OMGF | Host Google Fonts Locally Security Vulnerabilities

CGA-3jg9-fc27-v269

Bulletin has no...

pdoc embeds link to malicious CDN if math mode is enabled

Impact Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce documentation with math mode should update immediately. All other users are unaffected. Patches This issue has been fixed.....

Panic when parsing invalid palette-color images in golang.org/x/image

Parsing a corrupt or malicious image with invalid color indices can cause a...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...

Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp

URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log...

Malicious code in internal-udfc-pkg (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650) The OpenSSF Package Analysis project identified 'internal-udfc-pkg' @ 5.5.5 (npm) as malicious. It is considered malicious because: The package...

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination......

Aimeos HTML client may potentially reveal sensitive information in error log

Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the...

DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

CGA-wxjg-ffgp-5j7p

Bulletin has no...

CGA-p9mr-h84j-x2p6

Bulletin has no...

CGA-jj93-25vx-2v32

Bulletin has no...

CGA-4cp8-v8x9-xf65

Bulletin has no...

CGA-mjfg-m349-5324

Bulletin has no...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to cross-site scripting due to WebSphere Application Server Liberty

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27270). Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site...

CGA-vw6g-89v3-x8pv

Bulletin has no...

CGA-r8q6-qjpg-f3v5

Bulletin has no...

CGA-9mcq-hc99-m76g

Bulletin has no...

CGA-j5wf-gj8h-f3rf

Bulletin has no...

Security Bulletin: IBM Sterling B2B Integrator Standard Edition does not correctly restrict frame objects

Summary IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Vulnerability Details ** CVEID:...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: grpcurl, argo-workflows, cri-tools, metallb, timoni, cilium, aws-load-balancer-controller, calico, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, nuclei,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: grpcurl, argo-workflows, cri-tools, metallb, timoni, cilium, aws-load-balancer-controller, calico, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, nuclei,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, node-feature-discovery, chartmuseum, kargo, temporal,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: keda, zot, flux, crossplane-provider-aws, scorecard, pulumi-language-yaml, gitness, crossplane, actions-runner-controller, goreleaser, vexctl, falco, rclone, melange, kubescape, grafana, slsa-verifier, kaniko, pulumi-kubernetes-operator, vault, kubevela, aactl,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, node-feature-discovery, chartmuseum, kargo, temporal,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

CVE-2024-39467 f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

CGA-wj46-pxqf-q6hp

Bulletin has no...

CGA-rhq3-96hj-736x

Bulletin has no...

CGA-vw8v-jp5f-5j9h

Bulletin has no...

CGA-w5gj-whrm-qjww

Bulletin has no...

CGA-v47p-72fh-m2pm

Bulletin has no...

CGA-v32q-j5hh-xh3q

Bulletin has no...

CGA-qm5w-6gg9-7g6f

Bulletin has no...

CGA-pwcc-4xxf-c48h

Bulletin has no...

CGA-m9fq-hq52-q783

Bulletin has no...

CGA-rxr7-qjj9-xf8j

Bulletin has no...

CGA-jr43-5p8x-5hw3

Bulletin has no...

CGA-hh84-2wfx-r9gj

Bulletin has no...