Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 1 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved.....
9.8CVSS
EPSS
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved.....
9.8CVSS
9.7AI Score
EPSS
Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or...
7.1AI Score
EPSS
Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or...
EPSS
Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or...
7.1AI Score
EPSS
Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or...
EPSS
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved.....
9.8CVSS
EPSS
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to...
9.1CVSS
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of.....
8CVSS
7.9AI Score
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...
9.9CVSS
9.6AI Score
EPSS
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to...
9.1CVSS
9.2AI Score
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of.....
8CVSS
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...
9.9CVSS
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX.....
9CVSS
9.4AI Score
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX.....
9CVSS
EPSS
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the...
9.1CVSS
EPSS
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the...
9.1CVSS
9.4AI Score
EPSS
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...
5.5CVSS
6AI Score
0.001EPSS
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2022-3857 affecting package syslinux 6.04-10
CVE-2022-3857 affecting package syslinux 6.04-10. No patch is available...
5.5CVSS
5.5AI Score
0.001EPSS
CVE-2022-3162 affecting package keda 2.4.0-20
CVE-2022-3162 affecting package keda 2.4.0-20. No patch is available...
6.5CVSS
7AI Score
0.001EPSS
CVE-2019-15484 affecting package bolt 0.9.2-2
CVE-2019-15484 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2022-42969 affecting package python-py 1.10.0-3
CVE-2022-42969 affecting package python-py 1.10.0-3. No patch is available...
7.5CVSS
7.7AI Score
0.007EPSS
CVE-2019-17414 affecting package vino 3.22.0-20
CVE-2019-17414 affecting package vino 3.22.0-20. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2019-12280 affecting package toolbox 0.0.18-9
CVE-2019-12280 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
7.8CVSS
7.2AI Score
0.003EPSS
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.001EPSS
CVE-2022-31321 affecting package bolt 0.9.2-2
CVE-2022-31321 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
9.1CVSS
7.5AI Score
0.002EPSS
CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1
CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2022-45639 affecting package sleuthkit 4.9.0-4
CVE-2022-45639 affecting package sleuthkit 4.9.0-4. No patch is available...
7.8CVSS
7.5AI Score
0.004EPSS
CVE-2022-47021 affecting package opusfile 0.12-2
CVE-2022-47021 affecting package opusfile 0.12-2. No patch is available...
7.8CVSS
7.7AI Score
0.0005EPSS
CVE-2022-4123 affecting package podman 4.1.1-21
CVE-2022-4123 affecting package podman 4.1.1-21. No patch is available...
3.3CVSS
4.3AI Score
0.0004EPSS
CVE-2022-4055 affecting package xdg-utils 1.1.3-7
CVE-2022-4055 affecting package xdg-utils 1.1.3-7. No patch is available...
7.4CVSS
7.5AI Score
0.001EPSS
CVE-2022-2929 affecting package dhcp 4.4.3-3
CVE-2022-2929 affecting package dhcp 4.4.3-3. This CVE either no longer is or was never...
6.5CVSS
7.2AI Score
0.001EPSS
CVE-2022-31629 affecting package php 7.4.14-3
CVE-2022-31629 affecting package php 7.4.14-3. This CVE either no longer is or was never...
6.5CVSS
9.9AI Score
0.006EPSS
CVE-2022-38752 affecting package snakeyaml 1.25-2
CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9AI Score
0.003EPSS
CVE-2022-36069 affecting package poetry 1.0.10-2
CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available...
7.3CVSS
7.3AI Score
0.001EPSS
CVE-2022-1615 affecting package samba 4.12.5-6
CVE-2022-1615 affecting package samba 4.12.5-6. No patch is available...
5.5CVSS
5.9AI Score
0.001EPSS
CVE-2022-25857 affecting package snakeyaml 1.25-2
CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.3AI Score
0.002EPSS
CVE-2022-36033 affecting package jsoup 1.11.3-3
CVE-2022-36033 affecting package jsoup 1.11.3-3. No patch is available...
6.1CVSS
8AI Score
0.001EPSS
CVE-2019-14249 affecting package libdwarf for versions less than 0.9.0
CVE-2019-14249 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...
6.5CVSS
6.5AI Score
0.002EPSS
CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10
CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2019-15483 affecting package bolt 0.9.2-2
CVE-2019-15483 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2022-1941 affecting package grpc 1.42.0-7
CVE-2022-1941 affecting package grpc 1.42.0-7. This CVE either no longer is or was never...
7.5CVSS
8AI Score
0.002EPSS
CVE-2022-40898 affecting package python-wheel 0.33.6-7
CVE-2022-40898 affecting package python-wheel 0.33.6-7. No patch is available...
7.5CVSS
7.7AI Score
0.003EPSS
CVE-2022-3114 affecting package kernel 5.15.160.1-1
CVE-2022-3114 affecting package kernel 5.15.160.1-1. No patch is available...
5.5CVSS
6.5AI Score
0.0004EPSS
CVE-2022-45885 affecting package kernel 5.15.160.1-1
CVE-2022-45885 affecting package kernel 5.15.160.1-1. No patch is available...
7CVSS
7.3AI Score
0.0004EPSS
CVE-2022-41854 affecting package snakeyaml 1.25-2
CVE-2022-41854 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
8.4AI Score
0.006EPSS
CVE-2022-2928 affecting package dhcp 4.4.3-3
CVE-2022-2928 affecting package dhcp 4.4.3-3. This CVE either no longer is or was never...
6.5CVSS
7.2AI Score
0.001EPSS
CVE-2022-31628 affecting package php 7.4.14-3
CVE-2022-31628 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.5CVSS
9.9AI Score
0.0005EPSS