CVE-2024-24786 affecting package cf-cli for versions less than 8.4.0-22

CVE-2024-24786 affecting package cf-cli for versions less than 8.4.0-22. A patched version of the package is available...

CVE-2024-24786 affecting package moby-cli for versions less than 24.0.9-6

CVE-2024-24786 affecting package moby-cli for versions less than 24.0.9-6. A patched version of the package is available...

age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or plugin.NewRecipient APIs. ...

CVE-2024-36623 affecting package docker-cli for versions less than 25.0.3-3

CVE-2024-36623 affecting package docker-cli for versions less than 25.0.3-3. A patched version of the package is available...

Malicious code in vue-cli-plugin-lint-staged (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb4c725718310cb969ec6171fad585bea2b58fc7d4460be6b706cb8529356d7a The OpenSSF Package Analysis project identified 'vue-cli-plugin-lint-staged' @ 9.9.7 npm as malicious. It is considered malicious because: - The...

MAL-2024-11893 Malicious code in vue-cli-plugin-lint-staged (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb4c725718310cb969ec6171fad585bea2b58fc7d4460be6b706cb8529356d7a The OpenSSF Package Analysis project identified 'vue-cli-plugin-lint-staged' @ 9.9.7 npm as malicious. It is considered malicious because: - The...

Directory Traversal

The github.com/cli/cli is vulnerable to a Directory Traversal. The vulnerability is due to improper handling of artifact names during download when using the gh run download command. Specifically, if a malicious GitHub Actions workflow artifact is named .., the files within the artifact are...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=7.6.1), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +275 more potentially affected by CVE-2024-55887 via org.fhir:ucum (>=1.0.1 <=1.0.8)

org.fhir:ucum MAVEN version =1.0.1, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-55887 Source advisory: OSV:GHSA-W9J7-PHM3-F97J...

CVE-2024-36623 affecting package moby-cli for versions less than 24.0.9-5

CVE-2024-36623 affecting package moby-cli for versions less than 24.0.9-5. A patched version of the package is available...

BIT-PYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

Remote Code Execution (RCE)

GitHub CLI is vulnerable to Remote Code Execution RCE. The vulnerability is due to unvalidated SSH connection details, allowing a malicious devcontainer to inject arguments that execute arbitrary commands when using gh codespace ssh or gh codespace logs...

SUSE CVE-2024-53858

The gh cli is GitHub's official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CVE-2024-54008

An authenticated Remote Code Execution RCE vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host...

Malicious code in vue-cli-plugin-changelog (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11486 Malicious code in vue-cli-plugin-changelog (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in appetize-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c31f44a5dab1f6af3da9463b68db6380a0a280ac35c3d3051f96c24f87c7821e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11235 Malicious code in appetize-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c31f44a5dab1f6af3da9463b68db6380a0a280ac35c3d3051f96c24f87c7821e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2024-54132

The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.70 security update

Red Hat OpenShift Container Platform release 4.12.70 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

CVE-2024-24786 affecting package cf-cli for versions less than 8.7.3-3

CVE-2024-24786 affecting package cf-cli for versions less than 8.7.3-3. A patched version of the package is available...