Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
build environment vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-11480
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive ...
Canonical C-kernel
445
VMScore
CVE-2012-5424
Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote malicious users to bypass authentication by sending a valid ...
Cisco Secure Access Control Server 5.1
Cisco Secure Access Control Server 5.2
Cisco Secure Access Control Server 5.0
Cisco Secure Access Control Server 5.3
356
VMScore
CVE-2018-1000057
Jenkins Credentials Binding Plugin 1.14 and previous versions masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but s...
Jenkins Credentials Binding
NA
CVE-2024-2700
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment va...
NA
CVE-2022-46155
Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRT...
Airtable Airtable
409
VMScore
CVE-2022-29256
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the...
Sharp Project Sharp
NA
CVE-2023-28677
Jenkins Convert To Pipeline Plugin 1.0 and previous versions uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle proj...
Jenkins Convert To Pipeline
356
VMScore
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and previous versions displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
Jenkins Project Inheritance
445
VMScore
CVE-2020-11059
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
Aegir Project Aegir
585
VMScore
CVE-2012-0551
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and previous versions and 6 update 32 and previous versions, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote ma...
Oracle Glassfish Server 3.1.1
Sun Jdk 1.6.0
Sun Jre 1.6.0
Oracle Jre 1.6.0
Oracle Jdk
Oracle Jdk 1.6.0
Oracle Jre
Oracle Jre 1.7.0
Oracle Jdk 1.7.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »