Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...
8.6CVSS
7.8AI Score
0.051EPSS
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
6.5AI Score
EPSS
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
6.6AI Score
EPSS
CVE-2024-38533 ZKsync Era invalid stack addressing conversion
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
EPSS
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
7.5CVSS
8AI Score
0.003EPSS
CVE-2020-4041 affecting package bolt 0.9.2-2
CVE-2020-4041 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.4CVSS
7.5AI Score
0.006EPSS
CVE-2019-15484 affecting package bolt 0.9.2-2
CVE-2019-15484 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2021-27367 affecting package bolt 0.9.2-2
CVE-2021-27367 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.5CVSS
7.5AI Score
0.002EPSS
CVE-2022-31321 affecting package bolt 0.9.2-2
CVE-2022-31321 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
9.1CVSS
7.5AI Score
0.002EPSS
CVE-2023-0475 affecting package k3s 1.24.12-2
CVE-2023-0475 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
6.5CVSS
9.8AI Score
0.001EPSS
CVE-2022-47021 affecting package opusfile 0.12-2
CVE-2022-47021 affecting package opusfile 0.12-2. No patch is available...
7.8CVSS
7.7AI Score
0.0005EPSS
CVE-2022-38752 affecting package snakeyaml 1.25-2
CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9AI Score
0.003EPSS
CVE-2022-36069 affecting package poetry 1.0.10-2
CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available...
7.3CVSS
7.3AI Score
0.001EPSS
CVE-2022-25857 affecting package snakeyaml 1.25-2
CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.3AI Score
0.002EPSS
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...
5.9CVSS
6.8AI Score
0.963EPSS
CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2
CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2. This CVE either no longer is or was never...
5.5CVSS
6AI Score
0.002EPSS
CVE-2019-9185 affecting package bolt 0.9.2-2
CVE-2019-9185 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
8.8CVSS
7.5AI Score
0.006EPSS
CVE-2019-15483 affecting package bolt 0.9.2-2
CVE-2019-15483 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2020-4040 affecting package bolt 0.9.2-2
CVE-2020-4040 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
8.6CVSS
7.5AI Score
0.003EPSS
CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2
CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2. This CVE either no longer is or was never...
7.5CVSS
8.2AI Score
0.004EPSS
CVE-2022-41854 affecting package snakeyaml 1.25-2
CVE-2022-41854 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
8.4AI Score
0.006EPSS
CVE-2022-3294 affecting package k3s 1.24.12-2
CVE-2022-3294 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
8.8CVSS
7.5AI Score
0.002EPSS
CVE-2015-7309 affecting package bolt 0.9.2-2
CVE-2015-7309 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.5AI Score
0.449EPSS
CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2
CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-44487 affecting package libcontainers-common for versions less than 20210626-2
CVE-2023-44487 affecting package libcontainers-common for versions less than 20210626-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
5.3CVSS
6.9AI Score
0.001EPSS
CVE-2017-16754 affecting package bolt 0.9.2-2
CVE-2017-16754 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
5.3CVSS
7.5AI Score
0.001EPSS
CVE-2023-25173 affecting package k3s 1.24.12-2
CVE-2023-25173 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
7.8CVSS
8.9AI Score
0.001EPSS
CVE-2022-43410 affecting package mercurial 6.0.3-2
CVE-2022-43410 affecting package mercurial 6.0.3-2. No patch is available...
5.3CVSS
5.8AI Score
0.001EPSS
CVE-2021-3634 affecting package libssh 0.9.5-2
CVE-2021-3634 affecting package libssh 0.9.5-2. This CVE either no longer is or was never...
6.5CVSS
9.7AI Score
0.006EPSS
CVE-2023-48795 affecting package nmap for versions less than 7.93-2
CVE-2023-48795 affecting package nmap for versions less than 7.93-2. A patched version of the package is...
5.9CVSS
6.1AI Score
0.963EPSS
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
6.5CVSS
7.5AI Score
0.001EPSS
CVE-2020-28925 affecting package bolt 0.9.2-2
CVE-2020-28925 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
5.3CVSS
7.5AI Score
0.001EPSS
CVE-2022-1941 affecting package protobuf 3.17.3-2
CVE-2022-1941 affecting package protobuf 3.17.3-2. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2022-38750 affecting package snakeyaml 1.25-2
CVE-2022-38750 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9.4AI Score
0.001EPSS
CVE-2022-38749 affecting package snakeyaml 1.25-2
CVE-2022-38749 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
8.4AI Score
0.001EPSS
CVE-2011-4966 affecting package freeradius 3.2.3-2
CVE-2011-4966 affecting package freeradius 3.2.3-2. No patch is available...
6.4AI Score
0.003EPSS
CVE-2002-0318 affecting package freeradius 3.2.3-2
CVE-2002-0318 affecting package freeradius 3.2.3-2. No patch is available...
6.9AI Score
0.005EPSS
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-39325 affecting package golang for versions less than 1.20.7-2
CVE-2023-39325 affecting package golang for versions less than 1.20.7-2. A patched version of the package is...
7.5CVSS
8.3AI Score
0.002EPSS
CVE-2019-15485 affecting package bolt 0.9.2-2
CVE-2019-15485 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2022-38751 affecting package snakeyaml 1.25-2
CVE-2022-38751 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9.3AI Score
0.001EPSS
CVE-2017-18640 affecting package snakeyaml 1.25-2
CVE-2017-18640 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.6AI Score
0.019EPSS
CVE-2020-29509 affecting package golang 1.17.13-2
CVE-2020-29509 affecting package golang 1.17.13-2. No patch is available...
9.8CVSS
9.9AI Score
0.001EPSS
CVE-2020-29511 affecting package golang 1.17.13-2
CVE-2020-29511 affecting package golang 1.17.13-2. No patch is available...
9.8CVSS
9.9AI Score
0.001EPSS
CVE-2018-20225 affecting package python-pip 19.2-2
CVE-2018-20225 affecting package python-pip 19.2-2. No patch is available...
7.8CVSS
9.9AI Score
0.001EPSS