Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
7AI Score
EPSS
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
EPSS
8.8CVSS
9.5AI Score
0.001EPSS
7.5AI Score
7.5AI Score
7.5AI Score
5.3CVSS
5.9AI Score
0.002EPSS
7.5AI Score
CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1
CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1. A patched version of the package is...
5.9CVSS
6.8AI Score
0.963EPSS
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...
5.9CVSS
6.8AI Score
0.963EPSS
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is...
5.3CVSS
5.8AI Score
0.001EPSS
4.3CVSS
7.5AI Score
0.002EPSS
3.7CVSS
5.3AI Score
0.001EPSS
3.1CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
6.9AI Score
0.052EPSS
7.5AI Score
7.5AI Score
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
7.5AI Score
3.3CVSS
4.4AI Score
0.0004EPSS
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18
CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1
CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...
8CVSS
9.9AI Score
0.0004EPSS
CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1
CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1
CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...
7.5CVSS
9.1AI Score
0.001EPSS
7.5AI Score
7.5AI Score
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...
5.3CVSS
6.3AI Score
0.002EPSS
4.3CVSS
7.7AI Score
0.002EPSS
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
6.5CVSS
7.3AI Score
0.001EPSS
7.4CVSS
7.7AI Score
0.001EPSS
CVE-2011-1429 affecting package mutt 2.2.12-1
CVE-2011-1429 affecting package mutt 2.2.12-1. No patch is available...
6.4AI Score
0.003EPSS
7.5AI Score
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: cert-manager, grype, kubescape, newrelic-infrastructure-agent, k3d, kots, zot, helm-push, telegraf, fuse-overlayfs-snapshotter, cilium-cli, helm, up, melange, tekton-pipelines, eksctl, ctop, gitness, trivy, flux-helm-controller, kubevela, kaniko, skaffold,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: zot, cert-manager, helm-push, trivy, flux-helm-controller, istio-operator, k8sgpt, kubescape, zarf, cilium-cli, chartmuseum, k9s, up, helm-operator, flux-source-controller, kots,...
6.4CVSS
6.7AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
8.8CVSS
6.8AI Score
0.001EPSS
7.5AI Score
7.1AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.5AI Score
7.5CVSS
7.9AI Score
0.001EPSS
GHSA-VVPX-J8F3-3W6H vulnerabilities
Vulnerabilities for packages: go, wireguard-go, hey, grpcurl, restic, falco, gke-gcloud-auth-plugin, dynamic-localpv-provisioner,...
7.5AI Score
9.8CVSS
10AI Score
0.003EPSS
7.5AI Score
7.5AI Score