1705 matches found
Buffer overflow
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...
CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...
CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...
CVE-2023-30623
embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...
CVE-2023-30623 Arbitrary command injection in embano1/wip
embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...
CVE-2023-30623
CVE-2023-30623 concerns the GitHub Action embano1/wip (Bash). Before version 2, it insecurely uses the PR title from github.event.pull_request.title in a run statement, enabling command injection via string interpolation. This can let an attacker who creates a PR trigger code execution on GitHub ...
CVE-2023-30623 Arbitrary command injection in embano1/wip
embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...
PT-2023-22820 · Unknown · Embano1/Wip
Name of the Vulnerable Software and Affected Versions: embano1/wip versions prior to 2 Description: The embano1/wip action uses the github.event.pull request.title parameter in an insecure way, resulting in a command injection vulnerability due to string interpolation. This issue can be triggered...
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
Information Disclosure
github.com/openshift/assisted-installer is vulnerable to Information Disclosure. The vulnerability exists in ops.go due to the leakage of image pull secrets as plaintext in installation logs which allows an attacker to gain access to the pull secret token information...
And all this assembly shall know that the OWNER SafEth not with derivatives: for the derivative is the OWNER'S, and he will rebalanceToWeights it into his EOA.
Lines of code Vulnerability details Impact The owner of SafEth can at any time steal all staked funds. Proof of Concept SafEth.addDerivative allows the owner to add any derivative contract, such as one where he can withdraw all IDerivative.deposit-ed funds. SafEth.adjustWeights allows the owner t...
CVE-2023-26493
Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...
GHSA-G8XM-P2H4-V6JP OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...
CVE-2021-3684
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...
CVE-2021-3684
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...
Design/Logic Flaw
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...
CVE-2021-3684
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...
CVE-2021-3684
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...
CVE-2021-3684
The CVE-2021-3684 entry concerns OpenShift Assisted Installer. During Discovery ISO generation, image pull secrets were leaked as plaintext in installation logs, enabling an authenticated user to reuse the secret to pull container images from the registry as that user. Documents substantiate the ...