GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, capslock, doppler-kubernetes-operator, jaeger-agent, prometheus-beat-exporter, crossplane-provider-azure, nerdctl, skaffold, spire-server, vexctl, gomplate, k8sgpt, kine, tekton-chains, memcached-exporter, melange, cadvisor, aactl,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, bincapz, opentofu, ko, regclient, k3d, coredns, gptscript, src-fingerprint, kubeadm-bootstrap-controller, go-md2man, ollama, grafana, shfmt, nri-mssql, gitlab-kas, certificate-transparency, nri-mysql, harbor-scanner-trivy, argo-cd, helm,...
7AI Score
0.0004EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: ctop, nri-discovery-kubernetes, aws-flb-cloudwatch, sops, mage, vertical-pod-autoscaler, flannel-cni-plugin, docker-credential-ecr-login, configmap-reload, goreleaser, falco, scorecard, prometheus-stackdriver-exporter, protoc-gen-go-grpc, cass-operator, dgraph,...
8.2AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, capslock, doppler-kubernetes-operator, jaeger-agent, prometheus-beat-exporter, crossplane-provider-azure, nerdctl, skaffold, spire-server, vexctl, gomplate, k8sgpt, kine, tekton-chains, memcached-exporter, melange, cadvisor, aactl,...
6.7AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, bincapz, opentofu, ko, regclient, k3d, coredns, gptscript, src-fingerprint, kubeadm-bootstrap-controller, go-md2man, ollama, grafana, shfmt, nri-mssql, gitlab-kas, certificate-transparency, nri-mysql, harbor-scanner-trivy, argo-cd, helm,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: ctop, nri-discovery-kubernetes, aws-flb-cloudwatch, sops, mage, vertical-pod-autoscaler, flannel-cni-plugin, docker-credential-ecr-login, configmap-reload, goreleaser, falco, scorecard, prometheus-stackdriver-exporter, protoc-gen-go-grpc, cass-operator, dgraph,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: ctop, nri-discovery-kubernetes, aws-flb-cloudwatch, sops, mage, vertical-pod-autoscaler, flannel-cni-plugin, docker-credential-ecr-login, configmap-reload, goreleaser, falco, scorecard, prometheus-stackdriver-exporter, protoc-gen-go-grpc, cass-operator, dgraph,...
7.4AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: ctop, nri-discovery-kubernetes, aws-flb-cloudwatch, sops, mage, vertical-pod-autoscaler, flannel-cni-plugin, docker-credential-ecr-login, configmap-reload, goreleaser, falco, scorecard, prometheus-stackdriver-exporter, protoc-gen-go-grpc, cass-operator, dgraph,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:1771-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1771-1 advisory. Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed...
7.8AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call...
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since...
7.2AI Score
CVE-2021-47551 drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since...
7AI Score
CVE-2021-47550 drm/amd/amdgpu: fix potential memleak
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call...
7.2AI Score
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.3AI Score
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.6AI Score
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hw_init [Why] On resume we perform DMUB hw_init which allocates memory: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc That results in memory leak in suspend/resu...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the register state. The actual conditions under...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays. Mitigation...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays. Mitigation...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue [ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int' [ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic #34~22.04.1-Ubuntu [...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In SR-IOV environment, the value of pcie_table->num_of_link_levels will be 0, and num_of_levels - 1 will cause array index out of bounds Mitigation...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() When ddc_service_construct() is called, it explicitly checks both the link type and whether there is something on the link which will dictate whether the pin.....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original message includes the DC...
6.8AI Score
0.0004EPSS
Personal AI Assistants and Privacy
Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall...
7AI Score
RHEL 8 : linux-firmware (RHSA-2024:3178)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3178 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...
7.3AI Score
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing...
6.5AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size 8 at addr...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driver disconnects from a device, devm_memunmap_pages and devm_release_mem_region calls in svm_migrate_fini are redundant. It causes....
7.2AI Score
0.0004EPSS
(RHSA-2024:3178) Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
7AI Score
0.0005EPSS
Fedora 39 : kernel (2024-49fcf86f58)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49fcf86f58 advisory. Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may...
6.7AI Score
Fedora 40 : kernel (2024-92664ae6fe)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-92664ae6fe advisory. Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may...
7AI Score
CentOS 8 : pcs (CESA-2024:2953)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:2953 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much longer than...
6.7AI Score
CentOS 8 : linux-firmware (CESA-2024:3178)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3178 advisory. Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of...
7.1AI Score
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
6.5AI Score
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22081, CVE-2023-22067, and CVE-2023-5676 Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified...
5.6AI Score
0.001EPSS
Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices
Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature,...
8.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original message includes the DC...
7.3AI Score
0.0004EPSS