Lucene search
+L

176 matches found

Cvelist
Cvelist
added 2024/02/21 10:21 p.m.32 views

CVE-2024-26147 Helm's Missing YAML Content Leads To Panic

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

7.5CVSS7.7AI score0.00926EPSS
Exploits0References2
CVE
CVE
added 2024/02/21 10:21 p.m.341 views

CVE-2024-26147

CVE-2024-26147 affects Helm before 3.14.2. When Helm parses index.yaml or plugins/plugin.yaml with missing content, an uninitialized variable can cause a panic. In the Helm SDK this is exposed via LoadIndexFile, DownloadIndexFile, or LoadDir, and in the Helm client it can affect repo-adding workf...

7.5CVSS7.6AI score0.00926EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/21 10:21 p.m.28 views

CVE-2024-26147 Helm's Missing YAML Content Leads To Panic

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

7.5CVSS7.6AI score0.00926EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.11 views

PT-2024-2571 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.14.2 Description: The issue is related to an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. This can cause a panic in Helm when either an index.yaml file or...

8.7CVSS8AI score0.00926EPSS
Exploits0References39
OSV
OSV
added 2024/01/31 3:20 p.m.11 views

BIT-LIFERAY-2022-42125

Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...

7.5CVSS7.4AI score0.00702EPSS
Exploits0References3
NVD
NVD
added 2023/12/21 10:15 a.m.14 views

CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

9.8CVSS0.00334EPSS
Exploits0References1
OSV
OSV
added 2023/12/21 10:15 a.m.5 views

CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

9.8CVSS6.1AI score0.00334EPSS
Exploits0References1
Prion
Prion
added 2023/12/21 10:15 a.m.23 views

Design/Logic Flaw

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

7.5CVSS7.7AI score0.00334EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/21 9:57 a.m.22 views

CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

6.3CVSS9.8AI score0.00334EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.5 views

JetBrains IntelliJ IDEA Security Vulnerability

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2023.3.2, which stems from a malicious plugin repository specified via the project...

9.8CVSS7.1AI score0.00334EPSS
Exploits0References2
Veracode
Veracode
added 2023/11/23 10:17 a.m.25 views

Local Privilege Escalation

apm-agent-parent is vulnerable to local Privilege Escalation. An attacker can inject a malicious plugin to an application running the apm-agent. The attacker can potentially escalate their privileges to higher level as a result of exploiting this vulnerability...

7.8CVSS7.1AI score0.00249EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/22 3:30 a.m.23 views

APM Java Agent Local Privilege Escalation issue

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

7.8CVSS7.7AI score0.00249EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2023/11/22 2:15 a.m.8 views

CVE-2021-37942

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

7.8CVSS7.8AI score
Exploits0References2
NVD
NVD
added 2023/11/22 2:15 a.m.25 views

CVE-2021-37942

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

7.8CVSS0.00249EPSS
Exploits0References2
Prion
Prion
added 2023/11/22 2:15 a.m.22 views

Privilege escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

4.3CVSS7.9AI score0.00249EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/22 1:33 a.m.34 views

CVE-2021-37942 APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

7CVSS8AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.8 views

PT-2023-12332 · Unknown · Apm Java Agent

Name of the Vulnerable Software and Affected Versions: APM Java agent affected versions not specified Description: A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By usin...

7.8CVSS7.7AI score0.00249EPSS
Exploits0References7
Prion
Prion
added 2023/07/05 10:15 p.m.20 views

Remote code execution

Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is...

6.5CVSS8.9AI score0.02017EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/07/05 9:14 p.m.24 views

CVE-2023-36821 Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation

Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is...

8.8CVSS9.2AI score0.02017EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/05 12:0 a.m.10 views

PT-2023-25713 · Unknown +1 · Uptime Kuma +1

Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.22.1 Description: The issue allows an authenticated attacker to install a maliciously crafted plugin, potentially leading to remote code execution. Uptime Kuma permits authenticated users to install plugins fro...

8.8CVSS8.5AI score0.02017EPSS
Exploits1References10
Rows per page
Query Builder