203 matches found
CLEANSTART-2026-FP26400 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.4.4-r0, 2.4.4-r1, 2.9.0-r0
Multiple security vulnerabilities affect the newrelic-prometheus-configurator package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: supercronic, dask-gateway, kubernetes-dashboard-web, nri-kubernetes, grafana-operator, kubernetes-csi-driver-nfs, pulumi-language-dotnet, db-operator, temporal, kaf, podman, opa, kubernetes-csi-livenessprobe, kine, redka, spire-controller-manager, kubebuilder,...
EUVD-2022-2049
Malicious code in bioql PyPI...
Malicious code in new-relic-browser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b484734422b24dacf15c15aabdc6a98a5b34da6281c42feab2eea60be6bd36f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7976 Malicious code in new-relic-browser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b484734422b24dacf15c15aabdc6a98a5b34da6281c42feab2eea60be6bd36f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: fulcio, trust-manager-fips, cilium, ctop, glab, skopeo, trillian, hello-world-golang, crossplane-provider-aws, bank-vaults, actions-runner-controller-fips, eksctl, wavefront-collector-for-kubernetes, cosign-fips, step-fips, wait-for-port, cortex-fips, etcd-fips,...
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: gomplate, supercronic, pulumi-kubernetes-operator, dask-gateway, k8sgpt, cue, helm-operator, minio, secrets-store-csi-driver-provider-aws, nri-prometheus, kube-bench, cluster-proportional-autoscaler, http-echo, nri-haproxy, petname, docker-credential-ecr-login,...
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: gomplate, supercronic, pulumi-kubernetes-operator, dask-gateway, k8sgpt, cue, helm-operator, minio, secrets-store-csi-driver-provider-aws, nri-prometheus, kube-bench, cluster-proportional-autoscaler, http-echo, nri-haproxy, petname, docker-credential-ecr-login,...
This Week in Spring - March 5th, 2024
Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll....
This Week in Spring - February 20th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 20th of February, 2024? I'm doing alright on this rainy 20th of Feburary here in San Francisco, and I hope you are too! We've got a ton of things to get into this week so let's dive right into it! Have y...
Malicious Package
Overview ddc-new-relic is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious code in ddc-new-relic (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 724b8e2d9bbce93045922539d67f166495a0abac1fe3d410e5cea2ec861e82d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2378 Malicious code in ddc-new-relic (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 724b8e2d9bbce93045922539d67f166495a0abac1fe3d410e5cea2ec861e82d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
New Relic .NET Agent contains SQL Injection
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLANALL ON protecti...
GHSA-2RVX-CVFC-MCP2 New Relic .NET Agent contains SQL Injection
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLANALL ON protecti...
New Relic: Reflected XSS in VPN Appliance
@mr-hakhak discovered an XSS vulnerability in a VPN appliance. While this appliance is not normally accessed via the browser, the web interface was disabled to prevent future issues...
New Relic: Reflected Cross site Scripting (XSS) on https://one.newrelic.com
The attacker can execute javascript on the victims account just after the authentication process. Steps To Reproduce: 1 Open the url:...
New Relic: Verification Link not expiring leading to Account Takeover.
@bbunnny reported that verification links that are sent out on account creation can be used to access a victim's account until those links have expired. As access to those links requires that an attacker have access to the victim's email, this issue is out of scope for our program...
Build a Complete Cloud Visibility Strategy
Trend Micro Cloud One + New Relic come together to offer complete cloud visibility...
The vulnerability of the com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to compromise the...