GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition that stems from improper privilege control and could lead to user access to sensitive project analysis data...

GHSA-4VRV-93C7-M92J snyk Code Injection vulnerability

The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...

CVE-2022-24441

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

Code injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

PT-2022-16699 · Microsoft +2 · Visual Studio +3

Name of the Vulnerable Software and Affected Versions: snyk versions prior to 1.1064.0 VS Code versions prior to 1.9.0 IntelliJ versions prior to 2.4.48 Visual Studio versions prior to 1.1.31 Eclipse versions prior to v20221115.132308 Language Server versions prior to v20221109.114426 Description...

The vulnerability of the FATEK WinProladder controller programming software lies in the fact that the write operation can exceed the buffer boundaries into memory, allowing an attacker to execute arbitrary code.

The vulnerability of the FATEK WinProladder controller programming software lies in the fact that the write operation goes beyond the buffer boundaries when analyzing project files syntactically. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...

Apache NetBeans Unauthorized Code Loading Vulnerability

Apache NetBeans is a suite of software development platforms from the Apache Software Foundation in the United States. Apache NetBeans has a security vulnerability that can be exploited by a remote attacker to submit a special request to load project analysis code without receiving user consent...

Code injection

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...