CVE-2022-42969 affecting package python-py 1.10.0-1
CVE-2022-42969 affecting package python-py 1.10.0-1. No patch is available...
7.5CVSS
9.9AI Score
0.007EPSS
CVE-2021-3672 affecting package pgbouncer 1.16.1-1
CVE-2021-3672 affecting package pgbouncer 1.16.1-1. This CVE either no longer is or was never...
5.6CVSS
9.8AI Score
0.002EPSS
CVE-2021-3773 affecting package kernel 5.10.189.1-1
CVE-2021-3773 affecting package kernel 5.10.189.1-1. No patch is available...
9.8CVSS
9.7AI Score
0.008EPSS
CVE-2022-24963 affecting package apr for versions less than 1.7.2-1
CVE-2022-24963 affecting package apr for versions less than 1.7.2-1. A patched version of the package is...
9.8CVSS
6.9AI Score
0.059EPSS
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.8CVSS
7.8AI Score
0.001EPSS
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.5CVSS
7.8AI Score
0.001EPSS
CVE-2023-39318 affecting package golang for versions less than 1.20.10-1
CVE-2023-39318 affecting package golang for versions less than 1.20.10-1. A patched version of the package is...
6.1CVSS
6.5AI Score
0.001EPSS
CVE-2023-45853 affecting package rubygem-mini_portile2 for versions less than 2.8.0-1
CVE-2023-45853 affecting package rubygem-mini_portile2 for versions less than 2.8.0-1. A patched version of the package is...
9.8CVSS
9.7AI Score
0.001EPSS
CVE-2023-39319 affecting package golang for versions less than 1.20.10-1
CVE-2023-39319 affecting package golang for versions less than 1.20.10-1. A patched version of the package is...
6.1CVSS
6.5AI Score
0.001EPSS
CVE-2024-24788 affecting package golang for versions less than 1.22.3-1
CVE-2024-24788 affecting package golang for versions less than 1.22.3-1. A patched version of the package is...
7.3AI Score
0.0004EPSS
CVE-2023-44487 affecting package kubernetes for versions less than 1.28.3-1
CVE-2023-44487 affecting package kubernetes for versions less than 1.28.3-1. A patched version of the package is...
7.5CVSS
8.9AI Score
0.732EPSS
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
6.5CVSS
6.8AI Score
0.001EPSS
CVE-2023-39323 affecting package golang for versions less than 1.20.10-1
CVE-2023-39323 affecting package golang for versions less than 1.20.10-1. A patched version of the package is...
8.1CVSS
8.2AI Score
0.002EPSS
CVE-2023-29409 affecting package golang for versions less than 1.20.7-1
CVE-2023-29409 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
5.3CVSS
5.6AI Score
0.001EPSS
CVE-2023-24538 affecting package golang for versions less than 1.19.8-1
CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...
9.8CVSS
9.8AI Score
0.003EPSS
CVE-2023-29400 affecting package golang for versions less than 1.20.7-1
CVE-2023-29400 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.3CVSS
7.4AI Score
0.001EPSS
CVE-2023-44487 affecting package coredns for versions less than 1.11.1-1
CVE-2023-44487 affecting package coredns for versions less than 1.11.1-1. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2023-39533 affecting package golang for versions less than 1.19.12-1
CVE-2023-39533 affecting package golang for versions less than 1.19.12-1. A patched version of the package is...
7.5CVSS
7.6AI Score
0.001EPSS
CVE-2023-24539 affecting package golang for versions less than 1.20.7-1
CVE-2023-24539 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.3CVSS
7.4AI Score
0.001EPSS
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1. A patched version of the package is...
7.5CVSS
7.8AI Score
0.001EPSS
CVE-2023-29405 affecting package golang for versions less than 1.20.7-1
CVE-2023-29405 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
9.8CVSS
9.7AI Score
0.005EPSS
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1. A patched version of the package is...
7.5CVSS
7.8AI Score
0.001EPSS
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246-mitigation This project is a Maven-based...
9.8CVSS
7.2AI Score
0.973EPSS
6.4AI Score
0.0004EPSS
6.4AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.038EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
6.7AI Score
0.0004EPSS
Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...
8.6CVSS
7.8AI Score
0.051EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
6.6AI Score
0.0004EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 06/28/2024
Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...
9.8CVSS
9AI Score
0.005EPSS
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...
7.5CVSS
7.2AI Score
0.0004EPSS
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: ...
5.3CVSS
5.3AI Score
0.0004EPSS
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...
7.9AI Score
0.0004EPSS
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: ...
6.5CVSS
6.3AI Score
0.0004EPSS
Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions (CVE-2024-2466, CVE-2024-2004, CVE-2024-2379) or cause a denial of service (CVE-2024-2398). PowerSC uses Curl as part of PowerSC Trusted Network Connect (TNC). Vulnerability Details ** CVEID:...
7.5AI Score
0.0004EPSS
CVE-2024-38322 IBM Storage Defender information disclosure
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
CVE-2024-38322 IBM Storage Defender information disclosure
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: ...
5.3CVSS
6.6AI Score
0.0004EPSS
CVE-2024-25031 IBM Storage Defender information disclosure
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
TEMU sued for being “dangerous malware” by Arkansas Attorney General
Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...
7.5AI Score
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
9CVSS
9AI Score
0.0004EPSS
Exploit for Improper Input Validation in Google Android
Exploit for CVE-2022-20186 The write up can be found...
7.8CVSS
8AI Score
0.0004EPSS
Exploit for Improper Input Validation in Google Android
Exploit for CVE-2022-20186 The write up can be found...
7.8CVSS
8AI Score
0.0004EPSS
Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062
Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
4.8CVSS
5.9AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064
Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
5.4CVSS
6.7AI Score
0.0004EPSS
runc vulnerable to container breakout through process.cwd trickery and leaked fds in...
8.6CVSS
6.9AI Score
0.051EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File in...
7.5CVSS
6.7AI Score
0.001EPSS