Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

wolfi
wolfi

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: calico, grype, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, aws-ebs-csi-driver, consul, nodetaint, cilium, k9s, pulumi-language-yaml, zot, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl,...

7.5AI Score

2024-06-26 03:08 AM
179
wolfi
wolfi

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

6.8AI Score

0.0004EPSS

2024-06-26 03:08 AM
58
wolfi
wolfi

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

5.5CVSS

6.1AI Score

0.0004EPSS

2024-06-26 03:08 AM
23
wolfi
wolfi

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: calico, grype, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, aws-ebs-csi-driver, consul, nodetaint, cilium, k9s, pulumi-language-yaml, zot, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl,...

6.7AI Score

0.0004EPSS

2024-06-26 03:08 AM
30
wolfi
wolfi

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

7.5AI Score

2024-06-26 03:08 AM
20
wolfi
wolfi

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-26 03:08 AM
49
wolfi
wolfi

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: cosign, aactl, flux-notification-controller, kubevela, tkn, melange, grafana, kaniko, vault, goreleaser, zarf, pulumi-language-yaml, zot, gitsign, boring-registry, slsa-verifier, policy-controller, pulumi-kubernetes-operator, terragrunt, kubescape, skaffold, pulumi,...

7.5AI Score

2024-06-26 03:08 AM
43
wolfi
wolfi

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

7.5AI Score

2024-06-26 03:08 AM
3
wolfi
wolfi

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

7.5AI Score

2024-06-26 03:08 AM
4
cve
cve

CVE-2024-5460

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...

8.1CVSS

8AI Score

EPSS

2024-06-26 12:15 AM
2
nvd
nvd

CVE-2024-5460

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...

8.1CVSS

EPSS

2024-06-26 12:15 AM
cvelist
cvelist

CVE-2024-5460 Brocade Fabric OS versions prior to v9.0 have default community strings

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...

8.1CVSS

EPSS

2024-06-25 11:58 PM
1
osv
osv

CGA-3jg9-fc27-v269

Bulletin has no...

7.2AI Score

2024-06-25 11:19 PM
3
osv
osv

pdoc embeds link to malicious CDN if math mode is enabled

Impact Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce documentation with math mode should update immediately. All other users are unaffected. Patches This issue has been fixed.....

7.1AI Score

2024-06-25 10:23 PM
2
osv
osv

Panic when parsing invalid palette-color images in golang.org/x/image

Parsing a corrupt or malicious image with invalid color indices can cause a...

5.5CVSS

6.3AI Score

EPSS

2024-06-25 10:06 PM
2
redhatcve
redhatcve

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...

7AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007....

6.9AI Score

EPSS

2024-06-25 08:25 PM
osv
osv

Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp

URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log...

7AI Score

2024-06-25 07:47 PM
osv
osv

Malicious code in internal-udfc-pkg (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650) The OpenSSF Package Analysis project identified 'internal-udfc-pkg' @ 5.5.5 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-25 06:36 PM
osv
osv

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination......

8.4CVSS

7.5AI Score

EPSS

2024-06-25 06:31 PM
osv
osv

Aimeos HTML client may potentially reveal sensitive information in error log

Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the...

8.8CVSS

6.5AI Score

EPSS

2024-06-25 05:26 PM
1
cve
cve

CVE-2024-6308

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

7.3CVSS

7.6AI Score

EPSS

2024-06-25 05:15 PM
3
nvd
nvd

CVE-2024-6308

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

7.3CVSS

EPSS

2024-06-25 05:15 PM
1
osv
osv

DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

5.6AI Score

EPSS

2024-06-25 05:07 PM
1
osv
osv

CGA-wxjg-ffgp-5j7p

Bulletin has no...

7.2AI Score

2024-06-25 05:05 PM
osv
osv

CGA-p9mr-h84j-x2p6

Bulletin has no...

7.2AI Score

2024-06-25 05:05 PM
osv
osv

CGA-jj93-25vx-2v32

Bulletin has no...

7.2AI Score

2024-06-25 05:05 PM
osv
osv

CGA-4cp8-v8x9-xf65

Bulletin has no...

7.2AI Score

2024-06-25 05:05 PM
osv
osv

CGA-mjfg-m349-5324

Bulletin has no...

7.2AI Score

2024-06-25 05:05 PM
cvelist
cvelist

CVE-2024-6308 itsourcecode Simple Online Hotel Reservation System index.php sql injection

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

7.3CVSS

EPSS

2024-06-25 05:00 PM
vulnrichment
vulnrichment

CVE-2024-6308 itsourcecode Simple Online Hotel Reservation System index.php sql injection

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

7.3CVSS

7.8AI Score

EPSS

2024-06-25 05:00 PM
osv
osv

CGA-vw6g-89v3-x8pv

Bulletin has no...

7.2AI Score

2024-06-25 04:04 PM
osv
osv

CGA-r8q6-qjpg-f3v5

Bulletin has no...

7.2AI Score

2024-06-25 04:04 PM
osv
osv

CGA-9mcq-hc99-m76g

Bulletin has no...

7.2AI Score

2024-06-25 04:04 PM
osv
osv

CGA-j5wf-gj8h-f3rf

Bulletin has no...

7.2AI Score

2024-06-25 04:04 PM
nvd
nvd

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

6.8AI Score

EPSS

2024-06-25 03:15 PM
3
nvd
nvd

CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007...

EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007...

6.7AI Score

EPSS

2024-06-25 03:15 PM
2
cvelist
cvelist

CVE-2024-39467 f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

EPSS

2024-06-25 02:25 PM
3
cvelist
cvelist

CVE-2024-38661 s390/ap: Fix crash in AP internal function modify_bitmap()

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007...

EPSS

2024-06-25 02:22 PM
1
osv
osv

CGA-wj46-pxqf-q6hp

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
osv
osv

CGA-rhq3-96hj-736x

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
osv
osv

CGA-vw8v-jp5f-5j9h

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
osv
osv

CGA-w5gj-whrm-qjww

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
osv
osv

CGA-v47p-72fh-m2pm

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
osv
osv

CGA-v32q-j5hh-xh3q

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
osv
osv

CGA-qm5w-6gg9-7g6f

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
osv
osv

CGA-pwcc-4xxf-c48h

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
osv
osv

CGA-m9fq-hq52-q783

Bulletin has no...

5.8AI Score

2024-06-25 02:09 PM
Total number of security vulnerabilities304784