Design/Logic Flaw

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...

kernel: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()

In the Linux kernel, the following vulnerability has been resolved: ath11k: fix the warning of devwake in mhipmdisabletransition When test device recovery with below command, it has warning in message as below. echo assert /sys/kernel/debug/ath11k/wcn6855\ hw2.0/simulatefwcrash echo assert...

CVE-2022-45389

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...

Jenkins Plugin XP-Dev 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-45389

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...

CVE-2022-45389

CVE-2022-45389 — Jenkins XP-Dev Plugin 1.0 and earlier have a missing permission check that allows unauthenticated users to trigger builds of jobs for an attacker-specified repository. The connected sources confirm the affected plugin/version and the attack vector is unauthenticated triggering of...

PT-2022-27491 · Jenkins · Jenkins Xp-Dev Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XP-Dev Plugin version 1.0 and earlier Description: A missing permission check in the Jenkins XP-Dev Plugin allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. Recommendations:...

Jenkins Plugin XP-Dev 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Malicious code in webpack-dev-fixture (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ef02287b144b28d10ac4910d268b3a6ad2c870385d1ae85c1ec2f144b176c58 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7101 Malicious code in webpack-dev-fixture (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ef02287b144b28d10ac4910d268b3a6ad2c870385d1ae85c1ec2f144b176c58 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2022-34879 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.7 Description: The issue is related to a possible memory leak in the i2sbus add dev function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-35108 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0 Description: The issue is related to sleep in atomic context bugs caused by dev coredump. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior...

PT-2022-35549 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue is related to sleep in atomic context bugs caused by dev coredump. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-35198 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.77 Description: A possible memory leak was identified in the i2sbus add dev function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

...

@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)

fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...

CVE-2022-43254

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gflistnew at utils/list.c...

Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints

The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot aka Silence, and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection...

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to follow-on...

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the gro...