Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
7AI Score
EPSS
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
EPSS
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during...
6.8AI Score
EPSS
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during...
EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.8AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nri-postgresql, velero-plugin-for-csi, terragrunt, nsc, nri-mssql, docker-cli, q, zot, opentofu, memcached-exporter, haproxy-ingress, ingress-nginx-controller, argo-cd, cluster-autoscaler, gomplate, kyverno, flux-image-automation-controller,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: nri-postgresql, velero-plugin-for-csi, terragrunt, nsc, nri-mssql, q, opentofu, memcached-exporter, pluto, haproxy-ingress, ingress-nginx-controller, cluster-autoscaler, gomplate, kyverno, flux-image-automation-controller, kubernetes-csi-external-resizer, lazygit,...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: nri-postgresql, velero-plugin-for-csi, terragrunt, nsc, nri-mssql, docker-cli, q, zot, opentofu, memcached-exporter, haproxy-ingress, ingress-nginx-controller, argo-cd, cluster-autoscaler, gomplate, kyverno, flux-image-automation-controller,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: nri-postgresql, velero-plugin-for-csi, terragrunt, nsc, nri-mssql, q, opentofu, memcached-exporter, pluto, haproxy-ingress, ingress-nginx-controller, cluster-autoscaler, gomplate, kyverno, flux-image-automation-controller, kubernetes-csi-external-resizer, lazygit,...
9.8CVSS
9.8AI Score
0.001EPSS
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.5AI Score
CVE-2022-1941 affecting package mysql 8.0.36-1
CVE-2022-1941 affecting package mysql 8.0.36-1. No patch is available...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.8AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.8AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: nri-postgresql, velero-plugin-for-csi, terragrunt, nsc, nri-mssql, q, opentofu, memcached-exporter, pluto, haproxy-ingress, ingress-nginx-controller, cluster-autoscaler, gomplate, kyverno, flux-image-automation-controller, kubernetes-csi-external-resizer, lazygit,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
7.5AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: nri-postgresql, velero-plugin-for-csi, terragrunt, nsc, nri-mssql, q, opentofu, memcached-exporter, pluto, haproxy-ingress, ingress-nginx-controller, cluster-autoscaler, gomplate, kyverno, flux-image-automation-controller, kubernetes-csi-external-resizer, lazygit,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env, aws-efs-csi-driver, pulumi-language-java, amass, kube-state-metrics, mage, nri-nagios, goreleaser, dgraph, node-problem-detector, terraform, clusterctl, nri-mssql, crossplane, bom, k8sgpt-operator, docker-cli, mockery,...
6AI Score
0.0004EPSS
CVE-2022-43552 affecting package mysql 8.0.32-1
CVE-2022-43552 affecting package mysql 8.0.32-1. No patch is available...
5.9CVSS
9.9AI Score
0.001EPSS
CVE-2022-1941 affecting package mysql 8.0.32-1
CVE-2022-1941 affecting package mysql 8.0.32-1. No patch is available...
7.5CVSS
9.9AI Score
0.002EPSS
CVE-2023-23914 affecting package mysql 8.0.32-1
CVE-2023-23914 affecting package mysql 8.0.32-1. This CVE either no longer is or was never...
9.1CVSS
9.9AI Score
0.001EPSS
CVE-2023-23915 affecting package mysql 8.0.32-1
CVE-2023-23915 affecting package mysql 8.0.32-1. No patch is available...
6.5CVSS
10AI Score
0.001EPSS
CVE-2023-23916 affecting package mysql 8.0.32-1
CVE-2023-23916 affecting package mysql 8.0.32-1. No patch is available...
6.5CVSS
8.5AI Score
0.001EPSS
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
EPSS
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
7.5AI Score
EPSS
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...
7.1AI Score
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is.....
0.0004EPSS
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is.....
6.9AI Score
0.0004EPSS
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
EPSS
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during...
EPSS
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
6.7AI Score
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
6.9AI Score
0.0004EPSS
Summary A vulnerability in Oracle MySQL Connectors used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-22102 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote attacker to cause.....
8.3CVSS
5.8AI Score
0.001EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
6.6AI Score
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
6.8AI Score
0.0004EPSS
Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities
Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....
7.5CVSS
7AI Score
0.001EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
7.7AI Score
0.0005EPSS
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are...
0.0004EPSS
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are...
7.7AI Score
0.0004EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
7.7AI Score
0.0005EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
0.0005EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
0.0005EPSS
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...
7.8CVSS
7.5AI Score
0.974EPSS
Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062
Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
4.8CVSS
5.9AI Score
0.0004EPSS