Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
CVE-2024-4007 Hard coded default credential contained in install package
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly...
8.8CVSS
6.9AI Score
EPSS
Model Extraction from Neural Networks
A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it's a...
7.2AI Score
End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities
At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...
6.7AI Score
7.7AI Score
EPSS
CVE-2021-3634 affecting package libssh 0.9.5-2
CVE-2021-3634 affecting package libssh 0.9.5-2. This CVE either no longer is or was never...
6.5CVSS
9.7AI Score
0.006EPSS
CVE-2011-4966 affecting package freeradius 3.2.3-2
CVE-2011-4966 affecting package freeradius 3.2.3-2. No patch is available...
6.4AI Score
0.003EPSS
CVE-2002-0318 affecting package freeradius 3.2.3-2
CVE-2002-0318 affecting package freeradius 3.2.3-2. No patch is available...
6.9AI Score
0.005EPSS
CVE-2017-18640 affecting package snakeyaml 1.25-2
CVE-2017-18640 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.6AI Score
0.019EPSS
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
7.5CVSS
8AI Score
0.003EPSS
CVE-2020-4041 affecting package bolt 0.9.2-2
CVE-2020-4041 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.4CVSS
7.5AI Score
0.006EPSS
CVE-2019-15484 affecting package bolt 0.9.2-2
CVE-2019-15484 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2021-27367 affecting package bolt 0.9.2-2
CVE-2021-27367 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.5CVSS
7.5AI Score
0.002EPSS
CVE-2022-31321 affecting package bolt 0.9.2-2
CVE-2022-31321 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
9.1CVSS
7.5AI Score
0.002EPSS
CVE-2023-0475 affecting package k3s 1.24.12-2
CVE-2023-0475 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
6.5CVSS
9.8AI Score
0.001EPSS
CVE-2022-47021 affecting package opusfile 0.12-2
CVE-2022-47021 affecting package opusfile 0.12-2. No patch is available...
7.8CVSS
7.7AI Score
0.0005EPSS
CVE-2022-38752 affecting package snakeyaml 1.25-2
CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9AI Score
0.003EPSS
CVE-2022-36069 affecting package poetry 1.0.10-2
CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available...
7.3CVSS
7.3AI Score
0.001EPSS
CVE-2022-25857 affecting package snakeyaml 1.25-2
CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.3AI Score
0.002EPSS
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...
5.9CVSS
6.8AI Score
0.963EPSS
CVE-2015-7309 affecting package bolt 0.9.2-2
CVE-2015-7309 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.5AI Score
0.449EPSS
CVE-2020-4040 affecting package bolt 0.9.2-2
CVE-2020-4040 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
8.6CVSS
7.5AI Score
0.003EPSS
CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2
CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2. This CVE either no longer is or was never...
7.5CVSS
8.2AI Score
0.004EPSS
CVE-2022-41854 affecting package snakeyaml 1.25-2
CVE-2022-41854 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
8.4AI Score
0.006EPSS
CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2
CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2. This CVE either no longer is or was never...
5.5CVSS
6AI Score
0.002EPSS
CVE-2022-3294 affecting package k3s 1.24.12-2
CVE-2022-3294 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
8.8CVSS
7.5AI Score
0.002EPSS
CVE-2019-9185 affecting package bolt 0.9.2-2
CVE-2019-9185 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
8.8CVSS
7.5AI Score
0.006EPSS
CVE-2019-15483 affecting package bolt 0.9.2-2
CVE-2019-15483 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2
CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-44487 affecting package libcontainers-common for versions less than 20210626-2
CVE-2023-44487 affecting package libcontainers-common for versions less than 20210626-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
5.3CVSS
6.9AI Score
0.001EPSS
CVE-2017-16754 affecting package bolt 0.9.2-2
CVE-2017-16754 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
5.3CVSS
7.5AI Score
0.001EPSS
CVE-2023-25173 affecting package k3s 1.24.12-2
CVE-2023-25173 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
7.8CVSS
8.9AI Score
0.001EPSS
CVE-2022-43410 affecting package mercurial 6.0.3-2
CVE-2022-43410 affecting package mercurial 6.0.3-2. No patch is available...
5.3CVSS
5.8AI Score
0.001EPSS
CVE-2020-28925 affecting package bolt 0.9.2-2
CVE-2020-28925 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
5.3CVSS
7.5AI Score
0.001EPSS
CVE-2022-1941 affecting package protobuf 3.17.3-2
CVE-2022-1941 affecting package protobuf 3.17.3-2. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2022-38750 affecting package snakeyaml 1.25-2
CVE-2022-38750 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9.4AI Score
0.001EPSS
CVE-2022-38749 affecting package snakeyaml 1.25-2
CVE-2022-38749 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
8.4AI Score
0.001EPSS
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
6.5CVSS
7.5AI Score
0.001EPSS
CVE-2023-48795 affecting package nmap for versions less than 7.93-2
CVE-2023-48795 affecting package nmap for versions less than 7.93-2. A patched version of the package is...
5.9CVSS
6.1AI Score
0.963EPSS
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2019-15485 affecting package bolt 0.9.2-2
CVE-2019-15485 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2022-38751 affecting package snakeyaml 1.25-2
CVE-2022-38751 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9.3AI Score
0.001EPSS
CVE-2023-39325 affecting package golang for versions less than 1.20.7-2
CVE-2023-39325 affecting package golang for versions less than 1.20.7-2. A patched version of the package is...
7.5CVSS
8.3AI Score
0.002EPSS
CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2
CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2. This CVE either no longer is or was never...
7.5CVSS
8.4AI Score
0.004EPSS
CVE-2023-0215 affecting package cloud-hypervisor 22.0-2
CVE-2023-0215 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...
7.5CVSS
8.4AI Score
0.004EPSS
CVE-2022-41725 affecting package golang 1.17.13-2
CVE-2022-41725 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
10AI Score
0.001EPSS
CVE-2022-46908 affecting package sqlite 3.34.1-2
CVE-2022-46908 affecting package sqlite 3.34.1-2. This CVE either no longer is or was never...
7.3CVSS
9.8AI Score
0.001EPSS
CVE-2022-3697 affecting package ansible 2.9.27-2
CVE-2022-3697 affecting package ansible 2.9.27-2. No patch is available...
7.5CVSS
7.5AI Score
0.002EPSS