CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.9AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.8AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: aactl, flux-helm-controller, helm, cosign, nerdctl, cri-tools, pulumi, istio-pilot-discovery, eksctl, istio-pilot-agent, kots, flux-image-reflector-controller, traefik, falcoctl, cadvisor, timoni, ctop, k3s, dagger, crane, k8sgpt, kargo, kubevela, scorecard,...
7.5AI Score
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, calico, spark-operator, cluster-autoscaler, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, node-feature-discovery, nodetaint, local-static-provisioner,...
7.5AI Score
7.5AI Score
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: go-licenses, pulumi, kots, pulumi-kubernetes-operator, pulumi-language-java, src-fingerprint, kubevela, pulumi-language-yaml, gomplate, goreleaser, pulumi-language-dotnet, bom, flux-kustomize-controller, zot, tekton-pipelines, gitsign, argo-cd, scorecard, gitness,...
7.5CVSS
7.8AI Score
0.0005EPSS
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: nerdctl, syft, docker, nvidia-device-plugin, grype, k3d, kots, cadvisor, ctop, k3s, kubernetes, newrelic-infrastructure-agent, trivy, zarf, kubescape, zot, runc, ingress-nginx-controller, telegraf, datadog-agent, kaniko, buildkitd, skopeo, wolfictl, skaffold,...
7.5AI Score
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...
8.1CVSS
7.7AI Score
0.001EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
6AI Score
0.0004EPSS
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-20
CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-20. This CVE either no longer is or was never...
5.5CVSS
6.3AI Score
0.001EPSS
CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-20
CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-20. This CVE either no longer is or was never...
7.5CVSS
7.9AI Score
0.005EPSS
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
8.3AI Score
0.002EPSS
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
Security Bulletin: IBM Automation Decision Services for May 2024 - Multiple CVEs addressed
Summary "IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed." Vulnerability Details ** CVEID:...
7.5CVSS
8.8AI Score
0.001EPSS
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH's...
8.1CVSS
9.1AI Score
EPSS
CosmicSting: critical unauthenticated XXE vulnerability in...
9.8CVSS
10AI Score
0.038EPSS
Juniper Networks Releases Critical Security Update for Routers
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Using....
10CVSS
8.4AI Score
0.003EPSS
Summary IBM Storage Protect Operations Center may be affected by user configuration failures in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...
5.3CVSS
5.2AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by cross-site scripting vulnerability due to servlet-6.0 feature enabled in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3...
4.7CVSS
5.7AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by server-side request forgery vulnerability in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...
4.3CVSS
6AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by denial of service caused by jose4j in IBM WebSphere Application Server Liberty. CVE-2023-51775. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by improper input...
6.5AI Score
0.0004EPSS
Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-21634 DESCRIPTION: **Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...
7.5CVSS
6.9AI Score
0.0005EPSS
[SECURITY] [DLA 3855-1] pdns-recursor security update
Debian LTS Advisory DLA-3855-1 [email protected] https://www.debian.org/lts/security/ ; Daniel Leidert July 01, 2024 https://wiki.debian.org/LTS Package : pdns-recursor Version : 4.1.11-1+deb10u2 CVE...
7.5CVSS
6.9AI Score
0.006EPSS
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1877)
The remote host is missing an update for the Huawei...
8CVSS
8.1AI Score
0.05EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1850)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1865)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1858)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1872)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1863)
The remote host is missing an update for the Huawei...
8CVSS
8.1AI Score
0.05EPSS
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages openssh - secure shell (SSH) for secure access to remote machines Details It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access...
8.1CVSS
8.5AI Score
EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1864)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1851)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
9.8CVSS
7.1AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.038EPSS
A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...
2.4CVSS
0.0004EPSS
A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...
2.4CVSS
3.4AI Score
0.0004EPSS
CVE-2024-6415 Ingenico Estate Manager New Widget cross site scripting
A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...
2.4CVSS
0.0004EPSS
Debian dla-3846 : libmojolicious-perl - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] ...
6.5AI Score
0.0004EPSS
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...
7.1AI Score
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable...
7.6CVSS
7.7AI Score
0.0004EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
0.001EPSS