CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

podman security and bug fix update

4.9.4-4.0.1 - Improved saving remote build context to tarfile in Podman daemon Orabug: 36495655 - Add devices on container startup, not on creation - Backport fast gzip for compression Orabug: 36420418 - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement...

CVE-2024-20404

creationtimestamp| type| source ---|---|--- 2024-06-07 13:52:10+00:00| published-proof-of-concept| https://t.me/HackingInsights/1894 2024-07-03 15:44:53+00:00| published-proof-of-concept| https://t.me/HackingInsights/4685 2024-10-07 18:09:24+00:00| published-proof-of-concept|...

GO-2024-2775 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax

IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax...

GO-2024-2581 User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs

User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs...

GO-2024-2864 Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder...

RHEL 9 : vim (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vim: buffer overflow CVE-2020-20703 - vim: Heap based buffer overflow in findfile.c CVE-2021-3973 - vim i...

Fedora 37 : vim (2023-0f6a9433cf)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0f6a9433cf advisory. Security fix for CVE-2023-0049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 40 : chisel (2023-b29031a7aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b29031a7aa advisory. Automatic update for chisel-1.9.0-1.fc40. Changelog Sun Aug 20 2023 Filipe Rosset - 1.9.0-1 - Update to 1.9.0 fixes rhbz2113146 rhbz2163065...

State Manipulation Attack

github.com/evmos/evmos is vulnerable to state manipulation attacks. The vulnerability is due to an inconsistency between the originStorage and dirtyStorage states during transaction execution, which allows for the potential minting of arbitrary tokens...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 I've moved my notes in Obsidian to a separate v...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 XZ-Utils Vulnerability Checker and Fixer Th...

Exploit for Improper Access Control in Adobe Coldfusion

Proof of Concept script for CVE-2024-20767 Overview get-...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1450)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DarkGPT - An OSINT Assistant Based On GPT-4-200K Designed To Perform Queries On Leaked Databases, Thus Providing An Artificial Intelligence Assistant That Can Be Useful In Your Traditional OSINT Processes

DarkGPT is an artificial intelligence assistant based on GPT-4-200K designed to perform queries on leaked databases. This guide will help you set up and run the project on your local environment. Prerequisites Before starting, make sure you have Python installed on your system. This project has...

GO-2024-2608 Minder access control bypass in github.com/stacklok/minder

A Minder user can use the endpoints to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. The DB query used checks by repo owner, repo name and provider name which is always "github". These query values are not distinct for the particular...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

Cyberspace Mapping Dork Fofa app="JETBRAINS-TeamCity...