EulerOS 2.0 SP10 : docker-runc (EulerOS-SA-2024-2883)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification.runc 1.1.13 and earlier, as well as 1.2.0-rc2 and...

Wordfence Price Increases Coming December 5th, 2024

We haven't raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a month forewarning before we...

Malicious code in pupeteer-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ea59565248acb2e873bcb80f4dadc33d758a46e16fb70d3a5ae53d30f81cf54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10518 Malicious code in pupeteer-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ea59565248acb2e873bcb80f4dadc33d758a46e16fb70d3a5ae53d30f81cf54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

TestRail CLI FieldsParser eval Injection

This is not a very exciting vulnerability, but I had already publicly disclosed it on GitHub at the request of the vendor. Since that report has disappeared, the link I had provided to MITRE was invalid, so here it is again. -Devin --- Unsafe eval in TestRail CLI FieldsParser Date Reported:...

RHEL 8 : Red Hat OpenShift Serverless Client kn 1.12.0 (Moderate) (RHSA-2021:0145)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0145 advisory. Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.53 packages and security update

Red Hat OpenShift Container Platform release 4.13.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.20 packages and security update

Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Malicious code in gnache-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7eb71996ea970cd158615c28425049fe75cde7631e0e94d80887b9df113ab876 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10433 Malicious code in gnache-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7eb71996ea970cd158615c28425049fe75cde7631e0e94d80887b9df113ab876 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ganach-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73d3e3f61f335dc7d34337825d521731cfa9030c28efb0b1dc3c13cba719d89b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10432 Malicious code in ganach-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73d3e3f61f335dc7d34337825d521731cfa9030c28efb0b1dc3c13cba719d89b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-47460 Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's Access Point management protocol UDP port 8211. Successful exploitation of this vulnerability results in the ability ...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +93 more potentially affected by CVE-2024-51756 via cap-primitives (>=0.10.0 <=3.0.0)

cap-primitives CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.3.0, =0.1.0, =0.7.0, =1.0.11, =0.1.0, =0.1.1, =0.1.0, =0.3.0, =0.5.2, =0.1.1, =0.1.0, =0.1.0, =0.2.3 and more Source cves: CVE-2024-51756 Source advisory: OSV:GHSA-HXF5-99XG-86HW...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +89 more potentially affected by CVE-2024-51756 via cap-std (>=0.10.0 <=3.0.0)

cap-std CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.3.0, =0.1.0, =0.7.0, =1.0.11, =0.1.1, =0.1.0, =0.3.0, =0.5.2, =0.1.1, =0.1.0, =0.5.3-0, =0.4.0, =0.4.0, =0.6.0 and more Source cves: CVE-2024-51756 Source advisory: OSV:GHSA-HXF5-99XG-86HW...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +234 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=7.4.5) +224 more potentially affected by CVE-2024-51132 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.3.9)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =7.4.5 and more Source cves: CVE-2024-51132 Source advisory: OSV:GHSA-4CF2-CXP3-RJR7...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +93 more potentially affected by CVE-2024-51756 via cap-primitives (>=0.10.0 <=3.0.0)

cap-primitives CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.3.0, =0.1.0, =0.7.0, =1.0.11, =0.1.0, =0.1.1, =0.1.0, =0.3.0, =0.5.2, =0.1.1, =0.1.0, =0.1.0, =0.2.3 and more Source cves: CVE-2024-51756 Source advisory: OSV:RUSTSEC-2024-0445...

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS, which stems from an authenticated path traversal vulnerability that could allow an attacker to remotely...

AZL-52251 CVE-2024-51744 affecting package cf-cli for versions less than 8.4.0-24

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...