Vulnerabilities for packages: aactl, gitlab-kas, buildkitd, gitsign, spire-server, actions-runner-controller, gh, zot, k3d, skopeo, terraform, bank-vaults, loki, tekton-chains, rekor, flux-kustomize-controller, keda, influxd, policy-controller, ksops, external-dns, k3s, terragrunt, falcoctl,...
6CVSS
6AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: gitlab-pages, prometheus-operator, actions-runner-controller, kube-bench, runc, aws-flb-kinesis, bank-vaults, crossplane-provider-gcp, tekton-chains, vertical-pod-autoscaler, kubernetes-dns-node-cache, cass-operator, hugo, kubewatch, chartmuseum, kargo, nats,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.8AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, tigera-operator, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, paranoia, k8ssandra-operator, fq,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...
5.5CVSS
6.1AI Score
0.0004EPSS
Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler, dynamic-localpv-provisioner, apko,...
6.1CVSS
7.3AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: bom, gitlab-pages, actions-runner-controller, bank-vaults, tekton-chains, docker-credential-acr-env, hugo, kubewatch, nats, wireguard-go, cluster-autoscaler, dynamic-localpv-provisioner, apko, tigera-operator, tekton-pipelines, prometheus-mysqld-exporter, cilium-cli,.....
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: gitlab-pages, prometheus-operator, actions-runner-controller, kube-bench, runc, aws-flb-kinesis, bank-vaults, crossplane-provider-gcp, tekton-chains, vertical-pod-autoscaler, kubernetes-dns-node-cache, cass-operator, hugo, kubewatch, chartmuseum, kargo, nats,...
6.6AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.5AI Score
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: aactl, gitlab-kas, buildkitd, gitsign, spire-server, actions-runner-controller, gh, zot, k3d, skopeo, terraform, bank-vaults, loki, tekton-chains, rekor, flux-kustomize-controller, keda, influxd, policy-controller, ksops, external-dns, k3s, terragrunt, falcoctl,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, tigera-operator, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, paranoia, k8ssandra-operator, fq,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...
9.8CVSS
9.8AI Score
0.001EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, tekton-chains, kubernetes-dns-node-cache, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, nats, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler,...
7.5CVSS
8.4AI Score
0.002EPSS
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: aactl, gitsign, spire-server, actions-runner-controller, zot, melange, tekton-chains, flux-kustomize-controller, crossplane, keda, policy-controller, terragrunt, pulumi-language-dotnet, crossplane-provider-aws, grafana, falco, apko, pulumi-language-yaml,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.8AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: bom, gitlab-pages, actions-runner-controller, bank-vaults, tekton-chains, docker-credential-acr-env, hugo, kubewatch, nats, wireguard-go, cluster-autoscaler, dynamic-localpv-provisioner, apko, tigera-operator, tekton-pipelines, prometheus-mysqld-exporter, cilium-cli,.....
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler, dynamic-localpv-provisioner, apko,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, tekton-chains, kubernetes-dns-node-cache, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, nats, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...
6AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...
7.5AI Score
9.8CVSS
9.6AI Score
0.038EPSS
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....
8.8CVSS
8.6AI Score
0.0004EPSS
Glastonbury ticket hijack vulnerability fixed
The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....
6.8AI Score
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and...
9.8CVSS
9AI Score
0.001EPSS
Certain HP PC BIOS Logo Vulnerabilities
Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...
7.8CVSS
7.8AI Score
0.0004EPSS
Intel Chipset Device Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.7CVSS
7.1AI Score
0.0004EPSS
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1859)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...
7.8CVSS
8.1AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...
8.4AI Score
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-2 advisory. USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression...
7.6AI Score
Fedora 40 : kernel (2024-aca908f73b)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-aca908f73b advisory. The 6.9.6 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly from the...
7.3AI Score
EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-1877)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a...
8CVSS
8AI Score
0.05EPSS
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1873)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...
7.8CVSS
8.1AI Score
0.0004EPSS
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM WebSphere Application Server Liberty used by IBM Cognos Analytics. IBM Cognos Analytics has addressed these vulnerabilities by upgrading IBM® Java™ and IBM WebSphere Application Server Liberty. There are vulnerabilities in...
10CVSS
10AI Score
EPSS
Summary IBM Cognos Analytics is vulnerable to a cross-site scripting vulnerability (XSS) in JupyterHub and remote code execution (RCE) vulnerability in R Programming Language which is used by Jupyter Notebook. IBM Cognos Analytics has addressed a Denial of Service (DOS) vulnerability and an...
8.8CVSS
10AI Score
0.005EPSS
CVE-2024-34102 POC for CVE-2024-34102. A pre-authentication...
9.8CVSS
6.9AI Score
0.038EPSS
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
6.7AI Score
0.0004EPSS
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
0.0004EPSS
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction...
9.9CVSS
0.0004EPSS
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction...
9.9CVSS
9.3AI Score
0.0004EPSS
CVE-2024-3331 Spotfire: NTLM token leakage
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
0.0004EPSS
CVE-2024-3330 Spotfire Remote Code Execution Vulnerability
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction...
9.9CVSS
0.0004EPSS
CVE-2024-34102: Unauthenticated Magento XXE CVEHunter tool...
9.8CVSS
7AI Score
0.038EPSS
AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. We're not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A...
9.1CVSS
7.2AI Score
0.0004EPSS