Lucene search
+L

129 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/15 1:13 a.m.6 views

Malicious code in loki-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75940c2d0ed836d2725549e9704eaefe1d989aa5349c7b27fdf2556be16e32a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/07/15 1:13 a.m.3 views

MAL-2025-5935 Malicious code in loki-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75940c2d0ed836d2725549e9704eaefe1d989aa5349c7b27fdf2556be16e32a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.63 views

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: docker-credential-acr-env, metallb, kube-bench, kubernetes-dashboard, golangci-lint, kaf, cfssl, nri-discovery-kubernetes, render-template, gomplate, grpcurl, protoc-gen-go-grpc, slsa-verifier, supercronic, dgraph, nuclei, nri-couchbase, hey, shfmt,...

5.3AI score
Exploits0
Securelist
Securelist
added 2024/09/09 7:0 a.m.15 views

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

7.3AI score
Exploits0
Wolfi
Wolfi
added 2024/06/11 5:16 p.m.115 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: pulumi, rclone, step, flux, grafana-agent-operator, timestamp-authority, datadog-agent, bank-vaults, tempo, airflow, hugo, trivy, fluent-bit-plugin-loki, cosign, argo-events, nuclei, opentelemetry-collector-contrib, restic, harbor-registry, zot, boring-registry, flyt...

5.5CVSS6.1AI score0.00788EPSS
Exploits0
Chainguard
Chainguard
added 2024/06/05 4:15 p.m.24 views

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: fulcio, k3d, newrelic-fluent-bit-output, kubernetes-dashboard-metrics-scraper-fips, helm, crane, cert-exporter, nfs-subdir-external-provisioner, osv-scanner, q, external-dns-fips, node-feature-discovery, kubebuilder, paranoia, aws-flb-firehose, kuberay-operator,...

5.5CVSS6.6AI score0.00446EPSS
Exploits0
Chainguard
Chainguard
added 2024/02/01 8:51 p.m.52 views

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: zot, k3d, flux-image-reflector-controller, trivy, up, falcoctl, helm, helm-operator-fips, crane, aactl, k8sgpt, vexctl, zarf, goreleaser, scorecard, argo-workflows-fips, cert-manager, guac, rancher-machine, kpt, policy-controller-fips, timoni,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2024/02/01 5:15 p.m.51 views

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: zot, k3d, flux-image-reflector-controller, trivy, up, falcoctl, helm, helm-operator-fips, crane, aactl, k8sgpt, vexctl, zarf, goreleaser, scorecard, argo-workflows-fips, cert-manager, guac, rancher-machine, kpt, policy-controller-fips, timoni,...

7.8CVSS6.8AI score0.00258EPSS
Exploits0
NVD
NVD
added 2023/12/12 1:15 a.m.13 views

CVE-2023-36649

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

9.1CVSS0.00879EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/12/12 1:15 a.m.10 views

CVE-2023-36649

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

9.1CVSS7.4AI score0.00879EPSS
Exploits1References2
OSV
OSV
added 2023/12/12 1:15 a.m.6 views

CVE-2023-36649

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

9.1CVSS5.8AI score0.00879EPSS
Exploits1References1
Prion
Prion
added 2023/12/12 1:15 a.m.17 views

Authentication flaw

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

6.4CVSS6.7AI score0.00879EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.20 views

CVE-2023-36649

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

9.1AI score0.00879EPSS
Exploits1References1
CVE
CVE
added 2023/12/12 12:0 a.m.43 views

CVE-2023-36649

ProLion CryptoSpike 3.0.15P2 is affected by an authentication/authorization issue arising from insertion of sensitive information into the centralized Grafana logging system, enabling remote attackers to impersonate other users in web management and REST API by reading JWT tokens from logs or the...

9.1CVSS8.8AI score0.00879EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.10 views

PT-2023-25652 · Grafana +1 · Loki +2

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Grafana authenticated user or from the Loki REST API withou...

9.1CVSS9AI score0.00879EPSS
Exploits1References4
Chainguard
Chainguard
added 2023/10/30 3:25 p.m.58 views

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: k3d, up, rancher-agent, aactl, scorecard, cert-manager, paranoia, kpt, bom, falco, kubescape, skaffold, k3s, spire-server-fips, tekton-chains, ctop, slsa-verifier, chartmuseum, falcoctl-fips...

5.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/09/15 9:15 p.m.3 views

CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

7.5CVSS5.8AI score0.00854EPSS
Exploits0References4
OSV
OSV
added 2023/09/15 9:15 p.m.5 views

CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

7.5CVSS5.5AI score0.00854EPSS
Exploits0References3
Prion
Prion
added 2023/09/15 9:15 p.m.21 views

Authentication flaw

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

5CVSS7.7AI score0.00854EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.6 views

PT-2023-16542 · Red Hat +1 · Openshift Console +1

Name of the Vulnerable Software and Affected Versions: OpenShift console affected versions not specified Description: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced,...

7.5CVSS7AI score0.00854EPSS
Exploits0References9
Rows per page
Query Builder