Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system...
7.2CVSS
7.2AI Score
EPSS
CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the...
4.9CVSS
EPSS
CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the...
4.9CVSS
5.3AI Score
EPSS
CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system...
7.2CVSS
EPSS
CVE-2019-12280 affecting package toolbox 0.0.18-9
CVE-2019-12280 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
7.8CVSS
7.2AI Score
0.003EPSS
CVE-2021-3571 affecting package linuxptp 2.0-8
CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...
7.1CVSS
7.1AI Score
0.003EPSS
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.001EPSS
CVE-2019-20633 affecting package patch 2.7.6-8
CVE-2019-20633 affecting package patch 2.7.6-8. No patch is available...
5.5CVSS
5.8AI Score
0.001EPSS
CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5
CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.2AI Score
0.007EPSS
CVE-2020-25207 affecting package toolbox 0.0.18-9
CVE-2020-25207 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
9.8CVSS
7.2AI Score
0.024EPSS
CVE-2021-3634 affecting package libssh 0.9.5-2
CVE-2021-3634 affecting package libssh 0.9.5-2. This CVE either no longer is or was never...
6.5CVSS
9.7AI Score
0.006EPSS
CVE-2020-25013 affecting package toolbox 0.0.18-9
CVE-2020-25013 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
7.5CVSS
7.2AI Score
0.001EPSS
CVE-2019-18368 affecting package toolbox 0.0.18-9
CVE-2019-18368 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
7.3CVSS
7.2AI Score
0.001EPSS
CVE-2011-4966 affecting package freeradius 3.2.3-2
CVE-2011-4966 affecting package freeradius 3.2.3-2. No patch is available...
6.4AI Score
0.003EPSS
CVE-2002-0318 affecting package freeradius 3.2.3-2
CVE-2002-0318 affecting package freeradius 3.2.3-2. No patch is available...
6.9AI Score
0.005EPSS
CVE-2019-14959 affecting package toolbox 0.0.18-9
CVE-2019-14959 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
5.9CVSS
7.2AI Score
0.002EPSS
CVE-2017-18640 affecting package snakeyaml 1.25-2
CVE-2017-18640 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.6AI Score
0.019EPSS
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2020-4041 affecting package bolt 0.9.2-2
CVE-2020-4041 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.4CVSS
7.5AI Score
0.006EPSS
CVE-2019-15484 affecting package bolt 0.9.2-2
CVE-2019-15484 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2021-27367 affecting package bolt 0.9.2-2
CVE-2021-27367 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.5CVSS
7.5AI Score
0.002EPSS
CVE-2022-31321 affecting package bolt 0.9.2-2
CVE-2022-31321 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
9.1CVSS
7.5AI Score
0.002EPSS
CVE-2023-0475 affecting package k3s 1.24.12-2
CVE-2023-0475 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
6.5CVSS
9.8AI Score
0.001EPSS
CVE-2022-47021 affecting package opusfile 0.12-2
CVE-2022-47021 affecting package opusfile 0.12-2. No patch is available...
7.8CVSS
7.7AI Score
0.0005EPSS
CVE-2022-38752 affecting package snakeyaml 1.25-2
CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
9AI Score
0.003EPSS
CVE-2022-36069 affecting package poetry 1.0.10-2
CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available...
7.3CVSS
7.3AI Score
0.001EPSS
CVE-2022-25857 affecting package snakeyaml 1.25-2
CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.3AI Score
0.002EPSS
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...
5.9CVSS
6.8AI Score
0.963EPSS
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
7.5CVSS
8AI Score
0.003EPSS
CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2
CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2. This CVE either no longer is or was never...
5.5CVSS
6AI Score
0.002EPSS
CVE-2019-15483 affecting package bolt 0.9.2-2
CVE-2019-15483 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
6.1CVSS
7.5AI Score
0.001EPSS
CVE-2020-4040 affecting package bolt 0.9.2-2
CVE-2020-4040 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
8.6CVSS
7.5AI Score
0.003EPSS
CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2
CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2. This CVE either no longer is or was never...
7.5CVSS
8.2AI Score
0.004EPSS
CVE-2023-22609 affecting package binutils 2.37-8
CVE-2023-22609 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22604 affecting package binutils 2.37-8
CVE-2023-22604 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22607 affecting package binutils 2.37-8
CVE-2023-22607 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2022-41854 affecting package snakeyaml 1.25-2
CVE-2022-41854 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
6.5CVSS
8.4AI Score
0.006EPSS
CVE-2022-3294 affecting package k3s 1.24.12-2
CVE-2022-3294 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
8.8CVSS
7.5AI Score
0.002EPSS
CVE-2019-9185 affecting package bolt 0.9.2-2
CVE-2019-9185 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
8.8CVSS
7.5AI Score
0.006EPSS
CVE-2015-7309 affecting package bolt 0.9.2-2
CVE-2015-7309 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
7.5AI Score
0.449EPSS
CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2
CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-44487 affecting package libcontainers-common for versions less than 20210626-2
CVE-2023-44487 affecting package libcontainers-common for versions less than 20210626-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2017-16754 affecting package bolt 0.9.2-2
CVE-2017-16754 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...
5.3CVSS
7.5AI Score
0.001EPSS
CVE-2023-25173 affecting package k3s 1.24.12-2
CVE-2023-25173 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...
7.8CVSS
8.9AI Score
0.001EPSS
CVE-2023-22606 affecting package binutils 2.37-8
CVE-2023-22606 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2022-43410 affecting package mercurial 6.0.3-2
CVE-2022-43410 affecting package mercurial 6.0.3-2. No patch is available...
5.3CVSS
5.8AI Score
0.001EPSS
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
5.3CVSS
6.9AI Score
0.001EPSS
CVE-2023-48795 affecting package nmap for versions less than 7.93-2
CVE-2023-48795 affecting package nmap for versions less than 7.93-2. A patched version of the package is...
5.9CVSS
6.1AI Score
0.963EPSS
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
6.5CVSS
7.5AI Score
0.001EPSS