176 matches found
CVE-2024-26147 Helm's Missing YAML Content Leads To Panic
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
CVE-2024-26147
CVE-2024-26147 affects Helm before 3.14.2. When Helm parses index.yaml or plugins/plugin.yaml with missing content, an uninitialized variable can cause a panic. In the Helm SDK this is exposed via LoadIndexFile, DownloadIndexFile, or LoadDir, and in the Helm client it can affect repo-adding workf...
CVE-2024-26147 Helm's Missing YAML Content Leads To Panic
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
PT-2024-2571 · Helm +2 · Helm +2
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.14.2 Description: The issue is related to an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. This can cause a panic in Helm when either an index.yaml file or...
BIT-LIFERAY-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...
CVE-2023-51655
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...
CVE-2023-51655
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...
Design/Logic Flaw
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...
CVE-2023-51655
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...
JetBrains IntelliJ IDEA Security Vulnerability
JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2023.3.2, which stems from a malicious plugin repository specified via the project...
Local Privilege Escalation
apm-agent-parent is vulnerable to local Privilege Escalation. An attacker can inject a malicious plugin to an application running the apm-agent. The attacker can potentially escalate their privileges to higher level as a result of exploiting this vulnerability...
APM Java Agent Local Privilege Escalation issue
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...
CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...
CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...
Privilege escalation
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...
CVE-2021-37942 APM Java Agent Local Privilege Escalation
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...
PT-2023-12332 · Unknown · Apm Java Agent
Name of the Vulnerable Software and Affected Versions: APM Java agent affected versions not specified Description: A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By usin...
Remote code execution
Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is...
CVE-2023-36821 Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is...
PT-2023-25713 · Unknown +1 · Uptime Kuma +1
Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.22.1 Description: The issue allows an authenticated attacker to install a maliciously crafted plugin, potentially leading to remote code execution. Uptime Kuma permits authenticated users to install plugins fro...