Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j log4shell CVE-2021-44228 Public IoCs list Public IoCs...

Meet the new project experience for SonarCloud

We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud. We’re going to tell you more about what this makeover is about in this article. You may be wondering...

Security Scorecards - Security Health Metrics For Open Source

Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...

The vulnerability of the editor extension for Microsoft Visual Studio Code’s GitHub Pull Requests and Issues extension, related to improper code generation management, allows a perpetrator to execute arbitrary code.

The vulnerability of the editor extension for Microsoft Visual Studio Code’s GitHub Pull Requests and Issues extension is related to improper code generation management. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted request...

CVE-2021-28470

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...

CVE-2021-28470

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...

Remote code execution

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...

CVE-2021-28470

CVE-2021-28470 affects the Visual Studio Code GitHub Pull Requests and Issues Extension. The vulnerability is a remote code execution flaw in the extension component, with exploitation requiring user interaction and local access, as indicated by CVSS 3.1 (LOCAL, UI: REQUIRED, C/H/I/A HIGH). Affec...

CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

...

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

...

Security Update for Microsoft Visual Studio Code GitHub Pull Requests and Isssues Extension (April 2021)

The Microsoft Visual Studio Code GitHub Pull Requests and Issues Extension is prior to version 0.25.1. It is, therefore, affected by a remote code execution vulnerability. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary...

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...

PT-2021-2740 · Microsoft · Visual Studio Code Github Pull Requests/Issues Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code GitHub Pull Requests and Issues Extension affected versions not specified Description: The issue is related to incorrect code generation management in the extension, which can be exploited by sending a specially crafted...

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

Improper access control

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

CVE-2021-22861

GitHub Enterprise Server vulnerability CVE-2021-22861: An improper access control issue allowed authenticated users to write to unauthorized repositories via crafted pull requests and REST API calls. Affected versions include ranges listed in PT-2021-15234: 2.4.21–2.20.23, 2.21.0–2.21.14, 2.22.0–...

GitHub Enterprise Server 安全漏洞

GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server that allows instances of authenticated users to gain write access to unauthorized repositories via specially designed pull requests and REST API...

Halogen - Automatically Create YARA Rules From Malicious Documents

Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 halogen.py -h usage: halogen.py -h -f FILE -d DIR -n NAME --png-idat --jpg-sos Halogen: Automatically create yara rules based on images embedded in office...