GHSA-6WVF-F2VW-3425 github.com/containers/image allows unexpected authenticated registry accesses

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

github.com/containers/image allows unexpected authenticated registry accesses

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

GO-2024-2831 ATX protocol validation problem in github.com/spacemeshos/go-spacemesh

Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous breaks this...

CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

CVE-2024-24157

Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting XSS via board.py...

GO-2024-2830 Arbitrary file write in github.com/1Panel-dev/1Panel

A maliciously crafted packet can write to an arbitrary file...

Improper Check For Unusual Or Exceptional Conditions

github.com/spacemeshos/go-spacemesh is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to the incorrect referencing of previous activation transactions ATXs. An attacker can manipulate the reward system by referencing an earlier ATX, thereby bypassing...

Chyrp 2.5.2 - Stored XSS Vulnerability

Chyrp 2.5.2 - Stored Cross-Site Scripting XSS Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/chyrp/ Software Link: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip Version: 2.5.2 Tested on: MacOS Steps to Reproduce - Login from the address:...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 PoC for educational purposes only. only use on...

Exploit for CVE-2024-27460

CVE-2024-27460 - Plantronics Desktop Hub LPE Arbitrary File D...

RHEL 8 : vim (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vim: buffer overflow CVE-2020-20703 - vim: heap-buffer-overflow in cmdlineerasechars of exgetln.c...

CVE-2024-34079 octo-sts allows unauthenticated attackers to cause unbounded CPU and memory usage

octo-sts is a GitHub App that acts like a Security Token Service STS for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0...

Information Disclosure

github.com/projectcalico/calico is vulnerable to Information Disclosure. The vulnerability is due to a compromised pod with sufficient privilege being able to reconfigure the node’s IPv6 interface, as the node accepts route advertisement by default, allowing the attacker to redirect full or parti...

GO-2024-2721 Cross site scripting in github.com/tiagorlampert/CHAOS

A malicious actor may be able to extract a JWT token via malicious "/command" request. This is a form of cross site scripting XSS...

GO-2024-2822 Arbitrary code execution in github.com/tiagorlampert/CHAOS

A remote attacker can execute arbitrary commands via crafted HTTP requests...

CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper corruption checks which causes the lookup function to get stuck in an infinite loop, which allows an attacker to cause Denial of Service DoS by submitting a malformed DNS message...

Remote Code Execution (RCE)

github.com/tiagorlampert/chaos is vulnerable to Remote Code Execution. The vulnerability is due to unsafe concatenation of the filename argument into the buildStr without any sanitization or filtering, which allows a remote attacker to execute arbitrary code...

CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...