Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

wolfi
wolfi

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: vault-k8s, kube-bench, newrelic-nri-kube-events, crossplane-provider-aws, kube-fluentd-operator, smarter-device-manager, envoy-ratelimit, consul, prometheus-alertmanager, spicedb, trust-manager, cadvisor, datadog-agent, goreleaser, restic, kargo, skaffold, loki, tctl,....

7.5AI Score

2024-06-16 03:20 PM
156
wolfi
wolfi

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, prometheus-alertmanager, cadvisor, restic, temporal-server, metrics-server, postgres-operator, nuclei, mc, sigstore-scaffolding, slsa-verifier, gitsign, nsc, govulncheck, kubernetes-dashboard, kubeadm-controlplane-controller,...

6.8AI Score

0.0004EPSS

2024-06-16 03:20 PM
52
wolfi
wolfi

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: vault-k8s, kube-bench, newrelic-nri-kube-events, crossplane-provider-aws, kube-fluentd-operator, smarter-device-manager, envoy-ratelimit, consul, prometheus-alertmanager, spicedb, trust-manager, cadvisor, datadog-agent, goreleaser, restic, kargo, skaffold, loki, tctl,....

6.7AI Score

0.0004EPSS

2024-06-16 03:20 PM
27
wolfi
wolfi

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, prometheus-alertmanager, cadvisor, restic, metrics-server, postgres-operator, mc, sigstore-scaffolding, slsa-verifier, gitsign, nsc, govulncheck, kubernetes-dashboard, kubeadm-controlplane-controller, secrets-store-csi-driver-provider-aws,...

6.5AI Score

0.0004EPSS

2024-06-16 03:20 PM
10
wolfi
wolfi

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: node-feature-discovery, prometheus-alertmanager, cadvisor, restic, temporal-server, metrics-server, postgres-operator, nuclei, mc, sigstore-scaffolding, slsa-verifier, gitsign, nsc, govulncheck, kubernetes-dashboard, kubeadm-controlplane-controller,...

7.5AI Score

2024-06-16 03:20 PM
20
wolfi
wolfi

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: kaniko, crossplane-provider-aws, terraform-provider-google, flux, flux-notification-controller, zot, pulumi-kubernetes-operator, flux-kustomize-controller, sops, rclone, cosign, grafana, goreleaser, skaffold, vexctl, boring-registry, aactl, terragrunt, pulumi,...

7.5AI Score

2024-06-16 03:20 PM
41
wolfi
wolfi

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, prometheus-alertmanager, cadvisor, restic, metrics-server, postgres-operator, mc, sigstore-scaffolding, slsa-verifier, gitsign, nsc, govulncheck, kubernetes-dashboard, kubeadm-controlplane-controller, secrets-store-csi-driver-provider-aws,...

6.5AI Score

0.0004EPSS

2024-06-16 03:20 PM
8
wolfi
wolfi

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: node-feature-discovery, prometheus-alertmanager, cadvisor, restic, metrics-server, postgres-operator, mc, sigstore-scaffolding, slsa-verifier, gitsign, nsc, govulncheck, kubernetes-dashboard, kubeadm-controlplane-controller, secrets-store-csi-driver-provider-aws,...

7.5AI Score

2024-06-16 03:20 PM
2
wolfi
wolfi

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, prometheus-alertmanager, cadvisor, restic, metrics-server, postgres-operator, mc, sigstore-scaffolding, slsa-verifier, gitsign, nsc, govulncheck, kubernetes-dashboard, kubeadm-controlplane-controller, secrets-store-csi-driver-provider-aws,...

7.5AI Score

2024-06-16 03:20 PM
2
thn
thn

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...

7.3AI Score

2024-06-16 04:31 AM
4
osv
osv

Malicious code in employee-schedule (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (71b36d3a13dcd71ba835e490919b150ec8fbc7de88517906ec7aecaaf89dcbab) The OpenSSF Package Analysis project identified 'employee-schedule' @ 99.9.2 (npm) as malicious. It is considered malicious because: The package...

7.1AI Score

2024-06-15 12:29 PM
thn
thn

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...

7AI Score

2024-06-15 09:51 AM
11
thn
thn

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at.....

