Summary The Transformation Advisor tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Commons Compress. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress.....
6.5AI Score
0.001EPSS
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7AI Score
0.001EPSS
CVE-2016-2124 affecting package samba 4.12.5-6
CVE-2016-2124 affecting package samba 4.12.5-6. No patch is available...
6.8AI Score
0.002EPSS
CVE-2016-4912 affecting package openslp 2.0.0-26
CVE-2016-4912 affecting package openslp 2.0.0-26. No patch is available...
7.7AI Score
0.002EPSS
CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21
CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21. No patch is available...
8.9AI Score
0.008EPSS
CVE-2016-2568 affecting package polkit 0.119-3
CVE-2016-2568 affecting package polkit 0.119-3. No patch is available...
7.9AI Score
0.0004EPSS
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...
6AI Score
0.001EPSS
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...
7.8AI Score
0.72EPSS
CVE-2022-3857 affecting package syslinux 6.04-10
CVE-2022-3857 affecting package syslinux 6.04-10. No patch is available...
5.5AI Score
0.001EPSS
CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10
CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10. A patched version of the package is...
7.8AI Score
0.72EPSS
CVE-2022-43552 affecting package cmake 3.21.4-10
CVE-2022-43552 affecting package cmake 3.21.4-10. No patch is available...
8AI Score
0.001EPSS
CVE-2023-23916 affecting package cmake 3.21.4-10
CVE-2023-23916 affecting package cmake 3.21.4-10. No patch is available...
8.3AI Score
0.001EPSS
CVE-2023-23915 affecting package cmake 3.21.4-10
CVE-2023-23915 affecting package cmake 3.21.4-10. No patch is available...
8AI Score
0.001EPSS
CVE-2016-3709 affecting package libxml2 2.9.14-3
CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never...
9.2AI Score
0.001EPSS
CVE-2016-2568 affecting package polkit 0.116-7
CVE-2016-2568 affecting package polkit 0.116-7. No patch is available...
7.5AI Score
0.0004EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: aactl, policy-controller, skaffold, wolfictl, tkn, tekton-chains, falco, gitsign, melange, kubescape, zarf, goreleaser, flux-source-controller, slsa-verifier, zot, falcoctl, spire-server, apko,...
7.5AI Score
7.5AI Score
7.5AI Score
7.1AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
7.1AI Score
0.0005EPSS
5.3AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: superset, kubeflow-pipelines-visualization-server,...
7.7AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: superset, kubeflow-pipelines-visualization-server,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: tctl, aactl, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, prometheus-stackdriver-exporter, istio-envoy, cue, oauth2-proxy, buildkitd, keda, pulumi, metacontroller, ollama, nginx-mainline, nvidia-device-plugin, prometheus, coredns, hugo, argo-cd,...
8.7AI Score
0.72EPSS
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: crossplane, datadog-agent, cadvisor, aactl, dagger, buildkitd, kargo, wolfictl, ctop, tkn, trivy, up, buf, kaniko, syft, prometheus, conftest, melange, kubescape, telegraf, docker-compose, grype, zot, spire-server, ko,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: crossplane, datadog-agent, cadvisor, aactl, dagger, buildkitd, kargo, wolfictl, ctop, tkn, trivy, up, buf, kaniko, syft, prometheus, conftest, melange, kubescape, telegraf, docker-compose, grype, zot, spire-server, ko,...
5.9AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: kyverno, aactl, flux-kustomize-controller, kots, istio-pilot-discovery, cosign, cilium-envoy, rekor, oauth2-proxy, keda, argo-workflows, vault, traefik, sops, terragrunt, tkn, tekton-chains, falco, gitsign, kubescape, cloudflared, external-secrets-operator,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, hugo-extended, aactl, nri-discovery-kubernetes, terraform, skopeo, memcached-exporter, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, prometheus-stackdriver-exporter, cass-operator, istio-pilot-discovery,....
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...
6.5AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: kine, k3s, ferretdb, amass, spicedb, temporal-server, keda, kube-bench, argo-workflows, trillian, kots, caddy, telegraf, vault, src,...
7.5AI Score
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: kine, k3s, ferretdb, amass, spicedb, temporal-server, keda, kube-bench, argo-workflows, trillian, kots, caddy, telegraf, vault, src,...
9.7AI Score
0.0004EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: ggshield, kubeflow-pipelines, kubeflow-jupyter-web-app, k8s-sidecar, confluent-docker-utils, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, kubeflow-katib, py3-idna, az,...
7.5AI Score
Vulnerabilities for packages: ggshield, kubeflow-pipelines, kubeflow-jupyter-web-app, k8s-sidecar, confluent-docker-utils, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, kubeflow-katib, py3-idna, az,...
6.5AI Score
7.5AI Score
7.7AI Score
0.001EPSS
GHSA-HJ3V-M684-V259 vulnerabilities
Vulnerabilities for packages: kyverno, falco, istio-cni, minio, istio-pilot-agent, mc, istio-operator, falcoctl, spire-server, external-secrets-operator, istio-pilot-discovery,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: dask-gateway, confluent-docker-utils, superset, reflex,...
7.5AI Score
7.5AI Score
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...
8.2AI Score
0.72EPSS
7.5AI Score
7.1AI Score
0.0005EPSS
7.1AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, kubernetes-csi-livenessprobe, prometheus-stackdriver-exporter, direnv, nri-nagios, pulumi, prometheus-pushgateway, k8sgpt, terragrunt, trivy, flyte, nri-mongodb, hello-world-golang,...
6.9AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: crossplane, kubernetes-csi-external-resizer, aactl, skopeo, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, wave, kyverno-policy-reporter-kyverno-plugin, guac, rekor, cue, harbor-scanner-trivy, oauth2-proxy, rclone, spegel, direnv, buildkitd,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: crossplane, kubernetes-csi-external-resizer, aactl, skopeo, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, wave, kyverno-policy-reporter-kyverno-plugin, guac, rekor, cue, harbor-scanner-trivy, oauth2-proxy, rclone, spegel, direnv, buildkitd,...
6.6AI Score
0.0004EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: grpcurl, nsc, oras, hey, wait-for-port, aactl, nri-discovery-kubernetes, metrics-server, sonobuoy, dgraph, docker-cli, prometheus-stackdriver-exporter, cass-operator, kind, go-licenses, gops, cilium-envoy, gosu, protoc-gen-go-grpc, amass, k3d, cni-plugins,...
8.2AI Score
0.001EPSS
Vulnerabilities for packages: tctl, kubernetes-csi-external-resizer, aactl, terraform, memcached-exporter, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, prometheus-stackdriver-exporter, cue, oauth2-proxy, buildkitd, keda, pulumi, prometheus-alertmanager, prometheus-pushgateway,...
6.5AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: nsc, crossplane, aactl, terraform, skopeo, memcached-exporter, crossplane-provider-aws, src, prometheus-stackdriver-exporter, istio-pilot-discovery, rekor, oauth2-proxy, istio-cni, buildkitd, pulumi, argo-workflows, prometheus-alertmanager, kyverno-policy-reporter,...
7AI Score
0.962EPSS