Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely....
5.3CVSS
EPSS
A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely....
5.3CVSS
5.4AI Score
EPSS
GHSA-X84C-P2G9-RQV9 vulnerabilities
Vulnerabilities for packages: prometheus, k3d, policy-controller, helm-push, cri-tools, docker-compose, dagger, neuvector-scanner, syft, wolfictl, grype, tekton-pipelines, melange, kaniko, buf, docker,...
7.5AI Score
CVE-2024-23652 vulnerabilities
Vulnerabilities for packages: guac, kubescape, scorecard, skaffold, datadog-agent, conftest, buildkitd, kaniko, zot, docker,...
10CVSS
9.7AI Score
0.001EPSS
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: runc, cadvisor, k3s, syft, telegraf, zarf, nerdctl, zot, trivy, k3d, skaffold, ingress-nginx-controller, datadog-agent, grype, docker, kubescape, newrelic-infrastructure-agent, kots, wolfictl, ctop, kubernetes, buildkitd, k9s, kaniko, skopeo,...
8.6CVSS
9.2AI Score
0.051EPSS
Vulnerabilities for packages: consul, kubernetes-dns-node-cache,...
5.3CVSS
5.5AI Score
0.0004EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: policy-controller, goreleaser, ko, zarf, falcoctl, slsa-verifier, zot, neuvector-sigstore-interface, gitsign, spire-server, vexctl, skaffold, apko, flux-source-controller, aactl, kubescape, falco, tkn, wolfictl, tekton-chains,...
7.5AI Score
Vulnerabilities for packages: prometheus, bank-vaults, policy-controller, step-ca, flux-image-automation-controller, gomplate, goreleaser, pulumi, nuclei, pulumi-kubernetes-operator, k3s, rabbitmq-messaging-topology-operator, zarf, falcoctl, slsa-verifier, zot, neuvector-sigstore-interface, glab,.....
6CVSS
6AI Score
0.0004EPSS
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: prometheus, goreleaser, cadvisor, syft, telegraf, ko, up, zot, trivy, spire-server, conftest, datadog-agent, grype, aactl, kubescape, buildkitd, dagger, crossplane, tkn, wolfictl, loki, buf, kargo, ctop, docker-compose, melange,...
5.9CVSS
6.1AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: oauth2-proxy, external-secrets-operator, traefik, slsa-verifier, gitsign, keda, spire-server, argo-workflows, cert-manager, vexctl, terragrunt, flux-source-controller, rekor, kyverno, aactl, vault, kubescape, istio-pilot-discovery, cloudflared, falco, kots, tkn,...
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: prometheus, goreleaser, k3s, up, slsa-verifier, chartmuseum, kpt, k3d, cert-manager, skaffold, aactl, kubescape, bom, falco, loki, scorecard, tekton-chains, paranoia, ctop,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: prometheus, goreleaser, cadvisor, syft, telegraf, ko, up, zot, trivy, spire-server, conftest, datadog-agent, grype, aactl, kubescape, buildkitd, dagger, crossplane, tkn, wolfictl, loki, buf, kargo, ctop, docker-compose, melange,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, ollama, filebeat, policy-controller, nats, nuclei, sonobuoy, k3s, traefik, prometheus-operator, rabbitmq-messaging-topology-operator, telegraf, kubernetes-dashboard, cilium, eksctl, kubeflow-katib, protoc-gen-go-grpc,.....
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.8AI Score
0.0004EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: cilium-cli, up, telegraf, eksctl, zot, trivy, k3d, cert-manager, helm-push, skaffold, grype, kubevela, flux-source-controller, kubescape, newrelic-infrastructure-agent, kots, neuvector-agent, helm, ctop, gitness, fuse-overlayfs-snapshotter, tekton-pipelines, melange,.....
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: ollama, nats, traefik, telegraf, kubeflow-katib, calico, nginx-mainline, cue, memcached-exporter, spark-operator, flux-source-controller, envoy-ratelimit, nghttp2, bom, argo-cd, prometheus-elasticsearch-exporter, secrets-store-csi-driver, helm, pulumi-language-java,...
7.5CVSS
9AI Score
0.732EPSS
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: src, keda, caddy, kube-bench, ferretdb, argo-workflows, spicedb, vault, kine, temporal-server, trillian, kots, k3s, telegraf, amass,...
9.8CVSS
9.7AI Score
0.0004EPSS
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: helm-operator, cilium-cli, cert-manager, helm-push, istio-operator, trivy, kubescape, k8sgpt, kots, up, zarf, eksctl, k9s, zot, flux-source-controller, chartmuseum,...
6.4CVSS
6.7AI Score
0.0004EPSS
7.5AI Score
GHSA-RHH4-RH7C-7R5V vulnerabilities
Vulnerabilities for packages: kubescape, nuclei, wolfictl, zarf, datadog-agent,...
7.5AI Score
CVE-2024-21506 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, datadog-agent,...
6.7AI Score
0.0004EPSS
CVE-2024-36129 vulnerabilities
Vulnerabilities for packages: opentelemetry-collector-contrib, opentelemetry-collector, datadog-agent,...
8.2CVSS
8AI Score
0.001EPSS
10CVSS
10AI Score
0.001EPSS
CVE-2024-25710 vulnerabilities
Vulnerabilities for packages: opensearch, trino, spdx-tools-java, jenkins, wavefront-proxy, neo4j, gradle,...
8.1CVSS
7AI Score
0.001EPSS
GHSA-4265-CCF5-PHJ5 vulnerabilities
Vulnerabilities for packages: opensearch, trino, spdx-tools-java, jenkins, wavefront-proxy, neo4j, gradle,...
7.5AI Score
7.5AI Score
5.5CVSS
7.7AI Score
0.001EPSS
6.8AI Score
0.0005EPSS
7.5AI Score
8.2AI Score
0.0004EPSS
CVE-2024-26141 vulnerabilities
Vulnerabilities for packages: ruby3.2-rack, kube-fluentd-operator,...
5.8CVSS
6.2AI Score
0.0004EPSS
CVE-2024-28219 vulnerabilities
Vulnerabilities for packages: py3-pillow, kubeflow-pipelines-visualization-server,...
6.7CVSS
7AI Score
0.0004EPSS
7.5AI Score
9.8CVSS
7.7AI Score
0.005EPSS
7.5AI Score
7.5CVSS
6.6AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
0.018EPSS
7.5AI Score
7.5AI Score
7.5CVSS
7.7AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score
7.8CVSS
7.1AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.001EPSS