GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: flux-image-automation-controller, datadog-agent, kyverno-policy-reporter, dagger, external-dns, dynamic-localpv-provisioner, tigera-operator, grafana-operator, argo-cd, velero, thanos, kuberay-operator, terraform-provider-azurerm, argo-workflows, helm, kpt, ctop,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: gobump, external-dns, extism, dynamic-localpv-provisioner, libnvidia-container, grafana-operator, dockerize, tigera-operator, thanos, hello-world-golang, helm, docker-credential-acr-env, docker-credential-gcr, kpt, src-fingerprint, ctop, grpcurl, kubebuilder, rclone,.....
6.5AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: nri-jmx, gobump, dagger, external-dns, kuberay-operator, neuvector-controller, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached,....
6.5AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: flux-image-automation-controller, datadog-agent, kyverno-policy-reporter, dagger, external-dns, dynamic-localpv-provisioner, tigera-operator, grafana-operator, argo-cd, velero, thanos, kuberay-operator, terraform-provider-azurerm, argo-workflows, helm, kpt, ctop,...
6.7AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nri-jmx, gobump, external-dns, kuberay-operator, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, kube-rbac-proxy, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached, kor,...
6.8AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: gobump, external-dns, extism, dynamic-localpv-provisioner, libnvidia-container, grafana-operator, dockerize, tigera-operator, thanos, hello-world-golang, helm, docker-credential-acr-env, docker-credential-gcr, kpt, src-fingerprint, ctop, grpcurl, kubebuilder, rclone,.....
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: gobump, external-dns, extism, dynamic-localpv-provisioner, libnvidia-container, grafana-operator, dockerize, tigera-operator, thanos, hello-world-golang, helm, docker-credential-acr-env, docker-credential-gcr, kpt, src-fingerprint, ctop, grpcurl, kubebuilder, rclone,.....
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: nri-jmx, gobump, external-dns, kuberay-operator, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, kube-rbac-proxy, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached, kor,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: nri-jmx, gobump, dagger, external-dns, kuberay-operator, neuvector-controller, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached,....
6.5AI Score
0.0004EPSS
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: nerdctl, cloudflared, frp, step-ca, istio-cni, argo-cd, kyverno, gitsign, keda, cert-manager, argo-workflows, rook, falcoctl, policy-controller, istio-pilot-agent, guac, terragrunt, istio-pilot-discovery, melange, wolfictl, grafana, ko, spire-server, goreleaser,...
7.5AI Score
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: nri-jmx, gobump, dagger, external-dns, kuberay-operator, neuvector-controller, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached,....
7.5AI Score
CVE-2024-29025 vulnerabilities
Vulnerabilities for packages: cloudwatch-exporter, selenium, management-api-for-apache-cassandra, wavefront-proxy, spark, opensearch, keycloak,...
5.3CVSS
5.8AI Score
0.0004EPSS
GHSA-5JPM-X58V-624V vulnerabilities
Vulnerabilities for packages: cloudwatch-exporter, selenium, management-api-for-apache-cassandra, wavefront-proxy, spark, opensearch, keycloak,...
7.5AI Score
7.5CVSS
7.7AI Score
0.005EPSS
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: nerdctl, cloudflared, frp, step-ca, istio-cni, argo-cd, kyverno, gitsign, keda, cert-manager, argo-workflows, rook, falcoctl, policy-controller, istio-pilot-agent, guac, terragrunt, istio-pilot-discovery, melange, wolfictl, grafana, ko, spire-server, goreleaser,...
4.3CVSS
6AI Score
0.0005EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: gobump, external-dns, extism, dynamic-localpv-provisioner, libnvidia-container, grafana-operator, dockerize, tigera-operator, thanos, hello-world-golang, helm, docker-credential-acr-env, docker-credential-gcr, kpt, src-fingerprint, ctop, grpcurl, kubebuilder, rclone,.....
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: nri-jmx, gobump, dagger, external-dns, kuberay-operator, neuvector-controller, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached,....
7.5AI Score
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...
8.3AI Score
0.0004EPSS
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...
0.0004EPSS
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...
3.5CVSS
0.0004EPSS
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...
3.5CVSS
6.9AI Score
0.0004EPSS
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...
3.5CVSS
0.0004EPSS
An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....
5.4CVSS
7AI Score
0.0004EPSS
Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...
5.4CVSS
7.3AI Score
0.0004EPSS
ruby:3.3 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
6.5AI Score
EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37697) Security Fix(es): ruby: Buffer overread...
6.9AI Score
EPSS
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-35449) Security Fix(es): ruby: Buffer overread...
6.9AI Score
EPSS
ruby:3.1 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
6.5AI Score
EPSS
An update is available for ipa. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized.....
8.1CVSS
6.9AI Score
0.0004EPSS
An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...
7.4AI Score
Important: ipa security update
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user...
8.1CVSS
7.2AI Score
0.0004EPSS
An update is available for module.pyusb, module.opendnssec, custodia, module.custodia, pyusb, module.python-kdcproxy, module.slapi-nis, opendnssec, python-yubico, slapi-nis, ipa-healthcheck, softhsm, module.python-qrcode, module.softhsm, module.ipa-healthcheck, python-qrcode, module.python-yubico,....
5.3CVSS
6.7AI Score
0.0004EPSS
ruby:3.1 security, bug fix, and enhancement update
An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available...
6AI Score
EPSS
fence-agents security and bug fix update
An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....
6.1CVSS
6.8AI Score
0.001EPSS
Moderate: idm:DL1 and idm:client security update
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): JWCrypto: denail of service Via specifically crafted JWE...
6.8CVSS
6.7AI Score
0.0004EPSS
Moderate: idm:DL1 security update
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of...
5.3CVSS
6.6AI Score
0.0004EPSS
Important: idm:DL1 security update
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to...
8.1CVSS
8.2AI Score
0.0004EPSS
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...
5.8AI Score
EPSS
An update is available for pmix. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Process Management Interface (PMI) provides process management functions...
8.1CVSS
6.6AI Score
0.001EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37446) Security Fix(es): ruby: Buffer overread...
6.3AI Score
EPSS
idm:DL1 and idm:client security update
An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...
6.8CVSS
6.8AI Score
0.0004EPSS
Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
6.1CVSS
7.2AI Score
0.001EPSS
Important: pmix security update
The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): pmix: race condition allows...
8.1CVSS
6.5AI Score
0.001EPSS
smartmontools bug fix and enhancement update
An update is available for smartmontools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...
7.3CVSS
7.1AI Score
0.0004EPSS
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...
7.3CVSS
0.0004EPSS
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...
5.6CVSS
7.1AI Score
0.0004EPSS
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...
5.6CVSS
0.0004EPSS
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...
10CVSS
9.6AI Score
0.0004EPSS