Lucene search
K

942 matches found

OSV
OSV
added 2024/11/25 3:26 p.m.3 views

GHSA-5XR6-XHWW-33M4 Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

8.7CVSS6.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/15 5:21 p.m.38 views

org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.core: XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS5.7AI score0.00918EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2024/11/08 6:49 p.m.6 views

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...

8.6CVSS7.2AI score0.00918EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2024-40052 · Unknown · Openrefine

Name of the Vulnerable Software and Affected Versions: OpenRefine version 3.8.2 Description: The issue concerns the exposure of Google API authentication keys, specifically the client id and client secret, within OpenRefine releases. These keys can be extracted from released artifacts, such as th...

7.3AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/14 3:53 p.m.17 views

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS5.7AI score0.00975EPSS
Exploits0References6
OSV
OSV
added 2024/09/30 2:31 p.m.9 views

RLSA-2024:7204 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

7.5CVSS8.2AI score0.01127EPSS
Exploits0References2
OSV
OSV
added 2024/09/30 2:30 p.m.16 views

RLSA-2024:7262 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

7.5CVSS8.9AI score0.01533EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/09/27 3:19 a.m.3 views

SUSE CVE-2024-47197

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...

4CVSS7.5AI score0.00782EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/19 4:46 p.m.6 views

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS5.7AI score0.00975EPSS
Exploits0References6
OSV
OSV
added 2024/09/17 6:8 p.m.3 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS8.2AI score0.00769EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.2 views

PT-2024-31547 · Unknown · Hl7 Fhir Core Artifacts

Name of the Vulnerable Software and Affected Versions: HL7 FHIR Core Artifacts repository versions prior to 6.3.23 Description: The issue concerns XML external entity injections in XSLT transforms performed by various components. A processed XML file with a malicious DTD tag could produce XML...

8.6CVSS7AI score0.00975EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.5 views

HL7 FHIR IG Publisher Artifacts 安全漏洞

HL7 FHIR IG Publisher Artifacts is an open source tool from Health Level Seven International for obtaining a set of inputs. A security vulnerability exists in HL7 FHIR IG Publisher Artifacts versions prior to 6.3.23, which stems from vulnerability to an XML external entity injection attack, where...

8.6CVSS8.5AI score0.00975EPSS
Exploits0References6
NVD
NVD
added 2024/08/26 11:15 p.m.17 views

CVE-2024-45036

Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the TOPHATAPPTOKEN token stored in /.tophatrc through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without...

4.3CVSS0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.3 views

PT-2024-31386 · Tophat · Tophat

Name of the Vulnerable Software and Affected Versions: Tophat versions prior to 1.10.0 Description: The issue is related to an Improper Access Control vulnerability that can expose the TOPHAT APP TOKEN token stored in /.tophatrc through the use of a malicious Tophat URL controlled by the attacker...

4.3CVSS6.8AI score0.00268EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/08/20 12:0 a.m.17 views

openSUSE Security Advisory (SUSE-SU-2024:1486-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.4AI score0.00851EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2024/08/15 6:47 a.m.12 views

GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud servic...

8.1AI score
Exploits0
Amazon
Amazon
added 2024/08/15 12:0 a.m.5 views

Important: dotnet8.0

Issue Overview: .NET Core and Visual Studio Denial of Service Vulnerability CVE-2024-30105 .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-35264 .NET and Visual Studio Denial of Service Vulnerability CVE-2024-38095 Affected Packages: dotnet8.0 Issue Correction: Run dnf update...

8.1CVSS7.3AI score0.02915EPSS
Exploits0
Metasploit
Metasploit
added 2024/08/14 6:52 p.m.246 views

Apache HugeGraph Gremlin RCE

This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server Module Options msf...

9.8CVSS8.2AI score0.9921EPSS
Exploits11
OSV
OSV
added 2024/08/02 9:12 p.m.22 views

GHSA-9W8W-34VR-65J2 Reposilite artifacts vulnerable to Stored Cross-site Scripting

Summary Reposilite v3.5.10 is affected by Stored Cross-Site Scripting XSS when displaying artifact's content in the browser. Details As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The...

7.7CVSS6.9AI score0.00783EPSS
Exploits0References6
OSV
OSV
added 2024/07/26 7:19 a.m.125 views

BIT-GITLAB-2024-7057 Improper Access Control in GitLab

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...

4.3CVSS4AI score0.00372EPSS
Exploits0References3
Rows per page
Query Builder