Lucene search
+L

492 matches found

Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.43 views

Cisco Expressway Series / Cisco TelePresence VCS 14.x < 14.3.0 Privilege Escalation (cisco-sa-expressway-priv-esc-Ls2B9t7b)

The Cisco Expressway Series or Cisco TelePresence Video Communication Server VCS running on the remote host is 14.x prior to 14.3.0. It is, therefore, affected by a privilege escalation vulnerability as described in the cisco-sa-expressway-priv-esc-Ls2B9t7b advisory. Due to an incorrect...

9.6CVSS8AI score0.00656EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/06/15 2:14 p.m.44 views

CVE-2022-21235

A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands on the system...

9.8CVSS9.2AI score0.01818EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/06/08 5:18 a.m.76 views

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 CVSS score: 9.8 that cou...

8.7AI score0.98281EPSS
Exploits12
OSV
OSV
added 2023/03/07 8:9 p.m.46 views

GHSA-GC89-7GCR-JXQC Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS7AI score0.01026EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/03/07 8:9 p.m.32 views

Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS6.1AI score0.01026EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2023/03/06 7:15 p.m.25 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.8AI score0.01026EPSS
Exploits1References5
Prion
Prion
added 2023/03/06 7:15 p.m.19 views

Race condition

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

4.3CVSS6.5AI score0.01026EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/06 7:15 p.m.27 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.7AI score0.01026EPSS
Exploits1References5
CVE
CVE
added 2023/03/06 6:5 p.m.221 views

CVE-2023-26054

BuildKit's CVE-2023-26054 vulnerability occurs when a build request includes a Git URL containing credentials and BuildKit creates a provenance attestation; the credentials could be exposed to anyone with access to the attestation. This affects builds using provenance attestations and VCS hints i...

6.5CVSS6.6AI score0.01026EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinux
added 2023/03/06 6:5 p.m.56 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS7.4AI score0.01026EPSS
Exploits1
Cvelist
Cvelist
added 2023/03/06 6:5 p.m.45 views

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS7.5AI score0.01026EPSS
Exploits1References5
OSV
OSV
added 2023/03/06 6:5 p.m.24 views

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.3AI score0.01026EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.4 views

SUSE CVE-2019-19252

vcswrite in drivers/tty/vt/vcscreen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a...

5.5CVSS7.1AI score0.00422EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.2 views

SUSE CVE-2021-29472

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...

8.8CVSS9.2AI score0.04849EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.3 views

PT-2023-35112 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.93 Description: The issue is related to the vcs read function, where the load of the struct vc data pointer is moved to avoid a use-after-free UAF condition. The actual impact and attack plausibility have...

7.2AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2023/01/31 11:5 a.m.10 views

vcs-pc.nl Cross Site Scripting vulnerability OBB-3172987

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
ALT Linux
ALT Linux
added 2022/12/23 12:0 a.m.61 views

Security fix for the ALT Linux 10 package libetpan version 1.9.4-alt3

1.9.4-alt3 built Dec. 23, 2022 Mikhail Efremov in task 312089 Dec. 20, 2022 Mikhail Efremov - Fixed libssl knob. - Fixed License tag. - Added Vcs tag. - Patch from upstream: + Fixed crash when stinfolist is NULL fixes: CVE-2022-4121...

5.6AI score0.00542EPSS
Exploits1
OSV
OSV
added 2022/10/14 7:15 a.m.5 views

CVE-2022-2780

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack...

8.1CVSS5.8AI score0.0051EPSS
Exploits0References1
NVD
NVD
added 2022/10/14 7:15 a.m.26 views

CVE-2022-2780

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack...

8.1CVSS0.0051EPSS
Exploits0References1
Prion
Prion
added 2022/10/14 7:15 a.m.17 views

Cross site request forgery (csrf)

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack...

5.1CVSS8AI score0.0051EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder