CVE-2022-21628 affecting package openjdk8 1.8.0.332-2
CVE-2022-21628 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
6.1AI Score
0.002EPSS
CVE-2022-41715 affecting package golang 1.17.13-2
CVE-2022-41715 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9.1AI Score
0.002EPSS
CVE-2022-2879 affecting package golang 1.17.13-2
CVE-2022-2879 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9.1AI Score
0.002EPSS
CVE-2022-2880 affecting package golang 1.17.13-2
CVE-2022-2880 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9.1AI Score
0.002EPSS
CVE-2022-38126 affecting package binutils 2.36.1-2
CVE-2022-38126 affecting package binutils 2.36.1-2. This CVE either no longer is or was never...
7.5AI Score
EPSS
CVE-2022-34169 affecting package openjdk8 1.8.0.332-2
CVE-2022-34169 affecting package openjdk8 1.8.0.332-2. No patch is available...
7.5CVSS
9.1AI Score
0.002EPSS
CVE-2023-21830 affecting package openjdk8 1.8.0.332-2
CVE-2023-21830 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
6.9AI Score
0.001EPSS
CVE-2022-21619 affecting package openjdk8 1.8.0.332-2
CVE-2022-21619 affecting package openjdk8 1.8.0.332-2. No patch is available...
3.7CVSS
6.1AI Score
0.002EPSS
CVE-2023-0286 affecting package cloud-hypervisor 22.0-2
CVE-2023-0286 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...
7.4CVSS
8.4AI Score
0.003EPSS
CVE-2023-21843 affecting package openjdk8 1.8.0.332-2
CVE-2023-21843 affecting package openjdk8 1.8.0.332-2. No patch is available...
3.7CVSS
6.9AI Score
0.001EPSS
CVE-2022-4304 affecting package cloud-hypervisor 22.0-2
CVE-2022-4304 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...
5.9CVSS
8.4AI Score
0.002EPSS
CVE-2022-38128 affecting package binutils 2.36.1-2
CVE-2022-38128 affecting package binutils 2.36.1-2. This CVE either no longer is or was never...
7.5AI Score
EPSS
CVE-2021-34141 affecting package numpy 1.16.6-2
CVE-2021-34141 affecting package numpy 1.16.6-2. This CVE either no longer is or was never...
5.3CVSS
9.8AI Score
0.001EPSS
CVE-2022-4450 affecting package cloud-hypervisor 22.0-2
CVE-2022-4450 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...
7.5CVSS
9AI Score
0.001EPSS
CVE-2022-21624 affecting package openjdk8 1.8.0.332-2
CVE-2022-21624 affecting package openjdk8 1.8.0.332-2. No patch is available...
3.7CVSS
6.1AI Score
0.002EPSS
CVE-2022-38127 affecting package binutils 2.36.1-2
CVE-2022-38127 affecting package binutils 2.36.1-2. This CVE either no longer is or was never...
7.5AI Score
EPSS
CVE-2022-27664 affecting package golang 1.17.13-2
CVE-2022-27664 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9AI Score
0.002EPSS
CVE-2022-21540 affecting package openjdk8 1.8.0.332-2
CVE-2022-21540 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
9.9AI Score
0.001EPSS
CVE-2018-25032 affecting package openjdk8 for versions less than 1.8.0.332-2
CVE-2018-25032 affecting package openjdk8 for versions less than 1.8.0.332-2. A patched version of the package is...
7.5CVSS
9.1AI Score
0.003EPSS
CVE-2021-41495 affecting package numpy 1.16.6-2
CVE-2021-41495 affecting package numpy 1.16.6-2. No patch is available...
5.3CVSS
9.9AI Score
0.001EPSS
CVE-2020-8563 affecting package kubernetes-1.18.19 1.18.19-2
CVE-2020-8563 affecting package kubernetes-1.18.19 1.18.19-2. No patch is available...
5.5CVSS
7.5AI Score
0.0005EPSS
CVE-2022-41722 affecting package golang 1.17.13-2
CVE-2022-41722 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
8.7AI Score
0.001EPSS
CVE-2022-41724 affecting package golang 1.17.13-2
CVE-2022-41724 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2022-43410 affecting package mercurial 5.4-2
CVE-2022-43410 affecting package mercurial 5.4-2. No patch is available...
5.3CVSS
7.5AI Score
0.001EPSS
CVE-2022-21626 affecting package openjdk8 1.8.0.332-2
CVE-2022-21626 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
6.1AI Score
0.002EPSS
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2
CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2. A patched version of the package is...
7.5CVSS
8.9AI Score
0.732EPSS
CVE-2023-48795 affecting package nmap for versions less than 7.93-2
CVE-2023-48795 affecting package nmap for versions less than 7.93-2. A patched version of the package is...
5.9CVSS
6.2AI Score
0.963EPSS
CVE-2023-39325 affecting package golang for versions less than 1.20.7-2
CVE-2023-39325 affecting package golang for versions less than 1.20.7-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2
CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2. A patched version of the package is...
9.8CVSS
9.9AI Score
0.001EPSS
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246-mitigation This project is a Maven-based...
9.8CVSS
7.2AI Score
0.973EPSS
9.8CVSS
9.6AI Score
0.038EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
6.7AI Score
0.0004EPSS
Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...
8.6CVSS
7.8AI Score
0.051EPSS
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
6.5AI Score
0.0004EPSS
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
6.6AI Score
0.0004EPSS
CVE-2024-38533 ZKsync Era invalid stack addressing conversion
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
0.0004EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 06/28/2024
Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...
9.8CVSS
9AI Score
0.005EPSS
Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions (CVE-2024-2466, CVE-2024-2004, CVE-2024-2379) or cause a denial of service (CVE-2024-2398). PowerSC uses Curl as part of PowerSC Trusted Network Connect (TNC). Vulnerability Details ** CVEID:...
7.5AI Score
0.0004EPSS
CVE-2023-52890 affecting package ntfs-3g for versions less than 2022.10.3-2
CVE-2023-52890 affecting package ntfs-3g for versions less than 2022.10.3-2. A patched version of the package is...
7AI Score
0.0004EPSS
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
9CVSS
9AI Score
0.0004EPSS
Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062
Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
4.8CVSS
5.9AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064
Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
5.4CVSS
6.7AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
6.3AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
6.9AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2024-29025
Summary There is a vulnerability in Netty that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-29025 ...
5.3CVSS
7.1AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...
7.1AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Pydantic affects IBM Process Mining CVE-2024-3772
Summary There is a vulnerability in Pydantic that could allow an attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3772 ...
5.9CVSS
7.2AI Score
0.0004EPSS