Lucene search
+L

56 matches found

packetstormnews
packetstormnews
added 2025/11/27 12:0 a.m.10 views

Exploring the SECURITY.Md in the Dependency Chain: Preliminary Analysis of the PyPI Ecosystem

Security policies, such as SECURITY.md files, are now common in open-source projects. They help guide responsible vulnerability reporting and build trust among users and contributors. Despite their growing use, it is still unclear how these policies influence the structure and evolution of softwa...

6.8AI score
Exploits0
osv
osv
added 2025/10/27 3:32 p.m.12 views

SUSE-RU-2025:20961-1 Recommended update for afterburn

This update for afterburn fixes the following issues: - Update to version 5.9.0.git21.a73f509: docs/release-notes: update for release 5.10.0 cargo: update dependencies microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat docs/release-notes: Add entry for Azure SharedConfig XML...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References3
osv
osv
added 2025/10/24 1:28 p.m.6 views

SUSE-SU-2025:3784-1 Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.9.0.git21.a73f509. Security issues fixed: - CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource...

8.8CVSS6.8AI score0.1446EPSS
Exploits2References11
opensuse
opensuse
added 2025/10/06 12:0 a.m.12 views

Security update for afterburn (important)

openSUSE Security Update: Security update for afterburn Announcement ID: openSUSE-SU-2025:0386-1 Rating: important References: 1244675 1250471 Cross-References: CVE-2025-5791 CVSS scores: CVE-2025-5791 SUSE: 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products:...

8.4CVSS7.1AI score0.00166EPSS
Exploits0References2
redos
redos
added 2025/08/22 12:0 a.m.5 views

ROS-20250822-15

Package manager vulnerability for Helm is related to local code execution when updating dependencies. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

8.6CVSS8.4AI score0.00363EPSS
Exploits1
mscve
mscve
added 2025/07/16 7:0 a.m.4 views

Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

...

8.6CVSS7AI score0.00363EPSS
Exploits1
susecve
susecve
added 2025/07/09 11:22 p.m.3 views

SUSE CVE-2025-53547

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

8.5CVSS7.3AI score0.00363EPSS
Exploits1References6
veracode
veracode
added 2025/07/09 3:52 a.m.6 views

Local Code Execution (LCE)

helm.sh/helm/v3 is vulnerable to Local Code Execution LCE. The vulnerability is due to insufficient validation and sanitization of the Chart.yaml and Chart.lock files during dependency updates, allowing a maliciously crafted file to trigger local code execution...

8.6CVSS6.3AI score0.00363EPSS
Exploits1References5Affected Software2
snyk
snyk
added 2025/07/08 9:39 p.m.1 views

Arbitrary Code Injection

Overview helm.sh/helm/v3/pkg/downloader is a Package downloader provides a library for downloading charts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the writeLock function. An attacker can execute arbitrary code by supplying crafted chart templates containin...

8.6CVSS8AI score0.00363EPSS
Exploits1References2
osv
osv
added 2025/04/22 1:49 p.m.5 views

SUSE-SU-2025:20278-1 Security update for helm

This update for helm fixes the following issues: - Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates - Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: chec...

9.1CVSS6.7AI score0.03153EPSS
Exploits4References11
osv
osv
added 2025/04/04 1:31 p.m.5 views

SUSE-SU-2025:1143-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass bsc1234563. Other fixes: - Updated to version 20250327.01 bsc1239763, bsc1239866 Remove error messages from...

9.1CVSS9.6AI score0.03153EPSS
Exploits2References5
osv
osv
added 2025/03/24 5:1 p.m.15 views

OPENSUSE-SU-2025:0103-1 Security update for cadvisor

This update for cadvisor fixes the following issues: - update to 0.52.1: Make resctrl optional/pluggable - update to 0.52.0: bump containerd related deps: api v1.8.0; errdefs v1.0.0; ttrpc v1.2.6 chore: Update Prometheus libraries bump runc to v1.2.4 Add Pressure Stall Information Metrics Switch ...

7.5CVSS7.2AI score0.02607EPSS
Exploits0References5
osv
osv
added 2025/02/03 8:48 a.m.3 views

SUSE-SU-2025:20019-1 Security update for skopeo

This update for skopeo fixes the following issues: - Update to version 1.14.4: CVE-2024-3727: digest type does not guarantee valid type bsc1224123 Packit: update packit targets Bump gopkg.in/go-jose to v2.6.3 Bump ocicrypt and go-jose CVE-2024-28180 Freeze the fedora-minimal image reference at...

8.3CVSS6.7AI score0.01956EPSS
Exploits0References5
nessus
nessus
added 2025/01/08 12:0 a.m.29 views

openSUSE 15 Security Update : etcd (openSUSE-SU-2025:0003-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0003-1 advisory. Update to version 3.5.12: Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 test: fix TestHashKVWhenCompacting: ensure all goroutine...

9.8CVSS7.4AI score0.93305EPSS
Exploits4References15
suse
suse
added 2024/11/18 1:26 p.m.4 views

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

7.5CVSS7.8AI score0.02303EPSS
Exploits3References62
suse
suse
added 2024/10/10 4:37 a.m.5 views

Security update for libreoffice

This update for libreofficefixes the following issues: libreoffice was updated to version 24.8.1.2 jscPED-10362: Release notes: https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and...

8.1CVSS6AI score0.00428EPSS
Exploits0References12
osv
osv
added 2024/08/02 10:51 a.m.17 views

OPENSUSE-SU-2024:0231-1 Security update for python-notebook

This update for python-notebook fixes the following issues: - Update to 5.7.11 sanitizer fix CVE-2021-32798 boo1227583 - Update to 5.7.10 no upstream changelog - Update to 5.7.9 Update JQuery dependency to version 3.4.1 to fix security vulnerability CVE-2019-11358 Update from preact to React...

10CVSS6.9AI score0.87218EPSS
Exploits5References4
openvas
openvas
added 2024/07/24 12:0 a.m.24 views

openSUSE Security Advisory (SUSE-SU-2024:2542-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.9AI score0.01411EPSS
Exploits0References6
oraclelinux
oraclelinux
added 2024/05/23 12:0 a.m.47 views

pcs security update

0.10.18-2.0.1 - Replace HAM-logo.png with a generic one 0.10.18-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 0.10.18-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7741 0.10.17-6 - Rebased to th...

7.5CVSS6.9AI score0.35376EPSS
Exploits2
osv
osv
added 2024/05/06 7:40 a.m.3 views

SUSE-SU-2024:1497-1 Security update for skopeo

This update for skopeo fixes the following issues: - Update to version 1.14.2: release-1.14 Bump Skopeo to v1.14.2 release-1.14 Bump c/image to v5.29.2, c/common to v0.57.3 fixes bsc1219563 - Update to version 1.14.1: Bump to v1.14.1 fixdeps: update module github.com/containers/common to v0.57.2...

6.9AI score
Exploits0References3
Rows per page
Query Builder