Password Disclosure

cloudfoundry is vulnerable to Password Disclosure. The vulnerability exists when kernel audit logging is enabled, which logs every command run on a VM, causing authentication commands of the form cf auth --client-credentials USERNAME PASSWORD to be logged in plaintext to syslog, allowing an...

@activepieces/piece-amazon-s3 (=0.0.2), @adobe/helix-admin-support (>=2.1.22 <=2.1.23) +471 more potentially affected by unknown CVE via fast-xml-parser (=4.2.4)

fast-xml-parser NPM version =4.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on fast-xml-parser and may be impacted: - @activepieces/piece-amazon-s3 =0.0.2 - @adobe/helix-admin-support =2.1.22, =9.0.39, =2.1.1, =2.1.15, =1.11.158, =1.0.4-0, =1.2.39-...

When deploying a contract in PermissionlessNodeRegistry.deployNodeELRewardVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address

Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...

CVE-2023-33966

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

CVE-2022-4870

In affected versions of Octopus Deploy it is possible to discover network details via error message...

CVE-2022-4870

In affected versions of Octopus Deploy it is possible to discover network details via error message...

CVE-2022-4870

In affected versions of Octopus Deploy it is possible to discover network details via error message...

Code injection

In affected versions of Octopus Deploy it is possible to discover network details via error message...

CVE-2022-4870

In affected versions of Octopus Deploy it is possible to discover network details via error message...

PT-2023-15886 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows discovery of network details via error messages in affected versions of the software. Recommendations: At the moment, there is no information about a newer version...

CVE-2022-4870

In affected versions of Octopus Deploy it is possible to discover network details via error message...

CVE-2022-4870

CVE-2022-4870 affects Octopus Deploy; the issue is information disclosure via error messages that reveal network details. The provided documents confirm the vulnerability is tied to Octopus Deploy and involve disclosure of network information through error output. Exploitation status is not detai...

Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy that stems from the ability to discover network details via error messages...

CVE-2022-4008

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service...

CVE-2022-4008

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service...

Denial of service

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service...

CVE-2022-4008

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service...