125 matches found
EUVD-2018-0085
Malware in sbrugna...
EUVD-2019-0073
Malware in sbrugna...
EUVD-2017-0068
Malware in sbrugna...
EUVD-2022-5709
Malicious code in bioql PyPI...
EUVD-2024-3582
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-1002150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2018-1002161
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rebase to Koji 1.16.2 for CVE-2018-1002161 CVE-2018-1002161 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 8090...
Linux Distros Unpatched Vulnerability : CVE-2017-1002153
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. CVE-2017-1002153 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2019-17109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. CVE-2019-17109 Note that Nessus relies on the presence of the packag...
Linux Distros Unpatched Vulnerability : CVE-2024-9427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web...
TencentOS Server 4: koji (TSSA-2025:0068)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0068 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Fedora: Security Advisory (FEDORA-2024-e253f0b07c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-825c52d96f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-10314
Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM...
CVE-2019-10298
Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2017-1002153
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission...
CVE-2018-1002150
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...
ROS-20250121-02
A vulnerability in the koji RPM-based build system is related to insufficient cleansing of data provided by the by the user. Exploitation of the vulnerability could allow a remote attacker to perform cross-site scripting XSS attacks. Cross-site scripting XSS attacks...
the-new-hotness (=0.13.0) potentially affected by CVE-2024-9427 via koji (=1.20.1)
koji PYPI version =1.20.1 is affected by a known vulnerability. The following packages have a transitive dependency on koji and may be impacted: - the-new-hotness =0.13.0 Source cves: CVE-2024-9427 Source advisory: OSV:GHSA-G2VG-8HFG-79VJ...
GHSA-G2VG-8HFG-79VJ Koji Cross-site Scripting
A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code...