GHSA-JWV5-8MQV-G387 Cross-site scripting on application summary component

Summary Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. Impact All unpatched versions of Argo CD starting with v1.0.0 are...

Cross-site scripting on application summary component

Summary Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. Impact All unpatched versions of Argo CD starting with v1.0.0 are...

GHSA-W5WX-6G2R-R78Q Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

SUSE-SU-2024:0884-1 Security update for spectre-meltdown-checker

This update for spectre-meltdown-checker fixes the following issues: - updated to 0.46 This release mainly focuses on the detection of the new Zenbleed CVE-2023-20593 vulnerability, among few other changes that were in line waiting for a release: - feat: detect the vulnerability and mitigation of...

CVE-2024-26182

creationtimestamp| type| source ---|---|--- 2024-03-12 20:21:51+00:00| seen| https://t.me/ctinow/206088 2024-04-11 18:07:51+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/10314 2024-04-18 16:45:00+00:00| seen|...

CVE-2023-42789

creationtimestamp| type| source ---|---|--- 2024-03-12 16:26:35+00:00| seen| https://t.me/ctinow/205802 2024-03-12 16:32:03+00:00| seen| https://t.me/ctinow/205818 2024-03-12 16:47:55+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6793 2024-03-13 03:16:52+00:00| seen|...

Unbreakable Enterprise kernel security update

5.15.0-204.147.6.2 - smb3: Replace smb2pdu 1-element arrays with flex-arrays Kees Cook Orabug: 36353543 - hvnetvsc: Register VF in netvscprobe if NETDEVICEREGISTER missed Shradha Gupta Orabug: 36358874 - hvnetvsc: Fix race condition between netvscprobe and netvscremove Souradeep Chakrabarti -...

Fedora: Security Advisory for snip (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rundoc-0.11-25.fc40

An Ant task designed to help with the single-sourcing of program documentatio n...

[SECURITY] Fedora 40 Update: qdox-2.1.0-3.fc40

QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools...

[SECURITY] Fedora 40 Update: modello-2.1.2-6.fc40

Modello is a Data Model toolkit in use by the Apache Maven Project. Modello is a framework for code generation from a simple model. Modello generates code from a simple model format based on a plugin architecture, various types of code and descriptors can be generated from the single model,...

[SECURITY] Fedora 40 Update: args4j-2.33-26.fc40

args4j is a small Java class library that makes it easy to parse command line options/arguments in your CUI application. - It makes the command line parsing very easy by using annotations - You can generate the usage screen very easily - You can generate HTML/XML that lists all options for your...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-24762]

Summary FastAPI is used by IBM App Connect Enterprise Certified Container for internal HTTP communications. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to addres...

Debian dla-3753 : yard - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3753 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3753-1 [email protected]...

[SECURITY] [DLA 3753-1] yard security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3753-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 06, 2024 https://wiki.debian.org/LTS -...

SUSE-SU-2024:0786-1 Security update for giflib

This update for giflib fixes the following issues: Update to version 5.2.2 Fixes for CVE-2023-48161 bsc1217390, CVE-2022-28506 bsc1198880 138 Documentation for obsolete utilities still installed 139: Typo in 'LZW image data' page '1102 = 410' 140: Typo in 'LZW image data' page 'LWZ' 141: Typo in...

BIT-GITLAB-2023-3920 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

BIT-GITEA-2020-14144

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...

BIT-HARBOR-2022-46463

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."...

BIT-INFLUXDB-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...