OMGF | Host Google Fonts Locally Security Vulnerabilities

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: k3s, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, argo-cd, thanos-operator, gcsfuse, boring-registry, cilium, nuclei, dgraph, tekton-chains, kaf, pulumi, spire-server, doppler-kubernetes-operator, zot, prometheus-adapter, cri-tools, gitness,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, argo-cd, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, kube-rbac-proxy, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, fluent-operator, rook, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: k3s, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, argo-cd, thanos-operator, gcsfuse, boring-registry, cilium, nuclei, dgraph, tekton-chains, kaf, pulumi, spire-server, doppler-kubernetes-operator, zot, prometheus-adapter, cri-tools, gitness,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, argo-cd, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, kube-rbac-proxy, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, fluent-operator, rook, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: flux-kustomize-controller, cosign, kubescape, argo-cd, gitsign, kaniko, keda, sops, crossplane, boring-registry, flux-notification-controller, flux-image-automation-controller, melange, tekton-chains, scorecard, actions-runner-controller, pulumi-kubernetes-operator,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, fluent-operator, rook, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, fluent-operator, rook, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

Exploit for Improper Preservation of Permissions in Mobyproject Moby

CVE-2021-41091 This exploit offers an in-depth look at the...

Fedora 39 : mingw-python-urllib3 (2024-73f181db2a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-73f181db2a advisory. Update to 1.26.19, fixes CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

glibc - security update

Bulletin has no...

Fedora 40 : mingw-python-urllib3 (2024-da86a4f061)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-da86a4f061 advisory. Update to 1.26.19, fixes CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 40 : mingw-poppler (2024-94068499c9)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-94068499c9 advisory. Backport fix for CVE-2024-6239. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Malicious code in iobeya-time-utils (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5cc94a15fd9feb4f7fd5146415061bfe386fd2d185f1e0d80fc3ecd40ce7adb2) The OpenSSF Package Analysis project identified 'iobeya-time-utils' @ 3.0.0 (npm) as malicious. It is considered malicious because: The package...

Exploit for Improper Authentication in Google Android

Bluepop CVE-2023-45866 Installation and Usage 🛠️...

Malicious code in kiln-desktop (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ef3b624dee4eb3ef776b321ad28eddf3bc2d6cde2852fdcb47b0ef795047c6bf) The OpenSSF Package Analysis project identified 'kiln-desktop' @ 2.2.0 (npm) as malicious. It is considered malicious because: The package...

Malicious code in bageth (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e0fb8d217f32446aeb4dbf744d45c5aadd152f0917a228ead1ad0183ac18b995) The OpenSSF Package Analysis project identified 'bageth' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package communicates...

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...

CVE-2024-2386

The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-2386

The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-2386 WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection

The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

[SECURITY] Fedora 39 Update: freeipa-4.12.1-1.fc39

IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and...

Heap-buffer-overflow in ultrahdr::getYuv420Pixel

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69287 Crash type: Heap-buffer-overflow READ 1 Crash state: ultrahdr::getYuv420Pixel std::__1::__function::__func&lt;ultrahdr::JpegR::applyGainMap...

Fedora 39 : freeipa (2024-1d1b485611)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1d1b485611 advisory. Fix CVE-2024-2698 and CVE-2024-3183 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Debian dla-3849 : emacs - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3849 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3849-1 [email protected] ...

Fedora 39 : kitty (2024-c7b79bc227)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c7b79bc227 advisory. rebuild for rhbz#2292712 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

GLSA-202406-06 : GStreamer, GStreamer Plugins: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202406-06 (GStreamer, GStreamer Plugins: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Tenable has...

org-mode - security update

Bulletin has no...

emacs - security update

Bulletin has no...

FreeBSD : frr - Multiple vulnerabilities (07f0ea8c-356a-11ef-ac6d-a0423f48a938)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 07f0ea8c-356a-11ef-ac6d-a0423f48a938 advisory. [email protected] reports: In FRRouting (FRR) through 9.1, there are multiples vulnerabilities. ...

FreeBSD : electron29 -- multiple vulnerabilities (0e73964d-053a-481a-bf1c-202948d68484)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0e73964d-053a-481a-bf1c-202948d68484 advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...

Debian dla-3848 : elpa-org - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3848 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3848-1 [email protected] ...

SUSE SLES15 Security Update : frr (SUSE-SU-2024:2245-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2245-1 advisory. - CVE-2023-38406: Fixed nlri length of zero mishandling, aka 'flowspec overflow'. (bsc#1216900) - CVE-2023-47235: Fixed a crash on.....

Exploit for CVE-2024-34102

🚨 CVE-2024-34102 Exploit Script 🚨 Description This...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc

Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Psf Requests (CVE-2024-35195)

Summary A vulnerability in Psf Requests used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35195 DESCRIPTION: **Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

CVE-2022-38383

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

CVE-2022-38383

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

CVE-2022-38383 IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

CVE-2022-38383 IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

Code Execution on Git update in github.com/hashicorp/go-getter

A crafted request can execute Git update on an existing maliciously modified Git Configuration. This can potentially lead to arbitrary code execution. When performing a Git operation, the library will try to clone the given repository to a specified destination. Cloning initializes a git config in....

Exploit for Use After Free in Arm Avalon Gpu Kernel Driver

Exploit for CVE-2022-46395 The write up can be found...

Malicious code in @yu-life/yulife-bdd-framework (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8dfe091de922cc251578223955b74b56ade98fa67b719bcaa584d3403602f992) The OpenSSF Package Analysis project identified '@yu-life/yulife-bdd-framework' @ 0.0.72 (npm) as malicious. It is considered malicious because: ...

Malicious code in @yu-life/react-native-yu-watch (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (461986fa4cbfe6bda33bdb99901a4c0f05e00934b4a3c5b529f1236dba9d4b1b) The OpenSSF Package Analysis project identified '@yu-life/react-native-yu-watch' @ 1.0.1 (npm) as malicious. It is considered malicious because: ...

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data

The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found...

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found...

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Privilege Escalation in HashiCorp Consul in...