Lucene search
K

21 matches found

Github Security Blog
Github Security Blog
added 2026/04/22 5:44 p.m.8 views

Inspektor Gadget: Command Injection via malicious buildOptions manipulation

Impacted Resources inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build Description The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.8CVSS6AI score0.01281EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31864

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...

6.8CVSS6.2AI score0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 7:22 p.m.31 views

CVE-2026-31864 JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...

6.8CVSS0.00347EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/04 6:39 p.m.7 views

Malicious code in yaml-manifest-utils-mynarratorai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c0e8992c68d7a201833d2405113695a4da985df9e5b9bdd46fcdc1f28a0828d The package yaml-manifest-utils-mynarratorai was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/01/31 12:24 a.m.7 views

SUSE CVE-2026-24905

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.8CVSS6.1AI score0.01281EPSS
Exploits1References3
NVD
NVD
added 2026/01/29 10:15 p.m.9 views

CVE-2026-24905

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.8CVSS0.01281EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/29 9:29 p.m.5 views

CVE-2026-24905 Inspektor Gadget has a Command Injection vulnerability in Makefile.build

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.5CVSS5.9AI score0.01281EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:29 p.m.6 views

CVE-2026-24905

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.8CVSS5.9AI score0.01281EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/29 9:29 p.m.7 views

CVE-2026-24905 Inspektor Gadget has a Command Injection vulnerability in Makefile.build

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.5CVSS6.2AI score0.01281EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/29 9:29 p.m.26 views

CVE-2026-24905 Inspektor Gadget has a Command Injection vulnerability in Makefile.build

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.5CVSS0.01281EPSS
Exploits1References3
CVE
CVE
added 2026/01/29 9:29 p.m.40 views

CVE-2026-24905

CVE-2026-24905 affects Inspektor Gadget. The vulnerability arises from unsafe embedding of user-controlled data in the Makefile.build template used during ig image build, allowing command injection via buildOptions extracted from the gadget manifest. Before version 0.48.1, an attacker who can inf...

7.8CVSS5.9AI score0.01281EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.9 views

PT-2026-5359

Name of the Vulnerable Software and Affected Versions Inspektor Gadget versions prior to 0.48.1 Description Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary includes a subcommand for image...

7.8CVSS6.1AI score0.01281EPSS
Exploits1References14
OSV
OSV
added 2025/11/26 3:52 p.m.2 views

SUSE-SU-2025:4264-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 bsc1232440 - CVE-2025-24294: Fixed denial...

8.7CVSS7AI score0.01429EPSS
Exploits0References18
OpenVAS
OpenVAS
added 2025/09/08 12:0 a.m.3 views

SUSE: Security Advisory (SUSE-SU-2025:02814-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.00494EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.4 views

SUSE SLES15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2025:02814-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02814-2 advisory. - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Tenable has extracted the preceding description block directl...

4.3CVSS6.5AI score0.00494EPSS
Exploits0References4
OSV
OSV
added 2025/09/04 9:16 a.m.6 views

SUSE-SU-2025:02814-2 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905...

4.3CVSS5.8AI score0.00494EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/08/20 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2025:02814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.5AI score0.00494EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/08/18 12:0 a.m.4 views

SUSE: Security Advisory (SUSE-SU-2025:02814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.5AI score0.00494EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/16 12:0 a.m.5 views

SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2025:02814-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02814-1 advisory. - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Tenable has extracted the...

4.3CVSS6.5AI score0.00494EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/08/15 12:53 p.m.5 views

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

4.3CVSS7.5AI score0.00494EPSS
Exploits0References4
Rows per page
Query Builder