942 matches found
GHSA-5XR6-XHWW-33M4 Artifact poisoning vulnerability in action-download-artifact v5 and earlier
Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...
org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.core: XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-52007 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-52007 Source advisory: OSV:GHSA-GR3C-Q7XF-47VH...
PT-2024-40052 · Unknown · Openrefine
Name of the Vulnerable Software and Affected Versions: OpenRefine version 3.8.2 Description: The issue concerns the exposure of Google API authentication keys, specifically the client id and client secret, within OpenRefine releases. These keys can be extracted from released artifacts, such as th...
org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
RLSA-2024:7204 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
RLSA-2024:7262 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
SUSE CVE-2024-47197
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...
org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...
PT-2024-31547 · Unknown · Hl7 Fhir Core Artifacts
Name of the Vulnerable Software and Affected Versions: HL7 FHIR Core Artifacts repository versions prior to 6.3.23 Description: The issue concerns XML external entity injections in XSLT transforms performed by various components. A processed XML file with a malicious DTD tag could produce XML...
HL7 FHIR IG Publisher Artifacts 安全漏洞
HL7 FHIR IG Publisher Artifacts is an open source tool from Health Level Seven International for obtaining a set of inputs. A security vulnerability exists in HL7 FHIR IG Publisher Artifacts versions prior to 6.3.23, which stems from vulnerability to an XML external entity injection attack, where...
CVE-2024-45036
Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the TOPHATAPPTOKEN token stored in /.tophatrc through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without...
PT-2024-31386 · Tophat · Tophat
Name of the Vulnerable Software and Affected Versions: Tophat versions prior to 1.10.0 Description: The issue is related to an Improper Access Control vulnerability that can expose the TOPHAT APP TOKEN token stored in /.tophatrc through the use of a malicious Tophat URL controlled by the attacker...
openSUSE Security Advisory (SUSE-SU-2024:1486-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover
A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud servic...
Important: dotnet8.0
Issue Overview: .NET Core and Visual Studio Denial of Service Vulnerability CVE-2024-30105 .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-35264 .NET and Visual Studio Denial of Service Vulnerability CVE-2024-38095 Affected Packages: dotnet8.0 Issue Correction: Run dnf update...
Apache HugeGraph Gremlin RCE
This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server Module Options msf...
GHSA-9W8W-34VR-65J2 Reposilite artifacts vulnerable to Stored Cross-site Scripting
Summary Reposilite v3.5.10 is affected by Stored Cross-Site Scripting XSS when displaying artifact's content in the browser. Details As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The...
BIT-GITLAB-2024-7057 Improper Access Control in GitLab
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...