Lucene search
K

942 matches found

Rockylinux
Rockylinux
added 2025/03/17 8:16 p.m.12 views

osbuild-composer security update

An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...

7.5CVSS8.3AI score0.01127EPSS
Exploits0
OSV
OSV
added 2025/03/17 8:16 p.m.11 views

RLSA-2024:9456 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

7.5CVSS7.9AI score0.01127EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/03/03 6:47 a.m.8 views

io.peekandpoke.funktor:all-jvm (>=0.86.0 <=0.107.2), io.peekandpoke.funktor:insights-jvm (>=0.86.0 <=0.107.2) +3 more potentially affected by CVE-2024-53382 via org.webjars.npm:prismjs (>=1.23.0 <=1.29.0)

org.webjars.npm:prismjs MAVEN version =1.23.0, =0.86.0, =0.86.0, =0.86.0, =15.4.3, =3.3.1, =3.6.0 Source cves: CVE-2024-53382 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9055449...

5.4CVSS6.7AI score0.00293EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/20 5:25 p.m.7 views

CVE-2024-49589

Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...

6.5CVSS6.8AI score0.00472EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/18 5:18 p.m.11 views

CVE-2024-49589 Foundry artifacts denial of service

Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...

6.5CVSS0.00472EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.5 views

PT-2025-6701 · Unknown · Foundry Artifacts

Name of the Vulnerable Software and Affected Versions: Foundry Artifacts affected versions not specified Description: The issue allows for a Denial Of Service attack due to the disk potentially being filled up based on a user-supplied argument, specifically the size argument. This could lead to a...

6.5CVSS6.8AI score0.00472EPSS
Exploits0References6
OSV
OSV
added 2025/02/14 4:38 p.m.7 views

CVE-2025-25204 `gh attestation verify` returns incorrect exit code during verification if no attestations are present

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

6.3CVSS6.4AI score0.00375EPSS
Exploits0References5
CVE
CVE
added 2025/02/14 4:38 p.m.296 views

CVE-2025-25204

The CVE-2025-25204 issue affects GitHub CLI (gh) where, in versions 2.49.0 through 2.66.x, a bug in the Artifact Attestation tool gh attestation verify causes a zero exit status when no attestations are present. This incorrect exit code can enable attackers to deploy malicious artifacts in enviro...

6.3CVSS7AI score0.00375EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/14 4:38 p.m.7 views

CVE-2025-25204 `gh attestation verify` returns incorrect exit code during verification if no attestations are present

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

6.3CVSS6.3AI score0.00375EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.5 views

GitHub CLI 安全漏洞

GitHub CLI is the GitHub CLI open source for GitHub on the command line. A security vulnerability exists in GitHub CLI versions prior to 2.49.0 through 2.67.0, which stems from the gh attestation verify tool returning an error in status, which could lead an attacker to deploy malicious artifacts...

6.3CVSS6.5AI score0.00375EPSS
Exploits0References3
NVD
NVD
added 2025/02/03 10:15 p.m.25 views

CVE-2025-24029

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users possibly anonymous ones if the widget is used in the dashboard of a public project might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition...

5.3CVSS0.00324EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.5 views

Enalean Tuleap 安全漏洞

Enalean Tuleap is a free and open source tool from the French company Enalean. It is used for end-to-end traceability of application and system development. A security vulnerability exists in Enalean Tuleap that stems from the fact that users would have access to their restricted artifacts...

5.3CVSS6.5AI score0.00324EPSS
Exploits0References5
OSV
OSV
added 2025/01/31 3:25 p.m.10 views

CVE-2025-23215 PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext

PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered...

9.3CVSS6.8AI score0.00315EPSS
Exploits0References5
OSV
OSV
added 2025/01/30 7:13 p.m.120 views

BIT-GITLAB-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...

4.3CVSS4.1AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2025/01/28 9:15 a.m.2 views

UBUNTU-CVE-2025-0290

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...

4.3CVSS5.7AI score0.00358EPSS
Exploits0References3
CVE
CVE
added 2025/01/28 8:45 a.m.437 views

CVE-2025-0290

CVE-2025-0290 affects GitLab CE/EE since 15.0 up to but not including 17.5.5, from 17.6 up to 17.6.3, and from 17.7 up to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive. The connected sources indicate fixed versions: upgrad...

4.3CVSS6.6AI score0.00358EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/28 8:45 a.m.43 views

CVE-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...

4.3CVSS0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/28 8:45 a.m.5 views

CVE-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...

4.3CVSS4.3AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2025/01/28 8:45 a.m.3 views

CVE-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...

4.3CVSS6.4AI score0.00358EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/28 12:0 a.m.13 views

GitLab 15.0 < 17.6.4 / 17.7 < 17.7.2 / 17.8 < 17.8.0 (CVE-2025-0290)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing o...

4.3CVSS5.5AI score0.00358EPSS
Exploits0References3
Rows per page
Query Builder