CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

CVE-2024-32030 Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

CVE-2024-32030 Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

CVE-2024-35221 Denial of service when publishing a package on rubygems.org

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

CVE-2024-35221

CVE-2024-35221 targets Rubygems.org’s gem publishing workflow. A Gem publisher could trigger a Remote DoS by publishing a Gem whose metadata is parsed with Gem::Specification.from_yaml, which uses SafeYAML.load and permits YAML aliases, enabling YAML-bomb style DoS. The issue is documented as pat...

CVE-2024-26979

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-26979

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-26979

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-26979

CVE-2024-26979 is rejected/not used; not an active vulnerability entry.

CVE-2024-26979

...

CVE-2024-26979

Removed by vendor...

CVE-2024-30252 GitHub Security Lab (GHSL) Vulnerability Report, livemarks: `GHSL-2024-015`

Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is ...

Stable Channel Update for Desktop

The Stable channel has been updated to 122.0.6261.128/.129 for Windows and Mac and 122.0.6261.128 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 122.0.6261.129 for Windows and M...

GHSA-W4HV-VMV9-HGCR GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`

GitHub Security Lab GHSL Vulnerability Report, scrypted: GHSL-2023-218, GHSL-2023-219 The GitHub Security Lab team has identified potential security vulnerabilities in scrypted. We are committed to working with you to help resolve these issues. In this report you will find everything you need to...

GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`

GitHub Security Lab GHSL Vulnerability Report, scrypted: GHSL-2023-218, GHSL-2023-219 The GitHub Security Lab team has identified potential security vulnerabilities in scrypted. We are committed to working with you to help resolve these issues. In this report you will find everything you need to...

GHSA-MCPH-M25J-8J63 tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)

Summary The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The changed-files action returns a list of files changed in a commit or pull request which provides an escapejson...

GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182

Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2023-46604 Lab This lab guides on exploiting vulnerabiliti...

CVE-2023-41899

Home assistant is an open source home automation. In affected versions the hassio.addonstdin is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service e.g.: through GHSA-h2jp-7grc-9xpp may be able to invoke any Supervisor REST API endpoints with a PO...

CVE-2023-44385

The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this...