IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
EPSS
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
4.9AI Score
EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
6.2AI Score
EPSS
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...
4.3CVSS
EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...
4.3CVSS
EPSS
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...
4.3CVSS
4.2AI Score
EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...
4.3CVSS
4.7AI Score
EPSS
CVE-2023-50954 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...
4.3CVSS
EPSS
CVE-2024-31902 IBM InfoSphere Information Server cross-site request forgery
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...
4.3CVSS
EPSS
CVE-2024-35119 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
6AI Score
EPSS
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...
4CVSS
6.1AI Score
EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
EPSS
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...
4CVSS
EPSS
CVE-2024-28798 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
EPSS
CVE-2023-35022 IBM InfoSphere Information Server improper authentication
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...
4CVSS
EPSS
CVE-2024-28795 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: ferretdb, src, k3s, caddy, step-ca, temporal-server, trillian, argo-workflows, kine, telegraf, amass, keda, kots, kube-bench, vault,...
7.5AI Score
Vulnerabilities for packages: step-ca, gitlab-runner, k3s, kubescape, actions-runner-controller, grafana-mimir, zot, terraform-provider-azurerm, loki, keda, flux-notification-controller, aactl, rabbitmq-messaging-topology-operator, sops, tekton-pipelines, vexctl, slsa-verifier, glab, argo-cd,...
6CVSS
6AI Score
0.0004EPSS
7.5AI Score
CVE-2024-28219 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...
6.7CVSS
7AI Score
0.0004EPSS
7.5AI Score
5.3CVSS
6.1AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
7.8CVSS
7.1AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.3CVSS
7.1AI Score
0.0005EPSS
CVE-2024-21506 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, datadog-agent,...
6.7AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: kubescape, dex, cilium-envoy, oauth2-proxy, keda, aactl, sops, tekton-pipelines, vexctl, slsa-verifier, argo-cd, argo-workflows, flux-kustomize-controller, traefik, cloudflared, falco, spire-server, gitsign, tekton-chains, kyverno, vault, cosign,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...
7.8AI Score
0.0004EPSS
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: kubescape, wolfictl, zot, loki, aactl, conftest, crossplane, kargo, goreleaser, telegraf, ctop, datadog-agent, cadvisor, spire-server, up, buf, ko, buildkitd, syft, trivy, prometheus, grype, tkn, dagger, docker-compose, melange,...
5.9CVSS
6.1AI Score
0.0004EPSS
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: kubescape, wolfictl, zot, loki, aactl, conftest, crossplane, kargo, goreleaser, telegraf, ctop, datadog-agent, cadvisor, spire-server, up, buf, ko, buildkitd, syft, trivy, prometheus, grype, tkn, dagger, docker-compose, melange,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, vexctl, aactl, gatekeeper, docker, cortex, slsa-verifier, cri-tools, nri-discovery-kubernetes,...
7.5AI Score
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: ferretdb, src, k3s, caddy, step-ca, temporal-server, trillian, argo-workflows, kine, telegraf, amass, keda, kots, kube-bench, vault,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: kubescape, wolfictl, zot, vexctl, aactl, apko, slsa-verifier, goreleaser, neuvector-sigstore-interface, spire-server, falco, gitsign, tekton-chains, ko, zarf, skaffold, tkn, policy-controller, flux-source-controller, melange,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: dex, dotnet, cilium-envoy, oauth2-proxy, tomcat, aactl, gatekeeper, nghttp2, cortex, slsa-verifier, git-lfs, argo-cd, goreleaser, gke-gcloud-auth-plugin, traefik, falco, spark-operator, cosign, nats, kubernetes-csi-node-driver-registrar, prometheus-blackbox-exporter,.....
7.5CVSS
9AI Score
0.732EPSS
Vulnerabilities for packages: kubeflow-katib, ggshield, kubeflow-pipelines-visualization-server, py3-idna, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-cassandra-medusa, datadog-agent, kubeflow-pipelines, confluent-docker-utils, k8s-sidecar, py3.10-tensorflow-core, dask-gateway, az,...
6.7AI Score
EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, aactl, gatekeeper, cri-tools, flannel, istio-cni, nri-memcached, goreleaser, bazelisk, cloudflared, spark-operator, gptscript, configmap-reload, newrelic-infra-operator, containerd,...
6.8AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, go, hcloud, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, aactl, go-fips, cortex, cri-tools, git-lfs, step, istio-operator, flannel, sonobuoy,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, go, hcloud, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, aactl, go-fips, cortex, cri-tools, git-lfs, step, istio-operator, flannel, sonobuoy,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, aactl, gatekeeper, cri-tools, flannel, istio-cni, nri-memcached, bazelisk, local-static-provisioner, cloudflared, configmap-reload, newrelic-infra-operator, dagger, vcluster, go-md2man,...
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: step-ca, gitlab-runner, k3s, kubescape, actions-runner-controller, grafana-mimir, zot, terraform-provider-azurerm, loki, keda, flux-notification-controller, aactl, rabbitmq-messaging-topology-operator, sops, tekton-pipelines, vexctl, slsa-verifier, glab, argo-cd,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, gitlab-logger, docker-credential-ecr-login, grpcurl, gops, cilium-envoy, nsc, aws-flb-kinesis, go-bindata, flannel-cni-plugin, aactl, aws-flb-cloudwatch, sops, petname, cortex, slsa-verifier, docker-cli, nri-discovery-kubernetes,.....
7.5CVSS
7.9AI Score
0.001EPSS
Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, dex, aws-ebs-csi-driver, oauth2-proxy, aactl, gatekeeper, git-lfs, argo-cd, goreleaser, gke-gcloud-auth-plugin, timoni, vault, spark-operator, cosign, kubernetes-csi-node-driver-registrar,...
6.1CVSS
7.3AI Score
0.001EPSS