EUVD-2022-5463

Malicious code in bioql PyPI...

golang: archive/zip: Reader.Open panics on empty string

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...

golang: archive/zip: Reader.Open panics on empty string

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...

golang: archive/zip: Reader.Open panics on empty string

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...

Privilege Escalation

Jenkins is vulnerable to privilege escalation. The vulnerability exists due to improper checks on newly created view allowing attackers with View/Create permission to create views with invalid or already-used names...

CVE-2021-21640

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names...

PT-2021-14683 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.286 and earlier Jenkins LTS versions 2.277.1 and earlier Description: The issue arises from the improper validation of newly created view names, allowing attackers with View/Create permission to create views with invalid or...

Fedora 20 : krb5-1.11.3-32.fc20 (2013-21456)

This update incorporates a bug fix to properly reject more invalid names for credential caches, and the fix for CVE-2013-1417, which could cause a KDC to attempt to dereference a NULL pointer. Note that Tenable Network Security has extracted the preceding description block directly from the Fedor...

php: $_FILES array indexes corruption

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...