GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: libnvidia-container, grafana, vcluster, hey, paranoia, kuberay-operator, wave, kubernetes-dns-node-cache, karpenter, timoni, newrelic-infrastructure-agent, xcaddy, coredns, ollama, cadvisor, terraform-docs, weaviate, vault-k8s, aws-flb-firehose, conftest,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: regclient, litefs, ytt, secrets-store-csi-driver-provider-gcp, k3s, dex, k8ssandra-operator, docker-credential-ecr-login, scorecard, influx, gitlab-shell, buildkitd, dagger, kubernetes-csi-external-resizer, hey, caddy, cortex, flannel-cni-plugin, kwok, paranoia,...
6AI Score
0.0004EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: kubernetes-dns-node-cache, nodetaint, kubernetes, node-feature-discovery, local-static-provisioner, aws-ebs-csi-driver, cluster-autoscaler, kubernetes-csi-driver-hostpath, spark-operator, ip-masq-agent,...
7.5AI Score
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: skopeo, k3s, kubescape, telegraf, buildkitd, k9s, zot, kots, ctop, trivy, datadog-agent, ingress-nginx-controller, zarf, kaniko, skaffold, wolfictl, kubernetes, syft, newrelic-infrastructure-agent, k3d, nvidia-device-plugin, grype, runc, cadvisor, nerdctl,...
7.5AI Score
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder().build_extension() function. The vulnerability arises from the /mount_extension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory...
9.8CVSS
9.8AI Score
EPSS
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder().build_extension() function. The vulnerability arises from the /mount_extension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory...
9.8CVSS
EPSS
CVE-2024-5443 Remote Code Execution via Path Traversal in parisneo/lollms
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder().build_extension() function. The vulnerability arises from the /mount_extension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory...
9.8CVSS
EPSS
Exploit for Race Condition in Solarwinds Solarwinds Platform
CVE-2024-28999 Exploit for CVE-2024-28999 SolarWinds Platform...
8.1CVSS
7.1AI Score
0.001EPSS
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,"...
7.8CVSS
8.2AI Score
0.97EPSS
Warning: New Adware Campaign Targets Meta Quest App Seekers
A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,"...
7.1AI Score
Malicious code in openstad-component-forms (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ce99b034a6f67b0bd613755012e00352d254a5b438c7d65a687a2e2e2458cd7e) The OpenSSF Package Analysis project identified 'openstad-component-forms' @ 1.0.0 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...
5.7AI Score
EPSS
U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move "underscores our commitment to....
7.2AI Score
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69793 Crash type: Heap-use-after-free READ {*} Crash state: sputs xps_write_profile...
7.2AI Score
5.9CVSS
7.1AI Score
0.962EPSS
6.8AI Score
0.0004EPSS
7AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:2140-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2140-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...
9.8CVSS
6.8AI Score
0.001EPSS
Debian dla-3834 : libnetty-java - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] ...
5.3CVSS
5.3AI Score
0.0004EPSS
In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via...
7.6AI Score
0.0004EPSS
In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via...
0.0004EPSS
5.5CVSS
5.3AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.001EPSS
5.5CVSS
5.3AI Score
0.0004EPSS
4.4CVSS
4.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after insmod — rmmod —...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to.....
6.8AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7. This module...
9.8CVSS
8.9AI Score
0.967EPSS
4.4CVSS
4.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
4.3CVSS
4.7AI Score
0.0005EPSS
5.6CVSS
5.4AI Score
0.0004EPSS
7.5CVSS
6.7AI Score
0.002EPSS
4.4CVSS
4.5AI Score
0.0004EPSS
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control....
2.7CVSS
3.5AI Score
0.0004EPSS
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control....
2.7CVSS
6.7AI Score
0.0004EPSS
Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System
Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...
8.8CVSS
9.5AI Score
0.015EPSS
Summary Potential code execution vulnerability in Node.js ( CVE-2024-27980) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2024-27980 ...
8.2AI Score
EPSS
Summary There are vulnerabilities in Node.js undici module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-30261 DESCRIPTION: **Node.js undici module...
3.9CVSS
6.9AI Score
0.0004EPSS
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
7AI Score
0.0004EPSS
Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
8.1CVSS
6.9AI Score
0.0004EPSS
Summary Potential Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.8CVSS
7.9AI Score
0.0004EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary Potential Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION:...
7.5CVSS
7.1AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary Potential Elastic Elasticsearch denial of service vulnerabilitiy.(CVE-2023-31418) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-31418 ...
7.5CVSS
7.1AI Score
0.001EPSS
Summary Potential Golang Go arbitrary code execution vulnerabilitiy.( CVE-2023-39323) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39323 DESCRIPTION:...
8.1CVSS
8.1AI Score
0.002EPSS
Summary Potentialcode execution vulnerability in Apache Commons Configuration ( CVE-2024-29131) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
8.5AI Score
0.0004EPSS