6.8AI Score

2024-06-15 07:49 AM
2
osv
osv

sendmail - security update

Bulletin has no...

5.3CVSS

6.7AI Score

0.002EPSS

2024-06-15 12:00 AM
1
osv
osv

ffmpeg - security update

Bulletin has no...

7.2AI Score

0.0004EPSS

2024-06-15 12:00 AM
1
nessus
nessus

Debian dla-3828 : atril - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3828 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3828-1 [email protected] ...

9.6CVSS

9.1AI Score

0.005EPSS

2024-06-15 12:00 AM
osv
osv

thunderbird - security update

Bulletin has no...

6.6AI Score

0.0004EPSS

2024-06-15 12:00 AM
osv
osv

Malicious code in uxcamreactexample (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (75476f3b67d0bc9c961d33e6be1f5a3728b33a076d896f36e401b8ff259ab9ee) The OpenSSF Package Analysis project identified 'uxcamreactexample' @ 5.1.1 (npm) as malicious. It is considered malicious because: The package...

7.1AI Score

2024-06-14 10:40 PM
osv
osv

Malicious code in @cart-ui/core-i18n (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (fdd9967e430f37bf03bff01606a1ec3934a81f2c39bd8c11dc38d1abc2a49869) The OpenSSF Package Analysis project identified '@cart-ui/core-i18n' @ 99.1.8 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-14 08:26 PM
osv
osv

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 08:15 PM
osv
osv

CVE-2024-37312

user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-14 03:15 PM
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

6.7AI Score

0.001EPSS

2024-06-14 02:00 PM
3
osv
osv

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
osv
osv

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...

4.9CVSS

7.1AI Score

0.0005EPSS

2024-06-14 02:00 PM
4
osv
osv

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...

5.4CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
osv
osv

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

4.9CVSS

7.2AI Score

0.0005EPSS

2024-06-14 02:00 PM
2
osv
osv

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...

8AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37697) Security Fix(es): ruby: Buffer overread...

6.9AI Score

EPSS

2024-06-14 02:00 PM
3
osv
osv

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...

5.3CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
osv
osv

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): ...

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
5
osv
osv

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-35449) Security Fix(es): ruby: Buffer overread...

6.9AI Score

EPSS

2024-06-14 02:00 PM
4
osv
osv

Moderate: gvisor-tap-vsock security and bug fix update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): ...

7.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
osv
osv

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....

6.3CVSS

6.6AI Score

0.0005EPSS

2024-06-14 02:00 PM
4
osv
osv

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....

6.3CVSS

7.2AI Score

0.0005EPSS

2024-06-14 02:00 PM
4
osv
osv

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

7.4AI Score

0.001EPSS

2024-06-14 02:00 PM
4
rocky
rocky

libappstream-glib bug fix update

An update is available for libappstream-glib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libappstream-glib package provides GObjects and helper methods....

7.3AI Score

2024-06-14 02:00 PM
osv
osv

Important: ipa security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user...

8.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 02:00 PM
2
osv
osv

Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): 389-ds-base: potential denial of service via specially crafted kerberos...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 02:00 PM
osv
osv

Moderate: python-idna security update

The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture (HSA) Linux kernel driver (amdkfd). Security Fix(es): python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()...

7AI Score

EPSS

2024-06-14 02:00 PM
3
osv
osv

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

7.9AI Score

0.0005EPSS

2024-06-14 02:00 PM
3
osv
osv

Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

5.3CVSS

5.7AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
osv
osv

Important: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...

7.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
osv
osv

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) For more details...

7.5AI Score

0.0004EPSS

2024-06-14 02:00 PM
2
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...

9.8CVSS

6.8AI Score

EPSS

2024-06-14 01:59 PM
5
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

6.9AI Score

0.001EPSS

2024-06-14 01:59 PM
3
osv
osv

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack...

5.8CVSS

6.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
4
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.6AI Score

0.001EPSS

2024-06-14 01:59 PM
2
osv
osv

Moderate: virt:rhel and virt-devel:rhel security and enhancement update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....

7CVSS

7.3AI Score

0.002EPSS

2024-06-14 01:59 PM
2
osv
osv

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers...

5.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,...

6.8CVSS

6.4AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
Total number of security vulnerabilities303830