CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14823 matches found

OpenVAS•added 2024/11/15 12:0 a.m.•8 views

Ubuntu: Security Advisory (USN-7108-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.00867EPSS

Exploits0References2

OSV•added 2024/11/14 11:15 p.m.•2 views

DEBIAN-CVE-2024-52308

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...

9.6CVSS9.7AI score0.00861EPSS

Exploits0References1

OSV•added 2024/11/14 11:15 p.m.•2 views

AZL-53217 CVE-2024-52308 affecting package gh for versions less than 2.62.0-1

9.6CVSS8.2AI score0.00861EPSS

Exploits0References1

NVD•added 2024/11/14 11:15 p.m.•29 views

CVE-2024-52308

9.6CVSS0.00861EPSS

Exploits0References1

OSV•added 2024/11/14 11:15 p.m.•1 views

UBUNTU-CVE-2024-52308

9.6CVSS8.1AI score0.00861EPSS

Exploits0References4

Vulnrichment•added 2024/11/14 10:55 p.m.•20 views

CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

8CVSS8.4AI score0.00861EPSS

Exploits0References1

CVE•added 2024/11/14 10:55 p.m.•305 views

CVE-2024-52308

The CVE concerns GitHub CLI (gh) where versions 2.6.1 and earlier are vulnerable to remote code execution via a malicious Codespaces SSH server when using gh codespace ssh or gh codespace logs. The root cause is how the CLI handles SSH connection details (e.g., remote username) retrieved for SSH ...

9.6CVSS8.4AI score0.00861EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/11/14 10:55 p.m.•37 views

CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

8CVSS0.00861EPSS

Exploits0References1

OSV•added 2024/11/14 10:55 p.m.•17 views

CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

8CVSS9.7AI score0.00861EPSS

Exploits0References3

Debian CVE•added 2024/11/14 10:55 p.m.•14 views

CVE-2024-52308

9.6CVSS9.7AI score0.00861EPSS

Exploits0

OSV•added 2024/11/14 5:39 p.m.•17 views

GHSA-P2H2-3VG9-4P87 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

Summary A security vulnerability has been identified in GitHub CLI that could allow remote code execution RCE when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands. Details The vulnerability stems from the way GitHub CLI handles SSH...

8CVSS9.2AI score0.00861EPSS

Exploits0References4

Github Security Blog•added 2024/11/14 5:39 p.m.•13 views

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

9.6CVSS8.8AI score0.00861EPSS

Exploits0References4Affected Software2

OSV•added 2024/11/14 6:30 a.m.•6 views

GHSA-4277-M35Q-7C9W Salt preflight script could be attacker controlled

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script wi...

6.7CVSS6.7AI score0.00187EPSS

Exploits0References5

Github Security Blog•added 2024/11/14 6:30 a.m.•13 views

Salt preflight script could be attacker controlled

6.7CVSS6.7AI score0.00187EPSS

Exploits0References5Affected Software1

NVD•added 2024/11/14 5:15 a.m.•27 views

CVE-2023-34049

6.7CVSS0.00187EPSS

Exploits0References1

OSV•added 2024/11/14 5:15 a.m.•5 views

UBUNTU-CVE-2023-34049