CVE-2024-25129 Limited data exfiltration in CodeQL CLI

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

PT-2024-20768 · Unknown · Codeql Cli

Name of the Vulnerable Software and Affected Versions: CodeQL CLI versions prior to 2.16.3 Description: The CodeQL CLI is vulnerable to an XML External Entity attack due to an XML parser used to read auxiliary files. This vulnerability can be exploited when processing maliciously modified CodeQL...

CVE-2024-20325

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations o...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.12.50 security and extras update

Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of...

@openwebrx-js/cli (>=0.1.0 <=0.1.7) potentially affected by CVE-2024-21522 via audify (=1.10.1)

audify NPM version =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on audify and may be impacted: - @openwebrx-js/cli =0.1.0, =0.1.7 Source cves: CVE-2024-21522 Source advisory: SNYK:JS-AUDIFY-6370700...

@persistr/cli (>=2.7.1 <=2.9.1), spidersharkcli (>=0.0.4 <=0.0.8) potentially affected by CVE-2024-21524 via node-stringbuilder (=2.2.7)

node-stringbuilder NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on node-stringbuilder and may be impacted: - @persistr/cli =2.7.1, =0.0.4, =0.0.8 Source cves: CVE-2024-21524 Source advisory: SNYK:JS-NODESTRINGBUILDER-6421617...

Critical: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.31.1 security update

Red Hat OpenShift Serverless 1.31.1 is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

@infosupport/kc-cli (>=2.1.1 <=2.3.8), @infosupport/kc-pdf (>=1.0.0 <=1.0.2) +3 more potentially affected by CVE-2024-1648 via electron-pdf (>=0.10.1 <=20.0.0)

electron-pdf NPM version =0.10.1, =2.1.1, =1.0.0, =0.0.0, =0.0.5 - resumaker =1.0.0 - rsme =0.3.0 Source cves: CVE-2024-1648 Source advisory: OSV:GHSA-3JCV-5F9P-2F2P...

Amazon Linux 2023 : runc (ALAS2023-2024-531)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-531 advisory. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty...

Debian dla-3735 : golang-github-opencontainers-runc-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3735 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3735-1 [email protected]...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 95 vulnerabilities disclosed in 65...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: k8sgpt, k9s, trivy, zarf, flux-source-controller, chartmuseum, kubescape, cilium-cli, up, kubevela, kots, helm-operator, zot, flux-helm-controller, helm-push, eksctl...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: cert-manager-fips, flux-source-controller, helm-operator, up, eksctl, kubevela, chartmuseum, helm-push, flux-helm-controller, k8sgpt, k9s, zarf, cert-manager, cilium-cli, trivy, kubescape, kots, zot...

CVE-2021-44716 affecting package cf-cli for versions less than 8.4.0-16

CVE-2021-44716 affecting package cf-cli for versions less than 8.4.0-16. A patched version of the package is available...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.13.33 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

CBL Mariner 2.0 Security Update: cri-tools / kubernetes (CVE-2024-21626)

The version of cri-tools / kubernetes installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21626 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI...

jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE

A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents expandAtFiles...

CISA and OpenSSF Release Framework for Package Repository Security

The U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it's partnering with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish a new framework to secure package repositories. Called the Principles for Package Repository...

Zyxel zysh - Format string Exploit

Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21,...

elf-rss (>=2.5.0 <=2.5.4), gocqapi (>=0.1.3 <=0.1.4) +59 more potentially affected by CVE-2024-21624 via nonebot2 (>=2.0.0a16 <=2.1.3)

nonebot2 PYPI version =2.0.0a16, =2.5.0, =0.1.3, =1.2.0a0, =0.1.0, =0.1.0, =0.1.0, =0.3.4, =0.5.2, =2.0.0, =2.1.0 and more Source cves: CVE-2024-21624 Source advisory: OSV:GHSA-59J8-776V-XXXG...