72 matches found
CVE-2019-7618
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user...
Github Account of Gentoo Linux Hacked, Code Replaced With Malware
Downloaded anything from Gentoo's GitHub account yesterday? Consider those files compromised and dump them now—as an unknown group of hackers or an individual managed to gain access to the GitHub account of the Gentoo Linux distribution on Thursday and replaced the original source code with a...
Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability
Secunia Research has discovered a vulnerability in Linux Kernel, which can be exploited by malicious, local users to cause a DoS Denial of Service. An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash. The...
Security Analysis with Bamboo Plugin
Build Management with Bamboo In the process of continuous integration, a code repository is automatically built and tested by a CI service when code is pushed or committed to the repository. This enables automated testing, tracking, and reporting of build errors and boosts the productivity of...
The vulnerability in all components of Qualcomm’s Android operating system, from the CAF repository that uses Linux kernel, allows a hacker to trigger a race condition.
The vulnerability in all components of the Qualcomm Android operating system from the CAF repository, which uses Linux kernel, is caused by synchronization errors when using a shared resource. Exploiting this vulnerability can allow a remote attacker to trigger a race condition...
The vulnerability of Qualcomm Secure Execution Environment’s microprogramming software allows a perpetrator to circumvent existing access control policies.
The vulnerability of Qualcomm Secure Execution Environment for Android, found in the CAF repository, is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent existing access control policies through improper page alignment...
ViewVC Cross-Site Scripting Vulnerability
Viewvc is a web-based CVS, SVN code repository browsing tool . A cross-site scripting vulnerability exists in ViewVC because the program does not properly validate user-supplied input. An attacker can exploit the vulnerability to execute arbitrary script code in a user's browser to steal...
ShadowBrokers Dump Came from Internal Code Repository, Insider
Update An analysis of the latest ShadowBrokers dump of alleged NSA spy tools points to an insider with access to a code repository belonging to the intelligence agency, experts said. Researchers at security company Flashpoint said today that its investigation of the leaked data points away from a...
Continuous Integration - Jenkins at your service
How Continuous Integration works Continuous integration is the process of - as the name suggests - continually merging all parts of code changed by developers. The main purpose of CI is to achieve better productivity and code integrity by using a shared code repository which is automatically buil...
php pear mail package arbitrary file write vulnerability-vulnerability warning-the black bar safety net
Vulnerability description: the PEAR is PHP's official open-source Class Library, PHP Extension and Application Repository abbreviations. PEAR the PHP application development process commonly used in the function written as a class library, the cover page was surface, database access, file...
Mercurial patch.py文件目录遍历漏洞
BUGTRAQ ID: 30072 CVECAN ID: CVE-2008-2942 Mercurial是分布式的源码管理控制系统。 Mercurial的mercurial/patch.py文件中没有正确地过滤对applydiff函数的输入参数,如果远程攻击者提交了恶意请求的话,就可以通过目录遍历攻击重新命名代码库外任意文件的名称。 Mercurial 1.0.1 Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200807-09)以及相应补丁: GLSA-200807-09:Mercurial: Directory traversal...
reprepro更新代码库签名验证绕过安全限制漏洞
BUGTRAQ ID: 25537 reprepro是用于处理debian软件包的本地代码库的工具。 reprepro在处理密钥交换时存在漏洞,远程攻击者可能利用此漏洞绕过验证。 在使用update命令升级代码库时reprepro只使用请求密钥验证签名,而请求密钥的签名根本不存在时也不会报告,因此会接收任何使用未知密钥签名的内容,这就导致不安全内容绕过了安全检查。 Bernhard R. Link reprepro 2.2.3 Bernhard R. Link reprepro 1.3.0-1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...