5335 matches found
CVE-2024-23651
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...
CVE-2024-23653
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
CVE-2024-23650
CVE-2024-23650 affects BuildKit-related tooling across multiple ecosystems. According to connected documents, affected packages include moby-engine (<24.0.9-14), moby-compose (<2.17.3-5), docker-compose (<2.27.0-1), and docker-buildx (
CVE-2024-23650
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...
PT-2024-6308 · Xen +2 · Xen +2
Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to the incorrect placement of a preprocessor directive in the source code, which results in logic that doesn't operate as intended when support for HVM guests is compiled o...
MachineSense FeverWarn Access Control Error Vulnerability
MachineSense FeverWarn is a temperature detection device from MachineSense. MachineSense FeverWarn suffers from an access control error vulnerability. An attacker could exploit the vulnerability to view source code, secret credentials, and more...
PT-2024-1434 · Unknown · Machinesense +3
Name of the Vulnerable Software and Affected Versions: MachineSense affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The cloud provider...
CVE-2023-50944
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...
PYSEC-2024-14
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...
CVE-2023-50944
CVE-2023-50944 affects Apache Airflow prior to 2.8.1. An authenticated user can access the source code of a DAG to which they do not have access, resulting in information disclosure. The vulnerability is described as low severity (CVSS 3.1 base score 6.5) due to the need for authentication. No ex...
PT-2024-1305 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.1 Description: The issue is related to a lack of authorization in Apache Airflow, allowing an authenticated user to access the source code of a DAG they do not have access to. This issue is considered low...
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware...
WordPress plugin ark-commenteditor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest...
New decryptor for Babuk Tortilla ransomware variant released
Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at Avast for inclusion in the Avast Babuk decrypto...
CVE-2023-51246
A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...
Cross site scripting
A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...
CVE-2023-51246
A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...
CVE-2023-51246
A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...
PT-2024-14078 · Unknown · Getsimple Cms
Name of the Vulnerable Software and Affected Versions: GetSimple CMS version 3.3.16 Description: A Cross Site Scripting XSS issue exists when using Source Code Mode as a backend user to add articles via the "/admin/edit.php" page. Recommendations: For GetSimple CMS version 3.3.16, consider...