MAL-2022-5208 Malicious code in panther-github-actions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3cf372dfd59de8690e3a89a7ea4f9117da1f269a50dcb3ac94d20a9f7903c91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Hyperledger: Unauthorized packages modification or secrets exfiltration via GitHub actions

Thank you to @dustywormwood for working closely with the Iroha team to fix this issue. You can learn more about this vulnerability type at https://github.com/nikitastupin/pwnhub. Thanks to the Hyperledger team for thorough remediation and clear communication!...

nuclei-templates

This repository is an offensive tool for nuclei templates. It contains a collection of community-curated templates for the nuclei engine to find security vulnerabilities in applications. The templates are stored in the cves directory and are used by the nuclei scanner to identify potential...

Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1

To the left, to the left, to the right, right — the CI/CD Pipeline is on the move. DevSecOps is all about adding security across the application lifecycle. A popular approach to application security is to shift left, which means moving security earlier in the software development lifecycle SDLC...

nuclei-templates

This repository is a collection of templates for the nuclei engine, a tool used to find security vulnerabilities in applications. The templates are used to identify potential vulnerabilities and are contributed by both the project's team and the community. The repository contains various template...

RAUDI - A Repo To Automatically Generate And Keep Updated A Series Of Docker Images Through GitHub Actions

RAUDI Regularly and Automatically Updated Docker Images automatically generates and keep updated a series of Docker Images through GitHub Actions for tools that are not provided by the developers. What is RAUDI RAUDI is what will save you from creating and managing a lot of Docker Images manually...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

!Java CIhttps://github.com/Nikolas-Charalambidis/cve-2021-44...

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploits and tools to demonstrate their vulnerabilities. The primary vulnerability targeted by this repository is not explicitly stated, b...

Recog: Data Rules Everything Around Me

The recog project — a recognition framework used to identify products, operating systems, and hardware through matching network probe data against its extensive fingerprint collection — has been around for many years. In the beginning, Rapid7 used it internally as part of the Nexpose vulnerabilit...

vulhub

This repository is an offensive tool for creating pre-built vulnerable environments based on Docker-Compose. It is a collection of vulnerable applications and services that can be used for testing and training purposes. The repository includes a variety of vulnerable applications, such as CouchDB...

PyPI Python Package Repository Patches Critical Supply Chain Flaw

The maintainers of Python Package Index PyPI last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanes...

CVE-2021-32638

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...

CVE-2021-32638

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...

CVE-2021-32638

CVE-2021-32638 concerns Github CodeQL runner/CodeQL Action used in non-GitHub CI environments, where a GitHub access token supplied via the --github-auth flag could be exposed to other processes through system output (e.g., ps). The issue is resolved by deprecating --github-auth and using secure ...

CVE-2021-32638 CodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecated

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is not a specific exploit or tool, but rather a collection of vulnerable environments for testing and learning purposes. The repository contains various vulnerable docker...

HashiCorp Vault Information Disclosure Vulnerability (CNVD-2021-37053)

HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. An information disclosure vulnerability exists in HashiCorp vault-action prior to version 2.2.0, which stems from a multi-line secret that fails to properly register with GitHub Actions to mask logs, which can b...

CVE-2021-32074

HashiCorp vault-action aka Vault GitHub Action before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking...

HashiCorp Vault 日志信息泄露漏洞

HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. An information disclosure vulnerability exists in HashiCorp vault-action prior to version 2.2.0, which stems from a multi-line secret that fails to properly register with GitHub Actions to mask logs, which can b...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability is not specified, but the repository contains various vulnerable environments, including ones for CouchDB, FFmpeg, Git, InfluxDB,...