41 matches found
Helm vulnerable to Code Injection through malicious chart.yaml content
A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Impact Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and thi...
CVE-2025-53547
Helm (Kubernetes package manager) before version 3.18.4 is affected by a code-execution vulnerability that arises when a specially crafted Chart.yaml content is carried over to Chart.lock during dependency updates, and the Chart.lock file is symlinked to a file that is executed (e.g., a bashrc or...
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-6087
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
Oracle Linux 9 : gnutls (ELSA-2025-7076)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7076 advisory. 3.8.3-6 - Bump nettle dependency to 3.10.1 RHEL-52740 3.8.3-5 - Backport the fix for CVE-2024-12243 RHEL-78580 Tenable has extracted the preceding description...
SUSE-SU-2025:1142-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass bsc1234563. Other fixes: - Updated to version 20250327.01 bsc1239763, bsc1239866 Remove error messages from...
openSUSE Security Advisory (openSUSE-SU-2025:0094-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
wasmvm: Malicious smart contract can crash the chain
CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...
OPENSUSE-SU-2025:0025-1 Security update for cheat
This update for cheat fixes the following issues: - Update to 4.4.2: Bump chroma to newest version Remove plan9 support due to build failure Upgrade to yaml.v3 - Update to 4.4.1: Update dependencies Make minor changes to appease revive linter...
SUSE-SU-2023:3753-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: - Expand lang sub-package in spec file unconditionally to handle previous name change from WebKit2GTK-lang to WebKitGTK-lang. This change affected the automatic generated Requires tag on WebKit2GTK-%apiver, then getting out of sync of what's...
PT-2022-26687
Name of the Vulnerable Software and Affected Versions py versions through 1.11.0 Description The py library allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...
SUSE-SU-2022:2831-1 Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 bsc1196696, bsc1195916, jscSLE-23972 - Remove redundant python3 dependency from Requires - Update regular expression t...
GHSA-6F85-3F8Q-QC94 OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor
Impact Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager Relates to - https://github.com/artf/grapesjs/issues/4411 Patch Update GrapeJS dependency to =v0.19.5...
ROS-2-2125
2.2125 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
Security Scorecards - Security Health Metrics For Open Source
Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...
OPENSUSE-SU-2021:0552-1 Security update for python-bleach
This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...
FreeBSD : Gitlab -- Multiple Vulnerabilities (21944144-1b90-11ea-a2d4-001b217b3468)
Gitlab reports : Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency...
Feeds JSONPath Parser - Critical - Unsupported - SA-CONTRIB-2019-083
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported Update: Feeds Jsonpat...