EUVD-2016-4165

Malware in sbrugna...

EUVD-2022-2518

Malicious code in bioql PyPI...

Pulp 安全漏洞

Pulp is an open source project from Pulp Open Source that enables developers to easily fetch, upload and distribute software packages locally or in the cloud. A security vulnerability exists in Pulp that stems from a problem with the way role-based access control objects are assigned permissions ...

Information Disclosure

Pulp is vulnerable to information disclosure. An attacker with API access can view sensitive credentials when triggering a task via distributor/importer...

Pulp Arbitrary File Overwrite Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. An arbitrary file overwrite vulnerability exists in Pulp version 2.16.x. The vulnerability stems from the program failing to properly resolve paths a...

CVE-2018-10917

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories...

Pulp Information Disclosure Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. A security vulnerability exists in Pulp, which stems from the program passing sensitive information to the 'overrideconfig' object when a task is...

CVE-2018-1090

In Pulp before version 2.16.2, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...

CVE-2018-1090

In Pulp (before version 2.16.2), secrets are passed into override_config when triggering a task, making them readable to any user with read access on the distributor/importer. This leads to information disclosure via the API: an attacker with API access can view sensitive credentials. The issue i...

PT-2017-8413 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue arises from the unsafe use of bash's $RANDOM variable to generate passwords. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...

Pulp has an unspecified vulnerability

Pulp is a free and open source repository platform for managing content. A security vulnerability exists in Pulp that allows a local attacker to bypass security restrictions and perform unauthorized operations...

Pulp Insecure Creation of CA Keys Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. A security vulnerability exists in Pulp versions prior to 2.3.0, which stems from the creation of CA certificates and keys in the /tmp/$RANDOM...

Pulp Certificate Validation Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. A security vulnerability exists in versions of Pulp prior to 2.3.0 that stems from the program distributing the same CA key to all users. An attacker...