Lucene search
K

954 matches found

Chainguard
Chainguard
added 2024/04/10 11:15 p.m.38 views

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: gitsign, tekton-chains, kubescape, tkn, slsa-verifier, falcoctl, falco, falcoctl-fips, neuvector-sigstore-interface, flux-source-controller, spire-server, apko, skaffold, policy-controller, aactl, ko, melange, wolfictl, tkn-fips, policy-controller-fips, vexctl,...

7.5CVSS6.4AI score0.00851EPSS
Exploits1
Wolfi
Wolfi
added 2024/04/10 11:15 p.m.50 views

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: apko, falcoctl, flux-source-controller, spire-server, wolfictl, zarf, falco, tekton-chains, goreleaser, vexctl, policy-controller, skaffold, aactl, melange, tkn, kubescape, zot, gitsign, neuvector-sigstore-interface, ko, slsa-verifier...

7.5CVSS6.4AI score0.00851EPSS
Exploits1
Wolfi
Wolfi
added 2024/04/10 11:15 p.m.39 views

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: apko, falcoctl, flux-source-controller, spire-server, wolfictl, zarf, falco, tekton-chains, goreleaser, vexctl, policy-controller, skaffold, aactl, melange, tkn, kubescape, zot, gitsign, neuvector-sigstore-interface, ko, slsa-verifier...

5.9CVSS6AI score0.00658EPSS
Exploits0
Chainguard
Chainguard
added 2024/04/10 11:15 p.m.30 views

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: gitsign, tekton-chains, kubescape, tkn, slsa-verifier, falcoctl, falco, falcoctl-fips, neuvector-sigstore-interface, flux-source-controller, spire-server, apko, skaffold, policy-controller, aactl, ko, melange, wolfictl, tkn-fips, policy-controller-fips, vexctl,...

5.9CVSS6AI score0.00658EPSS
Exploits0
Cvelist
Cvelist
added 2024/04/10 9:57 p.m.33 views

CVE-2024-31995 zcap has incomplete expiration checks in capability chains.

@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...

4.3CVSS4.8AI score0.00441EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/10 9:57 p.m.14 views

CVE-2024-31995 zcap has incomplete expiration checks in capability chains.

@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...

4.3CVSS6.7AI score0.00441EPSS
Exploits0References4
OSV
OSV
added 2024/04/10 5:16 p.m.12 views

GHSA-HP8H-7X69-4WMV zcap has incomplete expiration checks in capability chains.

Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...

4.3CVSS4.4AI score0.00441EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/04/10 5:16 p.m.20 views

zcap has incomplete expiration checks in capability chains.

Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...

4.3CVSS7AI score0.00441EPSS
Exploits0References6Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/04/10 4:24 p.m.40 views

Deserialization of Untrusted Data in timber/timber

Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...

8CVSS8.2AI score0.00454EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/04/09 4:8 p.m.11 views

SUSE-SU-2024:1179-1 Security update for gnutls

This update for gnutls fixes the following issues: Security issues fixed: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange bsc1208143. - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange bsc1217277. - CVE-2024-0567: Fixed an incorrect rejection of...

7.5CVSS7.1AI score0.01614EPSS
Exploits3References17
Veracode
Veracode
added 2024/03/17 5:31 p.m.17 views

Denial Of Service

go is vulnerable to Denial Of Service. The vulnerability is due to insufficient handling of certificate chains containing certificates with unknown public key algorithms...

5.9CVSS7AI score0.00667EPSS
Exploits0References8Affected Software1
Wolfi
Wolfi
added 2024/03/09 1:15 a.m.47 views

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: oauth2-proxy, sigstore-scaffolding, apko, falcoctl, rabbitmq-messaging-topology-operator, grpc-health-probe, cloudflared, rook, flux-source-controller, argo-workflows, cosign, spire-server, weaviate, fulcio, wolfictl, zarf, temporal-ui-server, kots, dex, falco, step,...

4.3CVSS6.5AI score0.01956EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:58 a.m.23 views

BIT-NEO4J-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

9.8CVSS9.8AI score0.13386EPSS
Exploits1References2
OSV
OSV
added 2024/03/06 10:54 a.m.38 views

BIT-GOLANG-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.8AI score0.01328EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2024/03/04 5:24 a.m.70 views

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware as a...

9.8CVSS8.1AI score0.99949EPSS
Exploits6
Schneier on Security
Schneier on Security
added 2024/03/01 12:8 p.m.17 views

NIST Cybersecurity Framework 2.0

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It al...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2024/02/25 8:16 a.m.31 views

CVE-2023-52469 drivers/amd/pm: fix a use-after-free in kv_parse_power_table

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kvparsepowertable When ps allocated by kzalloc equals to NULL, kvparsepowertable frees adev-pm.dpm.ps that allocated before. However, after the control flow goes through the following call...

7.8AI score0.00291EPSS
Exploits0References8
OSV
OSV
added 2024/02/23 11:7 a.m.3 views

OESA-2024-1184 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints...

7.5CVSS8.9AI score0.03658EPSS
Exploits0References2
OSV
OSV
added 2024/02/23 11:7 a.m.4 views

OESA-2024-1187 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints...

7.5CVSS8.9AI score0.03658EPSS
Exploits0References2
OSV
OSV
added 2024/02/23 11:7 a.m.3 views

OESA-2024-1185 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints...

7.5CVSS8.9AI score0.03658EPSS
Exploits0References2
Rows per page
Query Builder