Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its -t argument....
7.1CVSS
7AI Score
EPSS
The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its -t argument....
7.1CVSS
EPSS
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...
7.5CVSS
7.5AI Score
EPSS
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...
7.5CVSS
EPSS
CVE-2024-38532 TEST_KEY used in example dcp_tool reference implementation
The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its -t argument....
7.1CVSS
EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....
4.6CVSS
EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
3.7CVSS
4.1AI Score
EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....
4.6CVSS
4.7AI Score
EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
3.7CVSS
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
5.7AI Score
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
EPSS
CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...
7.5CVSS
EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: skaffold, policy-controller, wolfictl, apko, slsa-verifier, goreleaser, flux-source-controller, neuvector-sigstore-interface, aactl, falcoctl, tkn, tekton-chains, ko, spire-server, vexctl, gitsign, zarf, kubescape, zot, falco,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: trivy, dagger, prometheus, kaniko, wolfictl, ctop, telegraf, kargo, goreleaser, crossplane, aactl, cadvisor, tkn, up, syft, ko, spire-server, buf, buildkitd, docker-compose, grype, conftest, kubescape, loki, zot, datadog-agent,...
5.9CVSS
6.1AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: vault, istio-pilot-discovery, kots, sops, cloudflared, kyverno, slsa-verifier, oauth2-proxy, argo-workflows, cosign, tekton-pipelines, flux-source-controller, aactl, external-secrets-operator, argo-cd, tkn, fulcio, tekton-chains, spire-server, terragrunt, vexctl,...
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: skaffold, prometheus, k3d, ctop, slsa-verifier, k3s, bom, paranoia, goreleaser, tekton-pipelines, aactl, kpt, up, tekton-chains, scorecard, cert-manager, kubescape, loki, chartmuseum,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: trivy, dagger, prometheus, kaniko, wolfictl, ctop, telegraf, kargo, goreleaser, crossplane, aactl, cadvisor, tkn, up, syft, ko, spire-server, buf, buildkitd, docker-compose, grype, conftest, kubescape, loki, zot, datadog-agent,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...
7.8AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: configmap-reload, nuclei, k8sgpt, dagger, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, guac, capslock, kaniko, sops, temporal, filebeat, kubernetes-dns-node-cache,...
7.5AI Score
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: trillian, step-ca, keda, temporal-server, telegraf, vault, ferretdb, kube-bench, src, kine, k3s, caddy, spicedb, amass, argo-workflows,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: trillian, step-ca, keda, temporal-server, telegraf, vault, ferretdb, kube-bench, src, kine, k3s, caddy, spicedb, amass, argo-workflows,...
7.5AI Score
GHSA-232P-VWFF-86MP vulnerabilities
Vulnerabilities for packages: apko, helm, ctop, up, ko, bom,...
7.5AI Score
7.5AI Score
7.5AI Score
Vulnerabilities for packages: argo-cd, cluster-autoscaler, calico,...
8.8CVSS
8.9AI Score
0.001EPSS
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, flux-notification-controller, argo-cd, argo-workflows,...
7.5CVSS
7.7AI Score
0.0005EPSS
6.2CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
Vulnerabilities for packages: node-feature-discovery, kubernetes-csi-driver-hostpath, kubernetes, calico, local-static-provisioner, kubernetes-dns-node-cache, nodetaint, aws-ebs-csi-driver, cluster-autoscaler, ip-masq-agent,...
2.7CVSS
4.3AI Score
0.0004EPSS
CVE-2024-26130 vulnerabilities
Vulnerabilities for packages: ggshield, py3-cryptography, az, py3-cassandra-medusa,...
7.5CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.0004EPSS
7.5AI Score
CVE-2024-23652 vulnerabilities
Vulnerabilities for packages: kaniko, buildkitd, trivy, skaffold, docker, conftest, scorecard, kubescape, zot, datadog-agent,...
10CVSS
9.7AI Score
0.001EPSS
6.4CVSS
7.7AI Score
0.0004EPSS
8.8CVSS
7.2AI Score
0.0004EPSS
7.5AI Score
7.5CVSS
7.8AI Score
0.001EPSS
6.5CVSS
7AI Score
0.001EPSS
7.5AI Score
7.5AI Score
5.3CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
4.7CVSS
7.5AI Score
0.0004EPSS
6.5CVSS
7.5AI Score
0.001EPSS