Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
7AI Score
EPSS
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
EPSS
7.5AI Score
9.8CVSS
9.7AI Score
0.002EPSS
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: py3.10-tensorflow-core, kubeflow-jupyter-web-app, superset, py3-werkzeug,...
7.5CVSS
7.8AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: py3.10-tensorflow-core, kubeflow-jupyter-web-app, superset, py3-werkzeug,...
7.5AI Score
CVE-2023-39326 affecting package golang for versions less than 1.21.6-1
CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
5.3CVSS
7.3AI Score
0.001EPSS
CVE-2023-24536 affecting package golang for versions less than 1.21.6-1
CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.3AI Score
0.005EPSS
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
5.3CVSS
7.3AI Score
0.001EPSS
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.3AI Score
0.732EPSS
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...
5.5CVSS
6AI Score
0.001EPSS
CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3
CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is...
7.5CVSS
7.3AI Score
0.008EPSS
CVE-2022-2929 affecting package dhcp 4.4.3-3
CVE-2022-2929 affecting package dhcp 4.4.3-3. This CVE either no longer is or was never...
6.5CVSS
7.2AI Score
0.001EPSS
CVE-2022-31629 affecting package php 7.4.14-3
CVE-2022-31629 affecting package php 7.4.14-3. This CVE either no longer is or was never...
6.5CVSS
9.9AI Score
0.006EPSS
CVE-2022-38752 affecting package snakeyaml 1.25-2
CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9AI Score
0.003EPSS
CVE-2022-36069 affecting package poetry 1.0.10-2
CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available...
7.3CVSS
7.3AI Score
0.001EPSS
CVE-2022-1615 affecting package samba 4.12.5-6
CVE-2022-1615 affecting package samba 4.12.5-6. No patch is available...
5.5CVSS
5.9AI Score
0.001EPSS
CVE-2022-25857 affecting package snakeyaml 1.25-2
CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.3AI Score
0.002EPSS
CVE-2022-36033 affecting package jsoup 1.11.3-3
CVE-2022-36033 affecting package jsoup 1.11.3-3. No patch is available...
6.1CVSS
8AI Score
0.001EPSS
CVE-2021-3670 affecting package samba 4.12.5-6
CVE-2021-3670 affecting package samba 4.12.5-6. No patch is available...
6.5CVSS
6.8AI Score
0.003EPSS
CVE-2020-17049 affecting package samba 4.12.5-6
CVE-2020-17049 affecting package samba 4.12.5-6. No patch is available...
6.6CVSS
7.9AI Score
0.027EPSS
CVE-2021-33463 affecting package yasm 1.3.0-15
CVE-2021-33463 affecting package yasm 1.3.0-15. No patch is available...
5.5CVSS
5.6AI Score
0.001EPSS
CVE-2021-33460 affecting package yasm 1.3.0-15
CVE-2021-33460 affecting package yasm 1.3.0-15. No patch is available...
5.5CVSS
5.6AI Score
0.001EPSS
CVE-2021-33458 affecting package yasm 1.3.0-15
CVE-2021-33458 affecting package yasm 1.3.0-15. No patch is available...
5.5CVSS
5.6AI Score
0.001EPSS
CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15
CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15. No patch is available...
5.5CVSS
5.6AI Score
0.001EPSS
CVE-2017-9120 affecting package php 7.4.14-3
CVE-2017-9120 affecting package php 7.4.14-3. This CVE either no longer is or was never...
9.8CVSS
7.5AI Score
0.009EPSS
CVE-2017-8923 affecting package php 7.4.14-3
CVE-2017-8923 affecting package php 7.4.14-3. This CVE either no longer is or was never...
9.8CVSS
7.5AI Score
0.005EPSS
CVE-2021-3738 affecting package samba 4.12.5-6
CVE-2021-3738 affecting package samba 4.12.5-6. No patch is available...
8.8CVSS
7.9AI Score
0.002EPSS
CVE-2021-23192 affecting package samba 4.12.5-6
CVE-2021-23192 affecting package samba 4.12.5-6. No patch is available...
7.5CVSS
7.6AI Score
0.001EPSS
CVE-1999-0901 affecting package ypserv 4.1-4
CVE-1999-0901 affecting package ypserv 4.1-4. No patch is available...
6.9AI Score
0.0004EPSS
CVE-2019-17414 affecting package vino 3.22.0-20
CVE-2019-17414 affecting package vino 3.22.0-20. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2021-28543 affecting package varnish-modules 0.16.0-4
CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.002EPSS
CVE-2019-12280 affecting package toolbox 0.0.18-9
CVE-2019-12280 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
7.8CVSS
7.2AI Score
0.003EPSS
CVE-2005-0868 affecting package tn5250 0.17.4-26
CVE-2005-0868 affecting package tn5250 0.17.4-26. No patch is available...
7.3AI Score
0.002EPSS
CVE-1999-1090 affecting package telnet 0.17-81
CVE-1999-1090 affecting package telnet 0.17-81. This CVE either no longer is or was never...
7.2AI Score
0.004EPSS
CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20
CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20. No patch is available...
6.8AI Score
0.0004EPSS
CVE-2020-14383 affecting package samba 4.12.5-6
CVE-2020-14383 affecting package samba 4.12.5-6. No patch is available...
6.5CVSS
6.7AI Score
0.004EPSS
CVE-2020-14323 affecting package samba 4.12.5-6
CVE-2020-14323 affecting package samba 4.12.5-6. No patch is available...
5.5CVSS
6AI Score
0.001EPSS
CVE-2020-14318 affecting package samba 4.12.5-6
CVE-2020-14318 affecting package samba 4.12.5-6. No patch is available...
4.3CVSS
5.4AI Score
0.001EPSS
CVE-2021-21704 affecting package php 7.4.14-3
CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.9CVSS
7AI Score
0.004EPSS
CVE-2007-3205 affecting package php 7.4.14-3
CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...
6.9AI Score
0.065EPSS
CVE-2011-1429 affecting package mutt 2.2.12-1
CVE-2011-1429 affecting package mutt 2.2.12-1. No patch is available...
6.4AI Score
0.003EPSS
CVE-2021-3571 affecting package linuxptp 2.0-8
CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...
7.1CVSS
7.1AI Score
0.003EPSS
CVE-2004-2779 affecting package libid3tag 0.15.1b-33
CVE-2004-2779 affecting package libid3tag 0.15.1b-33. No patch is available...
7.5CVSS
7.1AI Score
0.001EPSS
CVE-2017-1000231 affecting package ldns 1.7.0-31
CVE-2017-1000231 affecting package ldns 1.7.0-31. This CVE either no longer is or was never...
9.8CVSS
9.6AI Score
0.004EPSS
CVE-2017-6833 affecting package audiofile 0.3.6-27
CVE-2017-6833 affecting package audiofile 0.3.6-27. No patch is available...
5.5CVSS
5.8AI Score
0.007EPSS
CVE-2017-6829 affecting package audiofile 0.3.6-27
CVE-2017-6829 affecting package audiofile 0.3.6-27. No patch is available...
5.5CVSS
6.2AI Score
0.009EPSS
CVE-2017-6828 affecting package audiofile 0.3.6-27
CVE-2017-6828 affecting package audiofile 0.3.6-27. No patch is available...
7.8CVSS
7.7AI Score
0.005EPSS