A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
7.3AI Score
EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
7.4AI Score
EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
EPSS
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)
Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...
6.7AI Score
0.0004EPSS
Summary IBM MQ Appliance has addressed XML External Entity (XXE) injection and server-side request forgery vulnerabilities. Vulnerability Details CVEID: CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are.....
7CVSS
7.8AI Score
0.0004EPSS
Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...
5.9CVSS
6.9AI Score
0.963EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
8.9AI Score
EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.8AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: amass, argo-workflows, step-ca, kine, vault, telegraf, kube-bench, trillian, spicedb, kots, k3s, ferretdb, keda, caddy, temporal-server,...
7.5AI Score
CVE-2024-21506 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, datadog-agent,...
6.7AI Score
0.0004EPSS
7.5AI Score
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: melange, zarf, goreleaser, vexctl, spire-server, zot, falco, aactl, gitsign, tkn, policy-controller, tekton-chains, flux-source-controller, wolfictl, neuvector-sigstore-interface, skaffold, kubescape, falcoctl, ko, apko,...
7.5AI Score
Vulnerabilities for packages: rook, flux-image-automation-controller, sops, kyverno, sigstore-scaffolding, grafana-mimir, consul, nuclei, kargo, gitlab-kas, tekton-pipelines, zarf, flux-kustomize-controller, goreleaser, guac, rabbitmq-messaging-topology-operator, pulumi, vexctl,...
6CVSS
6AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: sops, kyverno, vault, istio-pilot-discovery, traefik, tekton-pipelines, flux-kustomize-controller, vexctl, spire-server, fulcio, keda, external-secrets-operator, cilium-envoy, falco, argo-cd, dex, aactl, gitsign, kots, terragrunt, tkn, tekton-chains,...
7.5AI Score
CVE-2024-28219 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...
6.7CVSS
7AI Score
0.0004EPSS
7.5AI Score
7.8CVSS
7.1AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.3CVSS
7.1AI Score
0.0005EPSS
5.3CVSS
6.1AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, cue, rqlite, tctl, tomcat, traefik, nvidia-device-plugin, pulumi, keda, flux-notification-controller, terraform-provider-aws, argo-cd, hey, gitness, spark-operator, kubernetes-csi-livenessprobe,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: gatekeeper, rook, melange, helm, prometheus-elasticsearch-exporter, ctop, hubble-ui, chartmuseum, newrelic-nri-kube-events, secrets-store-csi-driver-provider-aws, rqlite, vault, tctl, k8ssandra-operator, osv-scanner, traefik, grafana-agent-operator,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: melange, ctop, trivy, kargo, cadvisor, docker-compose, up, goreleaser, conftest, spire-server, loki, kaniko, grype, datadog-agent, aactl, telegraf, crossplane, tkn, prometheus, buf, wolfictl, buildkitd, syft, kubescape, ko, zot,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: melange, ctop, trivy, kargo, cadvisor, docker-compose, up, goreleaser, conftest, spire-server, loki, kaniko, grype, datadog-agent, aactl, telegraf, crossplane, tkn, prometheus, buf, wolfictl, buildkitd, syft, kubescape, ko, zot,...
5.9CVSS
6.1AI Score
0.0004EPSS
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: amass, argo-workflows, step-ca, kine, vault, telegraf, kube-bench, trillian, spicedb, kots, k3s, ferretdb, keda, caddy, temporal-server,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: dask-gateway, ggshield, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines-visualization-server, py3-idna, confluent-docker-utils, py3-cassandra-medusa, az, kubeflow-jupyter-web-app, kubeflow-katib, k8s-sidecar,...
7.5AI Score
7.5AI Score
9.8CVSS
7.7AI Score
0.001EPSS
7.5AI Score
7.5CVSS
7.2AI Score
0.0004EPSS
7.5AI Score
7.3CVSS
7.1AI Score
0.0005EPSS
7.3CVSS
7.1AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, git-lfs, melange, helm, libssh2, step, vault, rqlite, gitlab-kas, traefik, pulumi, prometheus-mysqld-exporter, vexctl, external-secrets-operator, terraform-provider-aws, argo-cd, gitness, k3d, kubernetes-event-exporter, kubernetes-dashboard,...
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nats-server, git-lfs, harbor-registry, cue, bazelisk, osv-scanner, aws-network-policy-agent, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, bincapz, keda, k9s, tfsec, gitness, chezmoi, k3d, kube-rbac-proxy, nri-haproxy, boring-registry, regclient,...
6.8AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: nats-server, multus-cni, git-lfs, melange, helm, lazygit, ctop, harbor-registry, hubble-ui, chartmuseum, step, extism, secrets-store-csi-driver-provider-aws, cue, osv-scanner, traefik, go, grafana-agent-operator, nvidia-device-plugin, gobump,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: nats-server, multus-cni, git-lfs, melange, helm, lazygit, ctop, harbor-registry, hubble-ui, chartmuseum, step, extism, secrets-store-csi-driver-provider-aws, cue, osv-scanner, traefik, go, grafana-agent-operator, nvidia-device-plugin, gobump,...
7.5AI Score
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: rook, flux-image-automation-controller, sops, kyverno, sigstore-scaffolding, grafana-mimir, consul, nuclei, kargo, gitlab-kas, tekton-pipelines, zarf, flux-kustomize-controller, goreleaser, guac, rabbitmq-messaging-topology-operator, pulumi, vexctl,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: amass, configmap-reload, mage, sops, docker-cli, petname, aws-flb-cloudwatch, cass-operator, go-md2man, ctop, kubernetes-dashboard-metrics-scraper, gitlab-logger, render-template, cni-plugins, prometheus-stackdriver-exporter, grpcurl, nats, goreleaser, gosu,...
7.5CVSS
7.9AI Score
0.001EPSS
Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, chartmuseum, vault, cue, rqlite, tctl, nvidia-device-plugin, pulumi, prometheus-mysqld-exporter, karpenter, keda, flux-notification-controller, external-secrets-operator, argo-cd, hey, gitness, k3d,...
6.1CVSS
7.3AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: gatekeeper, rook, melange, helm, prometheus-elasticsearch-exporter, ctop, hubble-ui, chartmuseum, newrelic-nri-kube-events, secrets-store-csi-driver-provider-aws, rqlite, vault, tctl, k8ssandra-operator, osv-scanner, traefik, grafana-agent-operator,...
6.8AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.8AI Score
0.0004EPSS