1697 matches found
PT-2023-19596 · Jenkins · Jenkins Github Pull Request Builder Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A missing permission check in the Jenkins GitHub Pull Request Builder Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of...
PT-2023-19595 · Jenkins · Jenkins Github Pull Request Builder Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...
CVE-2023-24436
CVE-2023-24436 affects Jenkins GitHub Pull Request Builder Plugin (versions
Trellix Advanced Research Center patches 61,000 vulnerable open-source projects
Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...
Trellix Advanced Research Center patches 61,000 vulnerable open-source projects
Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...
GSD-2023-1001575 skbuff: Account for tail adjustment during pull operations
skbuff: Account for tail adjustment during pull operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...
GSD-2023-1001363 skbuff: Account for tail adjustment during pull operations
skbuff: Account for tail adjustment during pull operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...
GSD-2023-1001040 skbuff: Account for tail adjustment during pull operations
skbuff: Account for tail adjustment during pull operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...
GSD-2023-1000618 skbuff: Account for tail adjustment during pull operations
skbuff: Account for tail adjustment during pull operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin
A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...
Brave 操作系统命令注入漏洞
Brave is a fast, private and secure web browser from Brave USA. Brave UX for-the-badge suffers from an operating system command injection vulnerability that stems from several unknown functions in its .github/workflows/combine-prs.yml file that allows an attacker to implement system command...
Remote Code Execution (RCE)
Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to...
CVE-2022-41972 Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in th...
CVE-2022-41972 Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in th...
Winning NFT owner/admin can rug pull attack or DoS attack on winner by removing the winning NFT.
Lines of code Vulnerability details Impact Given the current logic, it is possible to call the redraw method even after recoverTimelock has passed. If the owner does so, the contract will select a new winner for the winning NFT. But it will be up to the owner to give as much time to the winner to...
Denial of Service at the LPDA.sol contract due to not be capable of minting an id already minted.
Lines of code Vulnerability details Impact The ether earned by the creator and the fees for the platform can get frozen. Proof of Concept The only way the creator can get out the ether earned by the sale and also the platform to get the feest is by the next code snippet from the buy funtion at th...
8x8: Unprotected Atlantis Server at https://152.70.█.█
Atlantis is an application for automating Terraform via pull requests. @shuvam321 reported to us an exposed Atlantis test server in our infrastructure. No sensitive information had been disclosed & we restricted access to the Atlantis service entirely, which resolved the issue...
nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services
nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...
kernel: veth: Ensure eth header is in skb's linear part
In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...
Out-of-bounds
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata...