Lucene search
K

31 matches found

EUVD
EUVD
added 2026/06/10 9:10 a.m.11 views

EUVD-2026-35999

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

6.5CVSS5.7AI score0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48397

Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine uses a parser to read Debian source packages .dsc and upload artifacts .changes, which are manifest files listing the components of an artifact. This parser accepts arbitrary paths...

6.5CVSS6AI score0.00269EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/02/26 10:50 p.m.6 views

Vitess users with backup storage access can gain unauthorized access to production deployment environments

Impact Any user with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production...

9.9CVSS5.8AI score0.00417EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/11/12 4:47 p.m.1 views

MAL-2025-151948 Malicious code in aibopna-mobile-aruiaani (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fffe3f8885fe36f2db5b949eaab45027d8a3a92192f61674248fc9a4cf21fcd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:46 p.m.2 views

Malicious code in indah-mieayam34-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c5d6f2b0925c8487c712c3896551d1ca18b238841cb800a63a7b88345c665e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:17 a.m.3 views

Malicious code in additional_crane_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 482b1199751a90587f6a45ba588a95d9bfb9d6470213f0de6f71578b97ae6290 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/10 5:21 p.m.3 views

Malicious code in hanafi-naget56-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9fa4fadbf0c7bb1531e71f15c10c9fbb267b342faccbce5ce0a4ac59b82cf0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2024/08/21 3:11 p.m.13 views

GO-2022-0495 DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd...

6.5CVSS6.9AI score0.0083EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.28 views

Ubuntu: Security Advisory (USN-5102-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.5AI score0.02033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/05/20 1:55 p.m.5 views

CVE-2022-24904 Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's...

4.3CVSS4.5AI score0.01051EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/12/10 12:0 a.m.230 views

Apache Log4j JAR Detection (Windows)

Binary data apachelog4jwininstalled.nbin...

7.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/11/02 10:21 a.m.3 views

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS6.9AI score0.03444EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2021/10/04 5:25 p.m.115 views

USN-5102-1: Mercurial vulnerabilities

It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. CVE-2019-3902 It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a...

9.1CVSS6.9AI score0.02033EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/08/30 8:6 a.m.5 views

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS6.9AI score0.03444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/22 3:8 p.m.3 views

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS6.9AI score0.03444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/22 3:8 p.m.6 views

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS6.9AI score0.03444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/22 3:2 p.m.6 views

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS6.9AI score0.03444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/21 12:7 p.m.5 views

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS6.9AI score0.03444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/21 11:52 a.m.1 views

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS6.9AI score0.03444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/21 9:54 a.m.6 views

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

4.3CVSS6.9AI score0.03444EPSS
Exploits0References4
Rows per page
Query Builder