GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: runc, docker, zarf, kaniko, grype, telegraf, skaffold, zot, kubernetes, k3s, k3d, kubescape, newrelic-infrastructure-agent, kots, datadog-agent, ctop, k9s, buildkitd, cadvisor, ingress-nginx-controller, syft, wolfictl, trivy, nvidia-device-plugin, nerdctl,...
7.5AI Score
CVE-2024-22189 vulnerabilities
Vulnerabilities for packages: caddy, q, cloudflared, coredns, ipfs,...
7.5CVSS
7.7AI Score
0.0004EPSS
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation.....
9.8CVSS
EPSS
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
5.6AI Score
EPSS
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
EPSS
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
EPSS
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
8.6AI Score
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
5AI Score
EPSS
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
8.7AI Score
EPSS
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
EPSS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
EPSS
7.8CVSS
7.9AI Score
EPSS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
7.5AI Score
EPSS
7.8CVSS
EPSS
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
EPSS
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
6.8AI Score
EPSS
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-25026, CVE-2024-22354, CVE-2024-27268, CVE-2024-22353, CVE-2023-51775, CVE-2024-22329, CVE-2024-31919, CVE-2024-21085,...
7.5CVSS
6.6AI Score
0.0005EPSS
This week on the Lock and Code podcast… More than 20 years ago, a law that the United States would eventually use to justify the warrantless collection of Americans' phone call records actually started out as a warning sign against an entirely different target: Libraries. Not two months after...
7.1AI Score
CVE-2024-6375 Missing authorization check may lead to shard key refinement
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...
7AI Score
CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
EPSS
CVE-2024-23373 Use After Free in Graphics
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
EPSS
CVE-2024-23372 Integer Overflow or Wraparound in Graphics
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
EPSS
Memory corruption when allocating and accessing an entry in an SMEM...
7.8CVSS
EPSS
CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
EPSS
CVE-2024-21460 Use of Insufficiently Random Values in Core
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
EPSS
Software: xdg-utils 1.1.3 OS: ROSA-CHROME package_evr_string: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially...
6.5CVSS
6.7AI Score
0.002EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
7.1AI Score
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
EPSS
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 package_evr_string: openssh-8.0p1 CVE-ID: CVE-2019-16905 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: OpenSSH, when compiled with an experimental key type, has an integer overflow before authentication if the client or server is configured to use a...
7.8CVSS
7.6AI Score
0.004EPSS
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
EPSS
Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 package_evr_string: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert() function....
9.8CVSS
7.5AI Score
0.028EPSS
romo.com Cross Site Scripting vulnerability OBB-3939839
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
RCE vulnerability in OpenSSH: everything you need to know
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch...
8.1CVSS
8.3AI Score
EPSS
dorsetthotels.com Cross Site Scripting vulnerability OBB-3939838
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
9.2AI Score
EPSS
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...
8.1CVSS
8AI Score
EPSS
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters...
9.1CVSS
9.2AI Score
EPSS
8.1CVSS
8.1AI Score
EPSS
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...
8.1CVSS
EPSS
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
EPSS
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters...
9.1CVSS
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.3AI Score
EPSS
dyseno.com Cross Site Scripting vulnerability OBB-3939837
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion...
7.1AI Score
7.3AI Score
CVE-2024-6425 Incorrect Provision of Specified Functionality vulnerability in MESbook
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters...
9.1CVSS
EPSS
CVE-2024-6424 Server-Side Request Forgery vulnerability in MESbook
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
EPSS