CVE-2024-21684

There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of...

AZL-44214 CVE-2024-34703 affecting package botan2 2.14.0-2

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...

DEBIAN-CVE-2024-35241

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are...

SUSE CVE-2023-35945

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWA...

PT-2024-5971 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.2.5 Couchbase Server versions 7.6.0 through 7.6.0 Description: The issue is related to insufficient encryption of data in the Key-Value KV service of Couchbase Server. This could allow a remote attacker to...

OESA-2024-1645 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used lar...

ALPINE-CVE-2024-32465

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

AZL-43038 CVE-2024-32002 affecting package git for versions less than 2.45.2-1

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...

PT-2024-3335 · Ruby +7 · Ruby +7

Name of the Vulnerable Software and Affected Versions: Ruby versions 3.0.0 through 3.3.0 Description: The issue is related to a buffer overflow in the heap of the Ruby programming language interpreter. It allows an attacker to impact the confidentiality, integrity, and availability of protected...

UBUNTU-CVE-2024-32459

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available...

GHSA-2Q59-H24C-W6FG Voilà Local file inclusion

Impact Any deployment of voilà dashboard allow local file inclusion, that is to say any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how...

AZL-35839 CVE-2024-28180 affecting package containerized-data-importer for versions less than 1.55.0-20

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-35837 CVE-2024-28180 affecting package cert-manager for versions less than 1.11.2-14

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-39600 CVE-2024-28180 affecting package cri-o for versions less than 1.21.7-2

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-35881 CVE-2024-28180 affecting package influxdb for versions less than 2.7.3-9

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

PT-2024-15381 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.3 through 16.7.6 GitLab versions 16.7.6 through 16.8.3 GitLab versions 16.8.3 through 16.9.1 Description: An authorization bypass vulnerability was discovered in GitLab, allowing an attacker to bypass CODEOWNERS by utilizin...

Important: composer

Issue Overview: Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead...

CVE-2024-24821 Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

PT-2024-12302 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.6.0 through 2.6.13 Rancher versions 2.7.0 through 2.7.9 Rancher versions 2.8.0 through 2.8.1 Description: A vulnerability has been identified when granting a create or global role for a resource type of "namespaces". This c...

SUSE CVE-2023-46118

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...