Windows Server 2022, 23h2 Edition (server Core Installation) Security Vulnerabilities
CVE-2022-38383 IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...
4CVSS
7.2AI Score
EPSS
CVE-2022-38383 IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...
4CVSS
EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
EPSS
CVE-2024-25053 IBM Cognos Analytics improper certificate validation
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path...
5.9CVSS
EPSS
CVE-2024-25053 IBM Cognos Analytics improper certificate validation
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path...
5.9CVSS
6.4AI Score
EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
7.7AI Score
EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
EPSS
CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...
7.4CVSS
7.5AI Score
EPSS
CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...
7.4CVSS
EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
EPSS
Exploit for Use After Free in Arm Avalon Gpu Kernel Driver
Exploit for CVE-2022-46395 The write up can be found...
8.8CVSS
7.6AI Score
0.003EPSS
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...
7.8CVSS
7.5AI Score
0.974EPSS
Exploit for Improper Input Validation in Google Android
Exploit for CVE-2022-20186 The write up can be found...
7.8CVSS
8AI Score
0.0004EPSS
Exploit for Improper Input Validation in Google Android
Exploit for CVE-2022-20186 The write up can be found...
7.8CVSS
8AI Score
0.0004EPSS
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: buildkitd, ctop, ko, prometheus, trivy, syft, zot, aactl, up, wolfictl, tkn, spire-server, melange, crossplane, kargo, dagger, loki, datadog-agent, kaniko, grype, conftest, goreleaser, kubescape, buf, telegraf, cadvisor,...
5.9CVSS
6.1AI Score
0.0004EPSS
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: buildkitd, ctop, ko, prometheus, trivy, syft, zot, aactl, up, wolfictl, tkn, spire-server, melange, crossplane, kargo, dagger, loki, datadog-agent, kaniko, grype, conftest, goreleaser, kubescape, buf, telegraf, cadvisor,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, ctop, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, aws-load-balancer-controller, up,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....
7.8AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: temporal-server, amass, kots, kube-bench, telegraf, keda, vault, kine, spicedb, caddy, ferretdb, step-ca, trillian, src, argo-workflows,...
7.5AI Score
6.5CVSS
7.5AI Score
0.001EPSS
5.9CVSS
6.1AI Score
0.001EPSS
CVE-2022-29526 vulnerabilities
Vulnerabilities for packages: kind, ctop, dynamic-localpv-provisioner, grpcurl,...
5.3CVSS
9.3AI Score
0.002EPSS
CVE-2024-21506 vulnerabilities
Vulnerabilities for packages: py3-pymongo, kubeflow-pipelines-visualization-server,...
6.7AI Score
0.0004EPSS
7.5CVSS
6.8AI Score
0.001EPSS
7.5AI Score
7.5CVSS
7.5AI Score
0.005EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app, superset, py3.10-tensorflow-core,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app, superset, py3.10-tensorflow-core,...
7.5CVSS
7.8AI Score
0.0004EPSS
CVE-2024-28219 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, pytorch,...
6.7CVSS
7AI Score
0.0004EPSS
7.5AI Score
9.8CVSS
7.7AI Score
0.004EPSS
9.8CVSS
9.7AI Score
0.018EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
8.1AI Score
0.001EPSS
5.3CVSS
6.1AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
3.7CVSS
5.3AI Score
0.001EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.3CVSS
7.1AI Score
0.0005EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: policy-controller, ko, gitsign, skaffold, zot, aactl, vexctl, wolfictl, tkn, spire-server, flux-source-controller, slsa-verifier, melange, neuvector-sigstore-interface, apko, goreleaser, kubescape, tekton-chains, falcoctl, falco,...
7.5AI Score
Vulnerabilities for packages: pulumi-kubernetes-operator, cert-manager, flux-image-reflector-controller, buildkitd, ksops, policy-controller, kubevela, terraform, gitsign, vault-csi-provider, cosign, flux-helm-controller, prometheus, fulcio, zot, aactl, keda, gh, vexctl, glab, tkn, bank-vaults,...
6CVSS
6AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: cert-manager, gitsign, cosign, fulcio, traefik, istio-pilot-discovery, aactl, keda, vault, vexctl, external-secrets-operator, cilium-envoy, tkn, oauth2-proxy, tekton-pipelines, dex, flux-kustomize-controller, rekor, spire-server, argo-cd, sops, terragrunt,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: thanos, terraform, pulumi-language-dotnet, traefik, gobuster, up, memcached-exporter, nvidia-device-plugin, mc, tomcat, neuvector-agent, gatekeeper, pulumi-language-java, weaviate, envoy-ratelimit, terraform-provider-azurerm, nri-prometheus,...
7.5CVSS
9AI Score
0.732EPSS