A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.get_secret() method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval...
9.8CVSS
CVE-2024-4264 Remote Code Execution in berriai/litellm
A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.get_secret() method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval...
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds...
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, crossplane-provider-gcp, k8sgpt, envoy-ratelimit, aactl, atlantis, kyverno, kargo, crossplane-provider-aws, grpc-health-probe, newrelic-nri-kube-events, newrelic-infra-operator,...
7.5AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, crossplane-provider-gcp, k8sgpt, envoy-ratelimit, aactl, atlantis, kyverno, kargo, crossplane-provider-aws, grpc-health-probe, newrelic-nri-kube-events, newrelic-infra-operator,...
6.6AI Score
0.0004EPSS
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: argo-cd, falco, pulumi-language-java, slsa-verifier, pulumi, aactl, crossplane-provider-aws, terragrunt, crossplane, kubevela, skaffold, pulumi-language-dotnet, boring-registry, flux-kustomize-controller, terraform-provider-google, zarf, kubescape, goreleaser,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: k8sgpt, envoy-ratelimit, aactl, kyverno, nri-redis, bom, terraform-provider-google, opentofu, newrelic-infrastructure-agent, crossplane-provider-azure, ferretdb, xcaddy, lazygit, stern, task, cri-tools, dynamic-localpv-provisioner, nats-server, pulumi, kubevela,...
6.9AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: k8sgpt, envoy-ratelimit, aactl, kyverno, nri-redis, bom, terraform-provider-google, opentofu, newrelic-infrastructure-agent, crossplane-provider-azure, ferretdb, xcaddy, lazygit, stern, task, cri-tools, dynamic-localpv-provisioner, nats-server, pulumi, kubevela,...
7.5AI Score
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Mitigation Red Hat has investigated whether a possible...
0.02EPSS
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. -...
8.2CVSS
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. -...
When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation.....
7.8CVSS
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus...
8.2CVSS
When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default...
7.8CVSS
CVE-2024-3291 Privilege Escalation
When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default...
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus...
When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation.....
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: prometheus-statsd-exporter, istio-operator-fips, tctl-fips, external-secrets-fips, nerdctl, external-secrets, kube-logging-logging-operator, eks-distro-kubernetes-csi-node-driver-registrar, rqlite, temporal-ui-server, argo-cd-fips, kube-state-metrics-fips, karpenter,.....
7.3AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: prometheus-statsd-exporter, istio-operator-fips, croc, tctl-fips, tailscale, external-secrets-fips, external-secrets, kube-logging-logging-operator, git-lfs, eks-distro-kubernetes-csi-node-driver-registrar, rqlite, s5cmd, temporal-ui-server, argo-cd-fips, helm-fips,...
6.5AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: prometheus-statsd-exporter, istio-operator-fips, tctl-fips, external-secrets-fips, nerdctl, external-secrets, kube-logging-logging-operator, eks-distro-kubernetes-csi-node-driver-registrar, rqlite, temporal-ui-server, argo-cd-fips, kube-state-metrics-fips, karpenter,.....
6.2AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: prometheus-statsd-exporter, istio-operator-fips, croc, tctl-fips, tailscale, external-secrets-fips, external-secrets, kube-logging-logging-operator, git-lfs, eks-distro-kubernetes-csi-node-driver-registrar, rqlite, s5cmd, temporal-ui-server, argo-cd-fips, helm-fips,...
7.3AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: flux-source-controller-2.0, grafana, kaniko, falcoctl-fips, pulumi, flux-notification-controller, kubevela, flux-source-controller, zarf, pulumi-language-yaml, kubescape, zot, goreleaser, actions-runner-controller, keda, pulumi-kubernetes-operator, skaffold, flux,...
7.3AI Score
Submariner Operator sets unnecessary RBAC permissions in helm charts
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire...
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat...
CVE-2024-35846 mm: zswap: fix shrinker NULL crash with cgroup_disable=memory
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat...
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds...
CVE-2024-35825 usb: gadget: ncm: Fix handling of zero block length packets
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds...
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...
CVE-2024-27405 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...
mlflow is vulnerable to Path Traversal. The vulnerability is due to improper validation of artifact URLs, particularly in handling the fragment part of the URL. Attackers can exploit this by inserting a #'character, allowing the artifact to bypass validation, resulting an arbitrary file access on.....
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through...
8CVSS
7.2AI Score
Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through...
7.1CVSS
7.2AI Score
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through...
Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through...
Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
0.973EPSS
Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2024-1701)
The remote host is missing an update for the Huawei...
0.002EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1673)
The remote host is missing an update for the Huawei...
0.002EPSS
Huawei EulerOS: Security Advisory for flac (EulerOS-SA-2024-1679)
The remote host is missing an update for the Huawei...
0.001EPSS
Huawei EulerOS: Security Advisory for linux-firmware (EulerOS-SA-2024-1692)
The remote host is missing an update for the Huawei...
0.0005EPSS
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1709)
The remote host is missing an update for the Huawei...
0.266EPSS
0.001EPSS
Huawei EulerOS: Security Advisory for libcap (EulerOS-SA-2024-1686)
The remote host is missing an update for the Huawei...
0.001EPSS
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1703)
The remote host is missing an update for the Huawei...
0.01EPSS
0.037EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1672)
The remote host is missing an update for the Huawei...
0.002EPSS
0.0004EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1695)
The remote host is missing an update for the Huawei...
0.001EPSS