Lucene search
K

41 matches found

Github Security Blog
Github Security Blog
added 2025/07/08 11:20 p.m.8 views

Helm vulnerable to Code Injection through malicious chart.yaml content

A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Impact Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and thi...

8.6CVSS7.7AI score0.00363EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/07/08 9:39 p.m.182 views

CVE-2025-53547

Helm (Kubernetes package manager) before version 3.18.4 is affected by a code-execution vulnerability that arises when a specially crafted Chart.yaml content is carried over to Chart.lock during dependency updates, and the Chart.lock file is symlinked to a file that is executed (e.g., a bashrc or...

8.6CVSS7AI score0.00363EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/08 9:39 p.m.5 views

CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

8.5CVSS7.6AI score0.00363EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/06/18 7:21 p.m.9 views

CVE-2025-6087

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

9.1CVSS6.9AI score0.00832EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.12 views

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

5.9CVSS6.7AI score0.00297EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.8 views

Oracle Linux 9 : gnutls (ELSA-2025-7076)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7076 advisory. 3.8.3-6 - Bump nettle dependency to 3.10.1 RHEL-52740 3.8.3-5 - Backport the fix for CVE-2024-12243 RHEL-78580 Tenable has extracted the preceding description...

5.3CVSS6.7AI score0.01245EPSS
Exploits0References2
OSV
OSV
added 2025/04/04 1:30 p.m.9 views

SUSE-SU-2025:1142-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass bsc1234563. Other fixes: - Updated to version 20250327.01 bsc1239763, bsc1239866 Remove error messages from...

9.1CVSS9.6AI score0.03153EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2025/03/24 12:0 a.m.10 views

openSUSE Security Advisory (openSUSE-SU-2025:0094-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.5AI score0.03153EPSS
Exploits2References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/02/04 12:0 a.m.5 views

wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

6.9AI score
Exploits0References9Affected Software1
OSV
OSV
added 2025/01/23 7:1 p.m.7 views

OPENSUSE-SU-2025:0025-1 Security update for cheat

This update for cheat fixes the following issues: - Update to 4.4.2: Bump chroma to newest version Remove plan9 support due to build failure Upgrade to yaml.v3 - Update to 4.4.1: Update dependencies Make minor changes to appease revive linter...

9.1CVSS9.3AI score0.03153EPSS
Exploits2References3
OSV
OSV
added 2023/09/25 7:26 a.m.7 views

SUSE-SU-2023:3753-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - Expand lang sub-package in spec file unconditionally to handle previous name change from WebKit2GTK-lang to WebKitGTK-lang. This change affected the automatic generated Requires tag on WebKit2GTK-%apiver, then getting out of sync of what's...

9.8CVSS7.2AI score0.19483EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2022/10/16 12:0 a.m.5 views

PT-2022-26687

Name of the Vulnerable Software and Affected Versions py versions through 1.11.0 Description The py library allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...

8.7CVSS7.2AI score0.01546EPSS
Exploits1References47
OSV
OSV
added 2022/08/17 12:42 p.m.9 views

SUSE-SU-2022:2831-1 Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins

This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 bsc1196696, bsc1195916, jscSLE-23972 - Remove redundant python3 dependency from Requires - Update regular expression t...

7.5CVSS6.7AI score0.04607EPSS
Exploits0References4
OSV
OSV
added 2022/07/15 7:25 p.m.15 views

GHSA-6F85-3F8Q-QC94 OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor

Impact Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager Relates to - https://github.com/artf/grapesjs/issues/4411 Patch Update GrapeJS dependency to =v0.19.5...

6.9CVSS7.2AI score
Exploits0References3
Redos
Redos
added 2021/09/08 12:0 a.m.8 views

ROS-2-2125

2.2125 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

10CVSS8.8AI score0.05984EPSS
Exploits0
Kitploit
Kitploit
added 2021/07/09 9:30 p.m.54 views

Security Scorecards - Security Health Metrics For Open Source

Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...

7.4AI score
Exploits0References19
OSV
OSV
added 2021/04/14 2:51 p.m.9 views

OPENSUSE-SU-2021:0552-1 Security update for python-bleach

This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

7.5CVSS6.8AI score0.01301EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2019/12/12 12:0 a.m.32 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (21944144-1b90-11ea-a2d4-001b217b3468)

Gitlab reports : Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

9.8CVSS8.9AI score0.03691EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2019/12/10 12:0 a.m.53 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency...

9.8CVSS5AI score0.03691EPSS
Exploits1References1
Drupal
Drupal
added 2019/11/13 12:0 a.m.16 views

Feeds JSONPath Parser - Critical - Unsupported - SA-CONTRIB-2019-083

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported Update: Feeds Jsonpat...

6.9AI score
Exploits0References6
Rows per page
Query Builder