31 matches found
EUVD-2026-35999
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...
PT-2026-48397
Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine uses a parser to read Debian source packages .dsc and upload artifacts .changes, which are manifest files listing the components of an artifact. This parser accepts arbitrary paths...
Vitess users with backup storage access can gain unauthorized access to production deployment environments
Impact Any user with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production...
MAL-2025-151948 Malicious code in aibopna-mobile-aruiaani (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fffe3f8885fe36f2db5b949eaab45027d8a3a92192f61674248fc9a4cf21fcd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indah-mieayam34-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c5d6f2b0925c8487c712c3896551d1ca18b238841cb800a63a7b88345c665e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in additional_crane_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 482b1199751a90587f6a45ba588a95d9bfb9d6470213f0de6f71578b97ae6290 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hanafi-naget56-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9fa4fadbf0c7bb1531e71f15c10c9fbb267b342faccbce5ce0a4ac59b82cf0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
GO-2022-0495 DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd...
Ubuntu: Security Advisory (USN-5102-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-24904 Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's...
Apache Log4j JAR Detection (Windows)
Binary data apachelog4jwininstalled.nbin...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
USN-5102-1: Mercurial vulnerabilities
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. CVE-2019-3902 It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...