229 matches found
CVE-2022-1193
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances...
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
Design/Logic Flaw
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
Review your security vulnerabilities in GitHub with code scanning alerts
Today, for GitHub repositories, our SAST analysis provides fast, precise security feedback directly inside your pull requests. You instantly know how many vulnerabilities are detected and, until now, you would systematically go to SonarCloud to start investigating. Not anymore. From this point...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j log4shell CVE-2021-44228 Public IoCs list Public IoCs...
Meet the new project experience for SonarCloud
We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud. We’re going to tell you more about what this makeover is about in this article. You may be wondering...
Security Scorecards - Security Health Metrics For Open Source
Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...
The vulnerability of the editor extension for Microsoft Visual Studio Code’s GitHub Pull Requests and Issues extension, related to improper code generation management, allows a perpetrator to execute arbitrary code.
The vulnerability of the editor extension for Microsoft Visual Studio Code’s GitHub Pull Requests and Issues extension is related to improper code generation management. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted request...
CVE-2021-28470
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...
CVE-2021-28470
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...
Remote code execution
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
...
CVE-2021-28470
CVE-2021-28470 affects the Visual Studio Code GitHub Pull Requests and Issues Extension. The vulnerability is a remote code execution flaw in the extension component, with exploitation requiring user interaction and local access, as indicated by CVSS 3.1 (LOCAL, UI: REQUIRED, C/H/I/A HIGH). Affec...
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...
Security Update for Microsoft Visual Studio Code GitHub Pull Requests and Isssues Extension (April 2021)
The Microsoft Visual Studio Code GitHub Pull Requests and Issues Extension is prior to version 0.25.1. It is, therefore, affected by a remote code execution vulnerability. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary...
PT-2021-2740 · Microsoft · Visual Studio Code Github Pull Requests/Issues Extension
Name of the Vulnerable Software and Affected Versions: Visual Studio Code GitHub Pull Requests and Issues Extension affected versions not specified Description: The issue is related to incorrect code generation management in the extension, which can be exploited by sending a specially crafted...