Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...
EPSS
Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...
5.7AI Score
EPSS
CVE-2024-38379 Apache Allura: Stored authenticated XSS
Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...
EPSS
CVE-2024-21506 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, datadog-agent,...
6.7AI Score
0.0004EPSS
7.5AI Score
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: argo-workflows, keda, step-ca, kots, vault, kube-bench, telegraf, ferretdb, amass, kine, trillian, spicedb, temporal-server, caddy, k3s,...
9.8CVSS
9.7AI Score
0.0004EPSS
7.5AI Score
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: py3.10-tensorflow-core, py3-werkzeug, kubeflow-volumes-web-app, superset,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: py3.10-tensorflow-core, py3-werkzeug, kubeflow-volumes-web-app, superset,...
7.5CVSS
7.7AI Score
0.0004EPSS
CVE-2024-28219 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...
6.7CVSS
7AI Score
0.0004EPSS
7.5AI Score
5.3CVSS
6.1AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
7.8CVSS
7.1AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: spire-server, zarf, goreleaser, tekton-chains, neuvector-sigstore-interface, wolfictl, tkn, skaffold, apko, flux-source-controller, gitsign, vexctl, falcoctl, kubescape, policy-controller, zot, slsa-verifier, ko, falco, aactl,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: spire-server, prometheus, goreleaser, grype, wolfictl, dagger, tkn, ctop, telegraf, up, conftest, crossplane, kubescape, buf, kaniko, zot, syft, docker-compose, kargo, cadvisor, buildkitd, ko, trivy, datadog-agent, aactl, loki,...
5.9CVSS
5.9AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: goreleaser, traefik, grype, minio, gke-gcloud-auth-plugin, hey, terraform-provider-azurerm, skaffold, telegraf, cue, coredns, dex, cilium-envoy, kubewatch, flux-notification-controller, pulumi-language-java, slsa-verifier, flux-helm-controller,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: argo-workflows, spire-server, keda, vault, external-secrets-operator, tekton-chains, traefik, tkn, cloudflared, argo-cd, oauth2-proxy, flux-source-controller, gitsign, kyverno, vexctl, dex, cilium-envoy, kubescape, fulcio, kots, terragrunt, slsa-verifier,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: spire-server, prometheus, goreleaser, grype, wolfictl, dagger, tkn, ctop, telegraf, up, conftest, crossplane, kubescape, buf, kaniko, zot, syft, docker-compose, kargo, cadvisor, buildkitd, ko, trivy, datadog-agent, aactl, loki,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: argo-workflows, vault, goreleaser, traefik, consul, cilium, grype, eksctl, rook, guac, terraform-docs, php-fpm_exporter, minio, terraform-provider-azurerm, runc, grpc-health-probe, skaffold, telegraf, gitsign, vault-k8s, temporal-ui-server, supercronic, grafana, dex,.....
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.8AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: argo-workflows, keda, step-ca, kots, vault, kube-bench, telegraf, ferretdb, amass, kine, trillian, spicedb, temporal-server, caddy, k3s,...
7.5AI Score
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: argo-workflows, spire-server, keda, prometheus, step-ca, velero, zarf, goreleaser, external-secrets-operator, tekton-chains, traefik, filebeat, boring-registry, rook, ksops, chezmoi, flux-image-reflector-controller, guac, pulumi, step, teleport, tkn,...
5.5CVSS
6AI Score
0.0004EPSS
GHSA-M5VV-6R4H-3VJ9 vulnerabilities
Vulnerabilities for packages: argo-workflows, spire-server, keda, prometheus, step-ca, velero, zarf, goreleaser, external-secrets-operator, tekton-chains, traefik, filebeat, boring-registry, rook, ksops, chezmoi, flux-image-reflector-controller, guac, pulumi, step, teleport, tkn,...
7.5AI Score
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: kubeflow-katib, kubeflow-pipelines-visualization-server, ggshield, confluent-docker-utils, az, jwt-tool, py3.10-tensorflow-core, kubeflow-volumes-web-app, dask-gateway, kubeflow-pipelines, py3-idna, datadog-agent, k8s-sidecar, kubeflow-jupyter-web-app,...
7.5AI Score
Vulnerabilities for packages: kubeflow-katib, kubeflow-pipelines-visualization-server, ggshield, confluent-docker-utils, az, jwt-tool, py3.10-tensorflow-core, kubeflow-volumes-web-app, dask-gateway, kubeflow-pipelines, py3-idna, datadog-agent, k8s-sidecar, kubeflow-jupyter-web-app,...
6.7AI Score
EPSS
GHSA-HJ3V-M684-V259 vulnerabilities
Vulnerabilities for packages: spire-server, istio-cni, external-secrets-operator, istio-operator, falco, istio-pilot-discovery, kyverno, boring-registry, falcoctl, minio, mc,...
7.5AI Score
7.5AI Score
7.5AI Score
7.3CVSS
7.1AI Score
0.0005EPSS
7.3CVSS
7.1AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: argo-workflows, vault, goreleaser, traefik, consul, grype, eksctl, terraform-docs, terraform-provider-azurerm, grpc-health-probe, telegraf, gitsign, vault-k8s, temporal-ui-server, coredns, dex, crossplane, grafana, nri-mssql, kubewatch, terragrunt, slsa-verifier,...
5.9CVSS
7.1AI Score
0.962EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: argo-workflows, vault, goreleaser, traefik, consul, cilium, grype, eksctl, rook, guac, terraform-docs, php-fpm_exporter, minio, terraform-provider-azurerm, runc, grpc-health-probe, skaffold, telegraf, gitsign, vault-k8s, temporal-ui-server, supercronic, grafana, dex,.....
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.5AI Score
9.8CVSS
7.7AI Score
0.001EPSS
7.5AI Score
4.4CVSS
5.6AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
4.9CVSS
5.7AI Score
0.0005EPSS
7.5AI Score
7.5AI Score
7.5AI Score
7.5CVSS
7.2AI Score
0.0004EPSS