Lucene search
K

192 matches found

openvas
openvas
added 2023/11/05 12:0 a.m.10 views

Fedora: Security Advisory for nats-server (FEDORA-2023-6b89bc0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
openvas
openvas
added 2023/11/05 12:0 a.m.6 views

Fedora: Security Advisory for golang-github-cncf-xds (FEDORA-2023-6b89bc0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
fedora
fedora
added 2023/11/03 6:51 p.m.17 views

[SECURITY] Fedora 39 Update: golang-github-cncf-xds-0-0.10.20230912gite9ce688.fc39

XDS API Working Group...

7.3AI score
Exploits0
openvas
openvas
added 2023/10/25 12:0 a.m.9 views

Fedora: Security Advisory for nats-server (FEDORA-2023-c33188f575)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
nvd
nvd
added 2023/10/19 9:15 p.m.45 views

CVE-2023-45823

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

7.5CVSS7.6AI score0.00631EPSS
Exploits0References2
nvd
nvd
added 2023/10/19 9:15 p.m.34 views

CVE-2023-45822

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

5.3CVSS4.7AI score0.00519EPSS
Exploits0References4
prion
prion
added 2023/10/19 9:15 p.m.20 views

Authorization

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

5CVSS5.4AI score0.00519EPSS
Exploits0References4Affected Software1
osv
osv
added 2023/10/19 8:53 p.m.33 views

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

7.5CVSS7.5AI score0.00631EPSS
Exploits0References4
cvelist
cvelist
added 2023/10/19 8:53 p.m.47 views

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

7.5CVSS7.8AI score0.00631EPSS
Exploits0References2
cve
cve
added 2023/10/19 8:53 p.m.93 views

CVE-2023-45823

CVE-2023-45823 affects Artifact Hub. A bug allowed reading arbitrary files when processing git-based repositories loaded into Artifact Hub, due to insufficient validation of symbolic links in certain repositories. The root cause is lack of validation of symbolic links during repository cloning/pr...

7.5CVSS7.5AI score0.00631EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/10/19 8:53 p.m.17 views

CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

3.7CVSS5.4AI score0.00519EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2023/10/19 8:53 p.m.14 views

CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

3.7CVSS7AI score0.00519EPSS
Exploits0References4
cve
cve
added 2023/10/19 8:53 p.m.54 views

CVE-2023-45822

Artifact Hub (the web-based NFT/CI group hub) is affected by CVE-2023-45822 due to a default unsafe rego built-in being allowed in authorization policies, enabling policies to perform HTTP requests and potentially expose internal resources. The root cause is that rego policies could issue network...

5.3CVSS4.8AI score0.00519EPSS
Exploits0References4Affected Software1
cve
cve
added 2023/10/19 8:53 p.m.66 views

CVE-2023-45821

Artifact Hub (artifacthub.io) has a vulnerability in the registryIsDockerHub check where the code only inspects the registry domain ending with docker.io, enabling credential hijacking by using a fake OCI registry on a domain that ends with docker.io. The issue affects how Docker credentials used...

6.3CVSS6AI score0.00206EPSS
Exploits0References2Affected Software1
openvas
openvas
added 2023/10/05 12:0 a.m.8 views

Fedora: Security Advisory for golang-github-cncf-xds (FEDORA-2023-f122ea1b3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
nessus
nessus
added 2023/10/04 12:0 a.m.12 views

Fedora 38 : golang-github-cncf-xds / golang-github-envoyproxy-control-plane / etc (2023-f122ea1b3e)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f122ea1b3e advisory. Contains updates to address CVE-2022-28357,41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

5.6AI score
Exploits0References1
nessus
nessus
added 2023/09/07 12:0 a.m.33 views

Oracle Linux 7 : kubernetes / kubeadm-upgrade / kubeadm-ha-setup (ELSA-2019-4593)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4593 advisory. - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains -- CVE-2019-9946 -- CVE-2019-1002101 -- CVE-2019-1002100...

7.8CVSS6.9AI score0.70372EPSS
Exploits3References3
ossf
ossf
added 2023/08/24 5:0 a.m.5 views

Malicious code in cncf-interactive-landscape (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d2b9d2c5124b5a628ea48abf890a34baae186cb6a3844fc2617ad57b21be8d9 The OpenSSF Package Analysis project identified 'cncf-interactive-landscape' @ 1.0.6 npm as malicious. It is considered malicious because: - The...

6.9AI score
Exploits0
osv
osv
added 2023/08/24 5:0 a.m.24 views

MAL-2023-1561 Malicious code in cncf-interactive-landscape (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d2b9d2c5124b5a628ea48abf890a34baae186cb6a3844fc2617ad57b21be8d9 The OpenSSF Package Analysis project identified 'cncf-interactive-landscape' @ 1.0.6 npm as malicious. It is considered malicious because: - The...

7.1AI score
Exploits0
osv
osv
added 2023/07/28 3:33 p.m.16 views

GHSA-PJ4X-2XR5-W87M Possible image tampering from missing image validation for Packages

Impact Crossplanes image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. Patches The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0, all the supported versions of Crossplane at the time of...

8.3CVSS9AI score0.00719EPSS
Exploits1References4
Rows per page
Query Builder