CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.8AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: consul, clusterctl, docker, policy-controller, crossplane, frp, cert-manager, flux-image-reflector-controller, external-secrets-operator, nri-discovery-kubernetes, kube-state-metrics, syft, gomplate, kubernetes-event-exporter, aws-load-balancer-controller,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: crossplane, frp, render-template, bincapz, harbor-registry, gomplate, aws-load-balancer-controller, capslock, volume-modifier-for-k8s, ferretdb, nri-mysql, velero-plugin-for-aws, gitsign, caddy, gitlab-shell, guac, q, kubernetes-dashboard,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: crossplane, frp, render-template, extism, harbor-registry, gomplate, aws-load-balancer-controller, capslock, volume-modifier-for-k8s, ferretdb, nri-mysql, velero-plugin-for-aws, gitsign, caddy, gitlab-shell, q, kubernetes-dashboard,...
6.5AI Score
0.0004EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: prometheus-bind-exporter, go-licenses, render-template, nri-discovery-kubernetes, falco, k3d, hey, kind, aactl, gops, helm-push, docker-cli, ctop, mage, nats, configmap-reload, protoc-gen-go-grpc, smarter-device-manager, aws-flb-cloudwatch, sbom-scorecard,...
7.5CVSS
7.9AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: consul, clusterctl, docker, policy-controller, crossplane, frp, cert-manager, flux-image-reflector-controller, external-secrets-operator, nri-discovery-kubernetes, kube-state-metrics, syft, gomplate, kubernetes-event-exporter, aws-load-balancer-controller,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: crossplane, frp, render-template, bincapz, harbor-registry, gomplate, aws-load-balancer-controller, capslock, volume-modifier-for-k8s, ferretdb, nri-mysql, velero-plugin-for-aws, gitsign, caddy, gitlab-shell, guac, q, kubernetes-dashboard,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: crossplane, frp, render-template, extism, harbor-registry, gomplate, aws-load-balancer-controller, capslock, volume-modifier-for-k8s, ferretdb, nri-mysql, velero-plugin-for-aws, gitsign, caddy, gitlab-shell, q, kubernetes-dashboard,...
6.5AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: crossplane, frp, render-template, extism, harbor-registry, gomplate, aws-load-balancer-controller, capslock, volume-modifier-for-k8s, ferretdb, nri-mysql, velero-plugin-for-aws, gitsign, caddy, gitlab-shell, q, kubernetes-dashboard,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: prometheus-bind-exporter, go-licenses, render-template, nri-discovery-kubernetes, falco, k3d, hey, kind, aactl, gops, helm-push, docker-cli, ctop, mage, nats, configmap-reload, protoc-gen-go-grpc, smarter-device-manager, aws-flb-cloudwatch, sbom-scorecard,...
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: prometheus-bind-exporter, go-licenses, render-template, nri-discovery-kubernetes, falco, k3d, hey, kind, aactl, gops, helm-push, docker-cli, ctop, mage, nats, configmap-reload, protoc-gen-go-grpc, smarter-device-manager, aws-flb-cloudwatch, sbom-scorecard,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: prometheus-bind-exporter, go-licenses, render-template, nri-discovery-kubernetes, falco, k3d, hey, kind, aactl, gops, helm-push, docker-cli, ctop, mage, nats, configmap-reload, protoc-gen-go-grpc, smarter-device-manager, aws-flb-cloudwatch, sbom-scorecard,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.8AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: crossplane, frp, render-template, extism, harbor-registry, gomplate, aws-load-balancer-controller, capslock, volume-modifier-for-k8s, ferretdb, nri-mysql, velero-plugin-for-aws, gitsign, caddy, gitlab-shell, q, kubernetes-dashboard,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...
6.4AI Score
0.0004EPSS
A flaw was found in intel-microcode. The sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra processors that may allow an authenticated user to enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the...
4.7CVSS
4.4AI Score
0.0004EPSS
A flaw was found in intel-microcode. The hardware logic contains race conditions in some Intel(R) processors that may allow an authenticated user to enable partial information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available...
2.8CVSS
3.2AI Score
0.0004EPSS
Apple TV < 19K53 Multiple Vulnerabilities (HT212980)
According to its banner, the version of Apple TV on the remote device is prior to 19K53. It is therefore affected by multiple vulnerabilities as described in the...
8.8CVSS
7.1AI Score
0.007EPSS
Apple TV < 15.5 Multiple Vulnerabilities (HT213254)
According to its banner, the version of Apple TV on the remote device is prior to 15.5. It is therefore affected by multiple vulnerabilities as described in the...
9.8CVSS
7.1AI Score
0.016EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
Apple TV < 16.3 Multiple Vulnerabilities (HT213601)
According to its banner, the version of Apple TV on the remote device is prior to 16.3. It is therefore affected by multiple vulnerabilities as described in the...
8.8CVSS
7.1AI Score
0.007EPSS
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply
Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don't have efficient methods to manage related time-sensitive SaaS security and compliance tasks.....
7.2AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...
9.8CVSS
8.8AI Score
EPSS
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....
7.1CVSS
7.1AI Score
0.001EPSS
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....
7.1CVSS
7.1AI Score
0.001EPSS
Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...
7.1CVSS
7.3AI Score
0.001EPSS
Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...
7.1CVSS
0.001EPSS
Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...
7.1CVSS
0.001EPSS
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....
9.8CVSS
8.7AI Score
0.05EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference of timing generator [Why & How] Check whether assigned timing generator is NULL or not before accessing its funcs to prevent NULL...
5.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini Currently amdgpu calls drm_sched_fini() from the fence driver sw fini routine - such function is expected to be called only after the respective init function -...
6.8AI Score
0.0004EPSS
RHEL 8 : kernel (RHSA-2024:3810)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...
7.8CVSS
7.6AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
8CVSS
7.5AI Score
EPSS
Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details ** CVEID: CVE-2023-29267 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as a trap...
5.3CVSS
6.7AI Score
0.0004EPSS
linux-intel-iotg-5.15 vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....
8CVSS
8.2AI Score
EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31881 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...
6.5CVSS
6.5AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31880 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2...
7AI Score
EPSS
Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library when using the NoSQL Hadoop wrapper. Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary...
7.7AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
6.8AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
8.8AI Score
0.001EPSS
Summary IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
6.1AI Score
0.0004EPSS