Woodpecker's custom environment variables allow to alter execution flow of plugins

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2018-1458 DESCRIPTION: IBM DB2 for Linux, UNIX and...

PT-2018-1446

Name of the Vulnerable Software and Affected Versions Intel processors versions prior to the fixed version Huawei VRP affected versions not specified vCenter Server affected versions not specified ESXi affected versions not specified Workstation affected versions not specified Fusion affected...

Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload Original release date: February 27, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Web servers running PHP Overview...