Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to Path Traversal due to Apache Ivy (CVE-2022-37865, CVE-2022-37866)

Summary Apache Ivy is used by IBM UrbanCode Deploy as part of the Agents Apache Groovy scripting home. CVE-2022-37865, CVE-2022-37866 Vulnerability Details CVEID:CVE-2022-37866 DESCRIPTION: Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validati...

CVE-2023-28445

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

CVE-2023-28445 Deno improperly handles resizable ArrayBuffer

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

GHSA-C25X-CM9X-QQGX Deno improperly handles resizable ArrayBuffer

Impact Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not...

Deno improperly handles resizable ArrayBuffer

Impact Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not...

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

Code injection

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

CVE-2022-4009

CVE-2022-4009 affects Octopus Deploy; the vulnerability allows a user to introduce code via offline package creation, leading to potential command injection. The provided documents do not specify exact affected versions or a published fix. Additional connected sources mention Octopus Deploy conte...

Octopus Deploy 命令注入漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A command injection vulnerability exists in Octopus Deploy, which originates from a user being able to perform command injection by creating offline packages. The...

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

March 14, 2023—KB5023759 (Security-only update)

March 14, 2023—KB5023759 Security-only update IMPORTANT As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 SP1. For customers who need additional time to upgrade and modernize their devices running Windows Server 2008 R2 on Azur...

CVE-2022-2258

In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items...

CVE-2022-2259

In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items...

CVE-2022-2258

In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items...

CVE-2022-2259

In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items...

Code injection

In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items...

Code injection

In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items...