81 matches found
dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +5 more potentially affected by CVE-2022-24737 via httpie (>=1.0.3 <=2.6.0)
httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2022-24737 Source advisory: OSV:GHSA-9W4W-CPC8-H2FQ...
dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +5 more potentially affected by CVE-2022-24737 via httpie (>=1.0.3 <=2.6.0)
httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2022-24737 Source advisory: OSV:PYSEC-2022-34...
Apache Log4j Remote Code Execution
Impact Opencast uses an Apache Log4j2 version which, combined with older JDK versions, can be used for remote code execution attacks which have been found to be actively exploited. Apache Log4j2 =2.14.1 JNDI features is not sufficiently protected. An attacker who can control log messages or log...
โHacker Gamesโ launched to challenge and improve cybersecurity skills
By Habiba Rashid Launched by Veracode; Hacker Games will last for 2 weeks March 15-26, 2021. This is a post from HackRead.com Read the original post: โHacker Gamesโ launched to challenge and improve cybersecurity skills...
70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs
A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library. According to Veracodeโs annual State of Software Security report, these open-source libraries โ free, centralized code repositories that provide ready-made applicati...
Homemade TEMPEST Receiver
Tom's Guide writes about home brew TEMPEST receivers: Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own -- and their neighbors' -- electronic devices are doing. Elliott, a researcher at Boston-based...
CloudBees Jenkins veracode-scanner Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . veracode-scanner Plugin is used in one...
Nextcloud: Veracode and security audit record are publicly available
Leakage of sensitive data through open endpoint Risk management and Compliance Document written by NCC Here is what the document says: ๐๐ณ๐ฐ๐ฑ๐ณ๐ช๐ฆ๐ต๐ข๐ณ๐บ ๐๐ฏ๐ง๐ฐ๐ณ๐ฎ๐ข๐ต๐ช๐ฐ๐ฏ ๐๐ฉ๐ช๐ด ๐ฅ๐ฐ๐ค๐ถ๐ฎ๐ฆ๐ฏ๐ต ๐ค๐ฐ๐ฏ๐ต๐ข๐ช๐ฏ๐ด ๐ฅ๐ฆ๐ต๐ข๐ช๐ญ๐ฆ๐ฅ ๐ค๐ฐ๐ฎ๐ฎ๐ฆ๐ณ๐ค๐ช๐ข๐ญ, ๐ง๐ช๐ฏ๐ข๐ฏ๐ค๐ช๐ข๐ญ ๐ข๐ฏ๐ฅ ๐ญ๐ฆ๐จ๐ข๐ญ ๐ช๐ฏ๐ง๐ฐ๐ณ๐ฎ๐ข๐ต๐ช๐ฐ๐ฏ, ๐ธ๐ฉ๐ช๐ค๐ฉ ๐ช๐ด ๐ค๐ฐ๐ฏ๐ง๐ช๐ฅ๐ฆ๐ฏ๐ต๐ช๐ข๐ญ ๐ข๐ฏ๐ฅ ๐ค๐ฐ๐ฎ๐ฎ๐ฆ๐ณ๐ค๐ช๐ข๐ญ๐ญ๐บ ๐ด๐ฆ๐ฏ๐ด๐ช๐ต๐ช๐ท๐ฆ. ๐๐ฉ๐ฆ ๐ณ๐ฆ๐ญ๐ฆ๐ข๐ด๐ฆ...
Microsoft Outlook for Android Open to XSS Attacks
Microsoft has patched a vulnerability in Microsoft Outlook for Android, which opens the door to cross-site scripting XSS attacks. The software giant said that CVE-2019-1105, rated โimportant,โ is a spoofing vulnerability that exists in the way Microsoft Outlook for Android software parses...
CVE-2019-1003070
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003070
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003070
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003070
The CVE-2019-1003070 case affects the Jenkins veracode-scanner Plugin, where credentials are stored unencrypted in the pluginโs global configuration file on the Jenkins master. The root cause is unencrypted credential storage in VeracodeNotifier.xml, making sensitive data viewable by anyone with ...
PT-2019-11360 ยท Jenkins ยท Veracode Scan Jenkins Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins veracode-scanner Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins veracode-scanner Plugin, specifically in t...
info.veracode.com XSS vulnerability
Open Bug Bounty ID: OBB-695988 Description| Value ---|--- Affected Website:| info.veracode.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Philex CMS 0.2 Directory Traversal Vulnerability
Exploit for php platform in category web applications Title: ======= Philex CMS - Directory Traversal Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users...
Philex CMS 0.2 Directory Traversal
Title: ======= Philex CMS - Directory Traversal Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment. CMS features va...
Microsoft Patches Word Zero-Day Spreading Dridex Malware
Microsoft on Tuesday released a patch for a zero-day vulnerability that was discovered late last week and used to spread the Dridex banking Trojan. Attacks were spreading via a massive spam campaign where emails contain Microsoft Word documents with malicious attachments that exploited a...
Heartbleed Persists on 200,000 Servers, Devices
Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are disproportionately vulnerable to the flaw. โThereโs a lot to be...