GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, spicedb, kubeflow-katib, guac, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, falcoctl, karpenter, loki, litefs, trillian, cert-manager, cluster-proportional-autoscaler, tekton-pipelines, traefik, caddy, zot, clusterctl, vexctl,.....
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
6.5AI Score
0.0004EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: influx, sonobuoy, mage, nri-discovery-kubernetes, goreleaser, gke-gcloud-auth-plugin, go-bindata, cilium-envoy, kind, cortex, slsa-verifier, scorecard, helm-push, metrics-server, go-md2man, amass, cass-operator, gosu, ctop, cni-plugins, local-path-provisioner, nsc,...
8.2AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, spicedb, kubeflow-katib, guac, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, falcoctl, karpenter, loki, litefs, trillian, cert-manager, cluster-proportional-autoscaler, tekton-pipelines, traefik, caddy, zot, clusterctl, vexctl,.....
6.7AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nri-consul, spicedb, wireguard-go, karpenter, litefs, cert-manager, clusterctl, logstash-exporter, docker-credential-gcr, prometheus, istio-pilot-agent, cue, oras, keda, prometheus-adapter, chartmuseum, aws-load-balancer-controller, vertical-pod-autoscaler,...
7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
6.5AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: nri-consul, spicedb, wireguard-go, karpenter, litefs, cert-manager, clusterctl, logstash-exporter, docker-credential-gcr, prometheus, istio-pilot-agent, cue, oras, keda, prometheus-adapter, chartmuseum, aws-load-balancer-controller, vertical-pod-autoscaler,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: influx, sonobuoy, mage, nri-discovery-kubernetes, goreleaser, gke-gcloud-auth-plugin, go-bindata, cilium-envoy, kind, cortex, slsa-verifier, scorecard, helm-push, metrics-server, go-md2man, amass, cass-operator, gosu, ctop, cni-plugins, local-path-provisioner, nsc,...
7.4AI Score
0.001EPSS
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: influx, sonobuoy, mage, nri-discovery-kubernetes, goreleaser, gke-gcloud-auth-plugin, go-bindata, cilium-envoy, kind, cortex, slsa-verifier, scorecard, helm-push, metrics-server, go-md2man, amass, cass-operator, gosu, ctop, cni-plugins, local-path-provisioner, nsc,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: influx, sonobuoy, mage, nri-discovery-kubernetes, goreleaser, gke-gcloud-auth-plugin, go-bindata, cilium-envoy, kind, cortex, slsa-verifier, scorecard, helm-push, metrics-server, go-md2man, amass, cass-operator, gosu, ctop, cni-plugins, local-path-provisioner, nsc,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
6.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: consul, helm, sonobuoy, kubeflow-katib, fq, mage, nri-discovery-kubernetes, gitlab-runner, kustomize, opentofu, wireguard-go, loki, litefs, bom, trillian, cluster-proportional-autoscaler, nri-redis, caddy, bazelisk, clusterctl, kubernetes-csi-external-attacher,...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call kobject_put. Mitigation...
7AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
[SECURITY] Fedora 39 Update: crosswords-0.3.13-1.fc39
A simple and fun game of crosswords. Load your crossword files, or play one of the included games. Features include: - Support for shaped and colored crosswords - Loading .ipuz and .puz files - Hint support, such as showing mistakes and suggesting words - Dark mode support - Locally installed...
7.4AI Score
[SECURITY] Fedora 40 Update: crosswords-0.3.13-1.fc40
A simple and fun game of crosswords. Load your crossword files, or play one of the included games. Features include: - Support for shaped and colored crosswords - Loading .ipuz and .puz files - Hint support, such as showing mistakes and suggesting words - Dark mode support - Locally installed...
7.4AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:1771-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1771-1 advisory. Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed...
7.8AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since...
7.2AI Score
0.0004EPSS
CVE-2021-47551 drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since...
7AI Score
0.0004EPSS
CVE-2021-47550 drm/amd/amdgpu: fix potential memleak
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call...
7.2AI Score
0.0004EPSS
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.3AI Score
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.6AI Score
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hw_init [Why] On resume we perform DMUB hw_init which allocates memory: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc That results in memory leak in suspend/resu...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the register state. The actual conditions under...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached_dev_cache_miss()...
7AI Score
0.0004EPSS
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays. Mitigation...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays. Mitigation...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue [ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int' [ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic #34~22.04.1-Ubuntu [...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In SR-IOV environment, the value of pcie_table->num_of_link_levels will be 0, and num_of_levels - 1 will cause array index out of bounds Mitigation...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() When ddc_service_construct() is called, it explicitly checks both the link type and whether there is something on the link which will dictate whether the pin.....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original message includes the DC...
6.8AI Score
0.0004EPSS
Personal AI Assistants and Privacy
Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall...
7AI Score
RHEL 8 : linux-firmware (RHSA-2024:3178)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3178 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size 8 at addr...
7.2AI Score
0.0004EPSS