE-2019-7618

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user...

6.5CVSS6.4AI score0.01452EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2018/06/29 8:55 a.m.1 views

Github Account of Gentoo Linux Hacked, Code Replaced With Malware

Downloaded anything from Gentoo's GitHub account yesterday? Consider those files compromised and dump them now—as an unknown group of hackers or an individual managed to gain access to the GitHub account of the Gentoo Linux distribution on Thursday and replaced the original source code with a...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/03/02 12:0 a.m.143 views

Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability

Secunia Research has discovered a vulnerability in Linux Kernel, which can be exploited by malicious, local users to cause a DoS Denial of Service. An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash. The...

6.7AI score0.0055EPSS
Exploits1
ripstech
ripstech
added 2017/10/25 3:0 p.m.12 views

Security Analysis with Bamboo Plugin

Build Management with Bamboo In the process of continuous integration, a code repository is automatically built and tested by a CI service when code is pushed or committed to the repository. This enables automated testing, tracking, and reporting of build errors and boosts the productivity of...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/09/13 12:0 a.m.5 views

The vulnerability in all components of Qualcomm’s Android operating system, from the CAF repository that uses Linux kernel, allows a hacker to trigger a race condition.

The vulnerability in all components of the Qualcomm Android operating system from the CAF repository, which uses Linux kernel, is caused by synchronization errors when using a shared resource. Exploiting this vulnerability can allow a remote attacker to trigger a race condition...

9.3CVSS7.4AI score0.0058EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2017/06/05 12:0 a.m.8 views

The vulnerability of Qualcomm Secure Execution Environment’s microprogramming software allows a perpetrator to circumvent existing access control policies.

The vulnerability of Qualcomm Secure Execution Environment for Android, found in the CAF repository, is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent existing access control policies through improper page alignment...

9.3CVSS7.2AI score0.00582EPSS
Exploits0References3
CNVD
CNVD
added 2017/02/17 12:0 a.m.8 views

ViewVC Cross-Site Scripting Vulnerability

Viewvc is a web-based CVS, SVN code repository browsing tool . A cross-site scripting vulnerability exists in ViewVC because the program does not properly validate user-supplied input. An attacker can exploit the vulnerability to execute arbitrary script code in a user's browser to steal...

6.1CVSS6.9AI score0.01318EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2016/12/19 4:43 p.m.8 views

ShadowBrokers Dump Came from Internal Code Repository, Insider

Update An analysis of the latest ShadowBrokers dump of alleged NSA spy tools points to an insider with access to a code repository belonging to the intelligence agency, experts said. Researchers at security company Flashpoint said today that its investigation of the leaked data points away from a...

0.5AI score
Exploits0References6
ripstech
ripstech
added 2016/12/18 12:0 p.m.26 views

Continuous Integration - Jenkins at your service

How Continuous Integration works Continuous integration is the process of - as the name suggests - continually merging all parts of code changed by developers. The main purpose of CI is to achieve better productivity and code integrity by using a shared code repository which is automatically buil...

7.1AI score
Exploits0
myhack58
myhack58
added 2009/05/10 12:0 a.m.13 views

php pear mail package arbitrary file write vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: the PEAR is PHP's official open-source Class Library, PHP Extension and Application Repository abbreviations. PEAR the PHP application development process commonly used in the function written as a class library, the cover page was surface, database access, file...

8AI score
Exploits0
seebug.org
seebug.org
added 2008/07/17 12:0 a.m.27 views

Mercurial patch.py文件目录遍历漏洞

BUGTRAQ ID: 30072 CVECAN ID: CVE-2008-2942 Mercurial是分布式的源码管理控制系统。 Mercurial的mercurial/patch.py文件中没有正确地过滤对applydiff函数的输入参数,如果远程攻击者提交了恶意请求的话,就可以通过目录遍历攻击重新命名代码库外任意文件的名称。 Mercurial 1.0.1 Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200807-09)以及相应补丁: GLSA-200807-09:Mercurial: Directory traversal...

6.8CVSS6.4AI score0.01885EPSS
Exploits3
seebug.org
seebug.org
added 2007/09/08 12:0 a.m.29 views

reprepro更新代码库签名验证绕过安全限制漏洞

BUGTRAQ ID: 25537 reprepro是用于处理debian软件包的本地代码库的工具。 reprepro在处理密钥交换时存在漏洞,远程攻击者可能利用此漏洞绕过验证。 在使用update命令升级代码库时reprepro只使用请求密钥验证签名,而请求密钥的签名根本不存在时也不会报告,因此会接收任何使用未知密钥签名的内容,这就导致不安全内容绕过了安全检查。 Bernhard R. Link reprepro 2.2.3 Bernhard R. Link reprepro 1.3.0-1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
Rows per page
Query Builder