Lucene search
K

942 matches found

OSV
OSV
added 2024/06/19 5:37 p.m.10 views

CVE-2024-36117 Path traversal while serving Reposilite javadoc expanded files

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...

8.6CVSS9.2AI score0.03145EPSS
Exploits1References5
Veracode
Veracode
added 2024/06/19 5:58 a.m.25 views

Path Traversal

ai.djl,api is vulnerable to Path Traversal. The vulnerability is due to absolute path archived artifacts, allowing attackers to insert archived files directly into the system and overwrite system files...

10CVSS6.7AI score0.00655EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.2 views

Reposilite Security Vulnerabilities

Reposilite is a lightweight and easy-to-use repository manager for Maven-based artifacts in the JVM ecosystem by the individual developer dzikoysk. A security vulnerability exists in Reposilite versions prior to 3.5.12 that stems from being affected by arbitrary file reads via path traversal...

8.6CVSS6.8AI score0.03145EPSS
Exploits1References2
OSV
OSV
added 2024/06/18 11:5 a.m.12 views

SUSE-SU-2024:1486-2 Security update for cosign

This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments bsc1222835 - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts bsc1222837 Other fixes: - Updated to 2.2...

7.5CVSS5.8AI score0.00851EPSS
Exploits1References5
NVD
NVD
added 2024/06/17 8:15 p.m.27 views

CVE-2024-37902

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

10CVSS0.00655EPSS
Exploits0References2
CVE
CVE
added 2024/06/17 7:25 p.m.325 views

CVE-2024-37902

Summary: CVE-2024-37902 affects the Java DeepJavaLibrary (DJL) up to version 0.27.0. The root cause is an absolute-path handling flaw in archived artifacts that can insert files directly into the system and overwrite system files. The issue is fixed in DJL v0.28.0 and also patched in the DJL Larg...

10CVSS9.2AI score0.00655EPSS
Exploits0References2
OSV
OSV
added 2024/06/14 1:59 p.m.19 views

RLSA-2024:2961 Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

6.1CVSS6.1AI score0.00188EPSS
Exploits0References2
Veeam
Veeam
added 2024/06/13 12:0 a.m.16 views

DR Restore - Internal error occurred: Could not retrieve artifacts for prefix

Challenge A Veeam Kasten for Kubernetes DR Restore fails with the following error: Internal error occurred: "message":"Could not retrieve artifacts for prefix...

6.9AI score
Exploits0
Veeam
Veeam
added 2024/06/13 12:0 a.m.14 views

No action was taken because the import artifacts already existed

Challenge Veeam Kasten for Kubernetes has smart logic built-in to perform intelligent actions. Assuming an Import job on the target cluster was successfully completed, unless there's a new restorepoint from the source cluster, the job won't run. This can happen if: there are no new restorepoints ...

7AI score
Exploits0
OSV
OSV
added 2024/06/05 3:10 p.m.9 views

GO-2024-2719 Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign

Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign...

7.5CVSS5.6AI score0.00851EPSS
Exploits1References6
OSV
OSV
added 2024/05/29 7:18 a.m.313 views

BIT-GITLAB-2024-5318 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

5.3CVSS4.3AI score0.00366EPSS
Exploits1References3
NVD
NVD
added 2024/05/24 1:15 p.m.20 views

CVE-2024-5318

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

5.3CVSS3.9AI score0.00366EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2024/05/24 1:15 p.m.21 views

CVE-2024-5318

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

5.3CVSS5.7AI score0.00366EPSS
Exploits1References3
OSV
OSV
added 2024/05/24 1:15 p.m.2 views

UBUNTU-CVE-2024-5318

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

5.3CVSS5.7AI score0.00366EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/24 12:44 p.m.15 views

CVE-2024-5318 Improper Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

4CVSS6.4AI score0.00366EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/24 12:44 p.m.33 views

CVE-2024-5318 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

4CVSS3.9AI score0.00366EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.4 views

PT-2024-35626 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.11 through 16.10.6 GitLab CE/EE versions 16.11 through 16.11.3 GitLab CE/EE versions 17.0 through 17.0.1 Description: An issue has been discovered in GitLab CE/EE where a Guest user can view dependency lists of privat...

5.3CVSS6.6AI score0.00366EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2024/05/22 9:29 a.m.26 views

Moderate: Red Hat Security Advisory: Image builder components bug fix, enhancement and security update

An update for osbuild and osbuild-composer is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.1CVSS6.4AI score0.00188EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/05/22 12:0 a.m.20 views

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

6.1CVSS6.6AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2024/05/22 12:0 a.m.16 views

ALSA-2024:2961 Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

6.1CVSS6.1AI score0.00188EPSS
Exploits0References4
Rows per page
Query Builder