All-in-One Addons For Elementor – WidgetKit Security Vulnerabilities
Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
6.9AI Score
EPSS
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game...
5.9AI Score
EPSS
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game...
EPSS
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
6.5AI Score
EPSS
The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its -t argument....
7.1CVSS
7AI Score
EPSS
The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its -t argument....
7.1CVSS
EPSS
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
EPSS
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...
7.5CVSS
7.5AI Score
EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
EPSS
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...
7.5CVSS
EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
6.6AI Score
EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
6.8AI Score
EPSS
CVE-2024-38532 TEST_KEY used in example dcp_tool reference implementation
The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its -t argument....
7.1CVSS
EPSS
CVE-2024-38533 ZKsync Era invalid stack addressing conversion
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....
4.6CVSS
EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
3.7CVSS
4.1AI Score
EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
3.7CVSS
EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....
4.6CVSS
4.7AI Score
EPSS
Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version...
3.5CVSS
EPSS
Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version...
3.5CVSS
4.4AI Score
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
5.7AI Score
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
EPSS
CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...
7.5CVSS
EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: skaffold, policy-controller, wolfictl, apko, slsa-verifier, goreleaser, flux-source-controller, neuvector-sigstore-interface, aactl, falcoctl, tkn, tekton-chains, ko, spire-server, vexctl, gitsign, zarf, kubescape, zot, falco,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: trivy, dagger, prometheus, kaniko, wolfictl, ctop, telegraf, kargo, goreleaser, crossplane, aactl, cadvisor, tkn, up, syft, ko, spire-server, buf, buildkitd, docker-compose, grype, conftest, kubescape, loki, zot, datadog-agent,...
5.9CVSS
6.1AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: vault, istio-pilot-discovery, kots, sops, cloudflared, kyverno, slsa-verifier, oauth2-proxy, argo-workflows, cosign, tekton-pipelines, flux-source-controller, aactl, external-secrets-operator, argo-cd, tkn, fulcio, tekton-chains, spire-server, terragrunt, vexctl,...
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: skaffold, prometheus, k3d, ctop, slsa-verifier, k3s, bom, paranoia, goreleaser, tekton-pipelines, aactl, kpt, up, tekton-chains, scorecard, cert-manager, kubescape, loki, chartmuseum,...
7.5AI Score
7.5AI Score
5.3CVSS
7.2AI Score
0.0005EPSS
7.5AI Score
7.5AI Score
6.4CVSS
7.7AI Score
0.0004EPSS
6.5CVSS
7.7AI Score
0.001EPSS
7.5AI Score
7.5AI Score
6.3AI Score
0.0004EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: neuvector-agent, trivy, skaffold, cilium-cli, kots, k3d, kaniko, newrelic-infrastructure-agent, helm, ctop, telegraf, tekton-pipelines, flux-source-controller, eksctl, up, gitness, grype, kubevela, cert-manager, kubescape, helm-push, zot, flux-helm-controller,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: helm-operator, flux-source-controller, kots, k8sgpt, trivy, zarf, k9s, cert-manager, eksctl, helm-push, chartmuseum, kubescape, flux-helm-controller, up, zot, cilium-cli,...
6.4CVSS
6.7AI Score
0.0004EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: helm-operator, flux-source-controller, kots, k8sgpt, trivy, zarf, k9s, cert-manager, eksctl, helm-push, chartmuseum, kubescape, flux-helm-controller, up, zot, cilium-cli,...
7.5AI Score
7.5AI Score
0.0004EPSS
7.5AI Score
8.9AI Score
0.0005EPSS
7.5AI Score
7.5AI Score
7.5AI Score
8.8CVSS
6.8AI Score
0.001EPSS