GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, py3-idna, ggshield, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, az, dask-gateway, kubeflow-katib, jwt-tool,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-jinja2, reflex, confluent-docker-utils, kubeflow-volumes-web-app, dask-gateway, pytorch,...
7.5AI Score
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, kubeflow-volumes-web-app, jwt-tool,...
7.5AI Score
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-jinja2, reflex, confluent-docker-utils, kubeflow-volumes-web-app, dask-gateway, pytorch,...
5.4CVSS
6.1AI Score
0.0004EPSS
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, kubeflow-volumes-web-app, jwt-tool,...
4.2CVSS
7.1AI Score
0.0004EPSS
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
5.3CVSS
6AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, airflow, ggshield, patroni, reflex, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-volumes-web-app, az, kubeflow-katib, superset, jwt-tool,...
7.5AI Score
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, ggshield, reflex, confluent-docker-utils, py3-cassandra-medusa, kubeflow-volumes-web-app, az, dask-gateway, kubeflow-katib, superset, airflow,...
4.4CVSS
4.9AI Score
0.0004EPSS
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-volumes-web-app, kube-downscaler, dask-gateway,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-volumes-web-app, kube-downscaler, dask-gateway,...
8.1CVSS
7.7AI Score
0.001EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, py3-tensorflow-serving-api, kubeflow-volumes-web-app,...
8CVSS
7.9AI Score
0.001EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, airflow, ggshield, patroni, reflex, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-volumes-web-app, az, kubeflow-katib, superset, jwt-tool,...
5.6CVSS
6.2AI Score
0.0004EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, py3-tensorflow-serving-api, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, ggshield, reflex, confluent-docker-utils, py3-cassandra-medusa, kubeflow-volumes-web-app, az, dask-gateway, kubeflow-katib, superset, airflow,...
7.5AI Score
CVE-2024-23380 Use After Free in Graphics
Memory corruption while handling user packets during VBO bind...
8.4CVSS
EPSS
CVE-2024-23373 Use After Free in Graphics
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
EPSS
CVE-2024-21461 Double Free in HLOS
Memory corruption while performing finish HMAC operation when context is freed by...
8.4CVSS
EPSS
romo.com Cross Site Scripting vulnerability OBB-3939839
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dorsetthotels.com Cross Site Scripting vulnerability OBB-3939838
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dyseno.com Cross Site Scripting vulnerability OBB-3939837
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion...
7.1AI Score
7.3AI Score
stuco-sicherheitsschuhe.de Cross Site Scripting vulnerability OBB-3939823
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
stuco.hu Cross Site Scripting vulnerability OBB-3939820
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
stuco.com Cross Site Scripting vulnerability OBB-3939819
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
duplo-frank.de Cross Site Scripting vulnerability OBB-3939818
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
stuco.ch Cross Site Scripting vulnerability OBB-3939816
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
vrecenze.cz Cross Site Scripting vulnerability OBB-3939808
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
directory-online.biz Cross Site Scripting vulnerability OBB-3939807
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CosmicSting: critical unauthenticated XXE vulnerability in...
9.8CVSS
10AI Score
0.038EPSS
A week in security (June 24 – June 30)
Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data...
7.4AI Score
blitzwolfeurope.com Cross Site Scripting vulnerability OBB-3939804
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
londonwarmemorial.co.uk Cross Site Scripting vulnerability OBB-3939803
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
au-magasin-de-velo.fr Cross Site Scripting vulnerability OBB-3939802
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-21634 DESCRIPTION: **Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...
7.5CVSS
6.9AI Score
0.0005EPSS
"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this...
6.3AI Score
0.0004EPSS
"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this...
0.0004EPSS
"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this...
0.0004EPSS
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser.....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the.....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: addition on 0;...
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1871)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.0005EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.1AI Score
0.0004EPSS
GNU Emacs, Org Mode: Multiple Vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no.....
9.8CVSS
7.6AI Score
0.002EPSS
Zsh: Prompt Expansion Vulnerability
Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A vulnerability in prompt expansion could be exploited...
7.8CVSS
7.7AI Score
0.001EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.1AI Score
0.0004EPSS
Android Automotive OS Update Bulletin—July 2024
The Android Automotive OS (AAOS) Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2024-07-05 or later from the July 2024 Android Security Bulletin in addition to all issues in this.....
8.1AI Score
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.1AI Score
0.0004EPSS
cpio: Arbitrary Code Execution
Background cpio is a file archival tool which can also read and write tar files. Description Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details. Impact GNU cpio allows attackers to execute arbitrary code via a crafted pattern file,....
7.8CVSS
8.6AI Score
0.043EPSS
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1857)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.0005EPSS