5 Benefits of Detection-as-Code

TL;DR: Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. Ho...

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. A security vulnerability in all 2021.3.x versions prior to Octopus Server version 2021.3.12725 and all 2022.1.x versions prior to 2022.1.2454 stems from not properly validating permissions in the API for projects that use Git version control. Th...

PT-2022-13917 · Octopus Deploy +1 · Octopus Server +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns improper verification of permissions in the API for projects using Git version control. This flaw allows users with only ProjectView...

GSD-2022-1002461 drm/amdkfd: Check for potential null return of kmalloc_array()

drm/amdkfd: Check for potential null return of kmallocarray This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...

GSD-2022-1002250 dax: make sure inodes are flushed before destroy cache

dax: make sure inodes are flushed before destroy cache This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.189 by commit...

GSD-2022-1002177 mm/mempolicy: fix mpol_new leak in shared_policy_replace

mm/mempolicy: fix mpolnew leak in sharedpolicyreplace This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.189 by commit...

GSD-2022-1001961 gpiolib: acpi: use correct format characters

gpiolib: acpi: use correct format characters This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.112 by commit...

GSD-2022-1001341 drm/panel: ili9341: fix optional regulator handling

drm/panel: ili9341: fix optional regulator handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...

GSD-2022-1001168 net: hns3: add vlan list lock to protect vlan list

net: hns3: add vlan list lock to protect vlan list This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

GSD-2022-1001011 qede: confirm skb is allocated before using

qede: confirm skb is allocated before using This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

Apache Subversion Resource Management Error Vulnerability

Apache Subversion is an open source version control system from the Apache Foundation. Apache Subversion is vulnerable to a resource management error that originates from a post-release reuse error in moddavsvn. A remote attacker could use this vulnerability to send a specially crafted HTTP reque...

Apache Subversion Information Disclosure Vulnerability

Apache Subversion is an open source version control system from the Apache Foundation. The system is compatible with the Concurrent Versioning System CVS, and an information disclosure vulnerability exists in Apache Subversion, which stems from a server exposing a "copyfrom" path that should be...

composer 参数注入漏洞

composer is a software application . It provides a declaration to manage and install dependencies for PHP projects. composer suffers from a parameter injection vulnerability that stems from a lack of input validation. An attacker can execute commands via VcsDriver::getFileContent...

Hcltm - Documenting Your Threat Models With HCL

Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...

GitLab issues security updates; watch out for hard coded passwords

GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. What is distributed version control? Distributed version control is a way for an...

CVE-2022-21235

The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection...

Command Injection Vulnerability with Mercurial in VCS

URLs and local file paths passed to the Mercurial hg APIs that are specially crafted can contain commands which are executed by Mercurial if it is installed on the host operating system. The vcs package uses the underly version control system, in this case hg, to implement the needed functionalit...

GHSA-6635-C626-VJ4R Command Injection Vulnerability with Mercurial in VCS

URLs and local file paths passed to the Mercurial hg APIs that are specially crafted can contain commands which are executed by Mercurial if it is installed on the host operating system. The vcs package uses the underly version control system, in this case hg, to implement the needed functionalit...

CVE-2022-24784 Discoverability of user password hash in Statamic CMS

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

GHSA-H2G5-2RHX-FFGJ Duplicate Advisory: Command injection in Weblate

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3872-f48p-pxqj. This link is maintained to preserve external references. Original Description Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate...