GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: containerd, dex, kube-bench, pulumi-language-java, grafana-agent-operator, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, secrets-store-csi-driver, spicedb, haproxy-ingress, kyverno-policy-reporter-ui, kubernetes-csi-external-resizer, rekor,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.8AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: pulumi-language-java, grafana-agent-operator, kubernetes-csi-external-provisioner, secrets-store-csi-driver, aws-flb-cloudwatch, chartmuseum, k8sgpt, step-ca, terraform-docs, pulumi-kubernetes-operator, coredns, docker-credential-ecr-login, temporal-ui-server,...
6.7AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: pulumi-language-java, grafana-agent-operator, kubernetes-csi-external-provisioner, secrets-store-csi-driver, aws-flb-cloudwatch, chartmuseum, k8sgpt, step-ca, terraform-docs, pulumi-kubernetes-operator, coredns, docker-credential-ecr-login, temporal-ui-server,...
7.2AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: sops, aws-flb-kinesis, go-licenses, go-md2man, oras, sonobuoy, slsa-verifier, goreleaser, nsc, petname, gitlab-logger, aws-flb-cloudwatch, falco, k3d, cass-operator, gke-gcloud-auth-plugin, hey, wait-for-port, cni-plugins, gops, scorecard, cortex, go-bindata,...
7.5CVSS
7.9AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: containerd, dex, kube-bench, pulumi-language-java, grafana-agent-operator, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, secrets-store-csi-driver, spicedb, haproxy-ingress, kyverno-policy-reporter-ui, kubernetes-csi-external-resizer, rekor,...
6.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.8AI Score
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: pulumi-language-java, grafana-agent-operator, kubernetes-csi-external-provisioner, secrets-store-csi-driver, aws-flb-cloudwatch, chartmuseum, k8sgpt, step-ca, terraform-docs, pulumi-kubernetes-operator, coredns, docker-credential-ecr-login, temporal-ui-server,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: pulumi-language-java, grafana-agent-operator, kubernetes-csi-external-provisioner, secrets-store-csi-driver, aws-flb-cloudwatch, chartmuseum, k8sgpt, step-ca, terraform-docs, pulumi-kubernetes-operator, coredns, docker-credential-ecr-login, temporal-ui-server,...
7.2AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.8AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.8AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: pulumi-language-java, grafana-agent-operator, kubernetes-csi-external-provisioner, secrets-store-csi-driver, aws-flb-cloudwatch, chartmuseum, k8sgpt, step-ca, terraform-docs, pulumi-kubernetes-operator, coredns, docker-credential-ecr-login, temporal-ui-server,...
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: sops, aws-flb-kinesis, go-licenses, go-md2man, oras, sonobuoy, slsa-verifier, goreleaser, nsc, petname, gitlab-logger, aws-flb-cloudwatch, falco, k3d, cass-operator, gke-gcloud-auth-plugin, hey, wait-for-port, cni-plugins, gops, scorecard, cortex, go-bindata,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: sops, aws-flb-kinesis, go-licenses, go-md2man, oras, sonobuoy, slsa-verifier, goreleaser, nsc, petname, gitlab-logger, aws-flb-cloudwatch, falco, k3d, cass-operator, gke-gcloud-auth-plugin, hey, wait-for-port, cni-plugins, gops, scorecard, cortex, go-bindata,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: sops, aws-flb-kinesis, go-licenses, go-md2man, oras, sonobuoy, slsa-verifier, goreleaser, nsc, petname, gitlab-logger, aws-flb-cloudwatch, falco, k3d, cass-operator, gke-gcloud-auth-plugin, hey, wait-for-port, cni-plugins, gops, scorecard, cortex, go-bindata,...
5.3CVSS
7.2AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: pulumi-language-java, grafana-agent-operator, kubernetes-csi-external-provisioner, secrets-store-csi-driver, aws-flb-cloudwatch, chartmuseum, k8sgpt, step-ca, terraform-docs, pulumi-kubernetes-operator, coredns, docker-credential-ecr-login, temporal-ui-server,...
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: dex, go-md2man, kube-bench, nri-mssql, pulumi-language-java, kubernetes-csi-external-provisioner, opentofu, kubeflow-pipelines, lazygit, aws-flb-cloudwatch, thanos, haproxy-ingress, secrets-store-csi-driver-provider-gcp, kubernetes-csi-external-resizer,...
7.8AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...
CVE-2024-36969 drm/amd/display: Fix division by zero in setup_dsc_config
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...
Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)
Check Point Security Gateway is a secure web gateway that is an on-premises or cloud-delivered network security service. Check Point enforces network security policies, including firewall, VPN, and intrusion prevention capabilities. Check Point published a zero-day advisory on May 28, 2024,...
8.6CVSS
Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...
7.8CVSS
9.5AI Score
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the...
7.6CVSS
7.5AI Score
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the...
7.6CVSS
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the...
7.6CVSS
Fedora: Security Advisory for rust-sevctl (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
Fedora: Security Advisory for rust-snphost (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
kernel security and bug fix update
[5.14.0-427.20.1_4.OL9] Disable UKI signing [Orabug: 36571828] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey...
7.4AI Score
Security Bulletin: NVIDIA GPU Display Driver - June 2024
NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...
Financial sextortion scams on the rise
“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....
6.8AI Score
Unable to generate the correct character set
Reduced entropy due to inadequate character set usage Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the....
9.4CVSS
6.5AI Score
Unable to generate the correct character set
Reduced entropy due to inadequate character set usage Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the....
9.4CVSS
6.5AI Score
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2024. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An...
5.9CVSS
6.2AI Score
nano-id reduced entropy due to inadequate character set usage
Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...
7AI Score
nano-id reduced entropy due to inadequate character set usage
Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...
7AI Score
AI jailbreaks: What they are and how they can be mitigated
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s). As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used...
Summary A vulnerabilitiy in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVE-2024-3933 Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security...
5.3CVSS
6.7AI Score
nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...
9.4CVSS
nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...
9.4CVSS
6.9AI Score
nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...
9.4CVSS
6.7AI Score
CVE-2024-36400 nano-id is unable to generate the correct character set
nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...
9.4CVSS
9.1AI Score
This Week in Spring - June 4th, 2024
Hi, Spring fans, from London! I'm in this fabulous country doing my level-headed best to refrain from dooing Mr. Bean bits, because, honestly, if I - an avid and prolific fan of Spring and its many beans - can't be "Mr. Bean," then I'm glad Rowan Atkinson is! I'm here for a SpringOne Tour event,...
7.2AI Score
7.9CVSS
6.5AI Score
Updated microcode packages fix security vulnerabilities
The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (CVE-2023-45733) Sequence of processor instructions leads to unexpected...
7.9CVSS
6.3AI Score
PCI DSS 4.0: Get Audit-Ready for the New Requirements
The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...