Lucene search
K

167 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:44 a.m.8 views

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS5.5AI score0.0046EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 11:29 a.m.7 views

CVE-2024-34084

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

7.5CVSS6.5AI score0.00593EPSS
Exploits0References1
OSV
OSV
added 2024/10/31 6:15 p.m.6 views

UBUNTU-CVE-2024-51482

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...

9.9CVSS5.9AI score0.36899EPSS
Exploits8References4
OSV
OSV
added 2024/06/28 3:28 p.m.32 views

GO-2024-2582 Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

7.5CVSS5.7AI score0.00553EPSS
Exploits1References3
OSV
OSV
added 2024/06/28 3:28 p.m.37 views

GO-2024-2934 Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder...

5.7CVSS5.5AI score0.0046EPSS
Exploits0References6
Veracode
Veracode
added 2024/06/19 5:22 a.m.12 views

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of input validation within the Clone method when handling Git URLs provided by Minder users. The vulnerability allows Minder users to clone large repositories without enforcing size limits, leadi...

5.7CVSS6.6AI score0.0046EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/06/18 5:15 p.m.55 views

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS0.0046EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/18 5:7 p.m.10 views

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS5.5AI score0.0046EPSS
Exploits0References4
OSV
OSV
added 2024/06/18 5:7 p.m.19 views

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS5.7AI score0.0046EPSS
Exploits0References6
CVE
CVE
added 2024/06/18 5:7 p.m.57 views

CVE-2024-37904

CVE-2024-37904 affects Minder’s Git provider, which can be DoS’d by cloning a large or malicious repository into memory via go-git/go-git/v5. The root cause is that user-controlled Git URLs are cloned without a repository size limit and the entire repo is loaded into memory, enabling memory exhau...

5.7CVSS5.5AI score0.0046EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/18 5:7 p.m.43 views

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS0.0046EPSS
Exploits0References4
OSV
OSV
added 2024/06/18 4:34 p.m.14 views

GHSA-HPCG-XJQ5-G666 Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

5.7CVSS5.3AI score0.0046EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.5 views

Minder Security Vulnerability

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in versions prior to Minder v0.0.52 that stems from a maliciously configured Git...

5.7CVSS6.5AI score0.0046EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.6 views

PT-2024-27013 · Ca Technologies · Siteminder Web Agent For Domino Web Server +1

Name of the Vulnerable Software and Affected Versions: SiteMinder Web Agent for IIS Web Server affected versions not specified SiteMinder Web Agent for Domino Web Server affected versions not specified Description: A CRLF cross-site scripting issue has been identified in certain configurations of...

8.4CVSS6.8AI score0.0042EPSS
Exploits0References5
OSV
OSV
added 2024/06/05 3:10 p.m.43 views

GO-2024-2885 Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder...

5.3CVSS5.1AI score0.0053EPSS
Exploits0References4
OSV
OSV
added 2024/06/04 3:19 p.m.23 views

GO-2024-2701 Minder GetRepositoryByName data leak in github.com/stacklok/minder

Minder GetRepositoryByName data leak in github.com/stacklok/minder...

4.3CVSS4.5AI score0.00765EPSS
Exploits0References5
Veracode
Veracode
added 2024/05/29 5:36 a.m.15 views

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to a Denial Of Service DoS. The vulnerability is due to the sigstore verifier reading an untrusted response entirely into memory without enforcing a limit on the response body. The vulnerability allows an attacker to crash the Minder server and deny other...

5.3CVSS6.7AI score0.0053EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/28 4:55 p.m.19 views

GHSA-8FMJ-33GW-G7PW Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...

5.3CVSS5.2AI score0.0053EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/28 4:55 p.m.25 views

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...

5.3CVSS6.7AI score0.0053EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/05/27 6:15 p.m.51 views

CVE-2024-35238

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

5.3CVSS5.3AI score0.0053EPSS
Exploits0References3
Rows per page
Query Builder