MAL-2024-11913 Malicious code in hardhat-deploy-others (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 85a3b67882ce27c0db4858f9509396a2a74b670426897002d8ccc9d29537c008 The OpenSSF Package Analysis project identified 'hardhat-deploy-others' @ 9.9.10 npm as malicious. It is considered malicious because: - The...

PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement

Overview PDQ Deploy is a service intended for usage by system administrators for the deployment of software or updates to targeted machines within their network. PDQ Deploy uses "run modes" to deploy software to their target devices. The run mode "Deploy User" insecurely creates credentials on th...

CVE-2024-42195

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

CVE-2024-42195

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

CVE-2024-42195 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

CVE-2024-42195

CVE-2024-42195 concerns HCL DevOps Deploy / HCL Launch, where HTML injection in the Web UI could allow embedding arbitrary HTML tags and potentially disclose sensitive information. The connected documents corroborate the vulnerability type (HTML injection) and affected software name, and note tha...

CVE-2024-42195 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL Corporation, U.S.A. HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your...

PT-2024-29790 · Hcl · Hcl Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / HCL Launch affected versions not specified Description: The issue allows a user to embed arbitrary HTML tags in the Web UI, potentially leading to sensitive information disclosure. This is due to an HTML injection...

Malicious code in action-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47502de1954b1ba4d201ac64813edf79362d7f81fb2c28f6802f800d93bc08d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11026 Malicious code in action-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47502de1954b1ba4d201ac64813edf79362d7f81fb2c28f6802f800d93bc08d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-17172 · Welliamcao · Ops Manager

Name of the Vulnerable Software and Affected Versions: welliamcao OpsManage versions 3.0.1 through 3.0.5 Description: A critical issue affects the deploy host vars function of the /apps/api/views/deploy api.py file in the API Endpoint component. This issue leads to deserialization and can be...

Malicious code in cs-deploy-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc924b01d9d1492c726482e9cfb4985b29cfd9c8771d907af44c2d7351d1ff36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10481 Malicious code in cs-deploy-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc924b01d9d1492c726482e9cfb4985b29cfd9c8771d907af44c2d7351d1ff36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

BIT-GITLAB-2024-9623 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...

GitLab 11.6 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-8970)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Key...

GitLab 11.4 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-5005)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Key...

GitLab 12.5 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-9164)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Key...

CVE-2024-9623

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...