GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: vexctl, rclone, cfssl, cadvisor, datadog-agent, terraform-provider-aws, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, metrics-server, prometheus-pushgateway, aactl, eksctl, kube-state-metrics, golangci-lint, sops,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.7AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: mkcert, rclone, cfssl, cadvisor, docker-credential-ecr-login, kubernetes-csi-external-snapshotter, crossplane-provider-azure, metrics-server, go-licenses, aactl, eksctl, kube-state-metrics, golangci-lint, sops, kubeadm-bootstrap-controller, croc, istio-operator,...
6.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: mkcert, vexctl, gcsfuse, kube-state-metrics, croc, pulumi-language-dotnet, nri-kubernetes, zot, supercronic, nri-f5, grafana-agent-operator, calico, memcached-exporter, nri-mongodb, kubernetes-csi-node-driver-registrar, node-problem-detector, clusterctl, trillian,...
6.7AI Score
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: mkcert, rclone, cfssl, cadvisor, docker-credential-ecr-login, kubernetes-csi-external-snapshotter, crossplane-provider-azure, metrics-server, go-licenses, aactl, eksctl, kube-state-metrics, golangci-lint, sops, kubeadm-bootstrap-controller, croc, istio-operator,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: mkcert, vexctl, wolfictl, terraform-provider-aws, gcsfuse, kube-state-metrics, croc, age, pulumi-language-dotnet, nri-kubernetes, supercronic, nri-f5, grafana-agent-operator, memcached-exporter, nri-mongodb, kubernetes-csi-node-driver-registrar, node-problem-detector,....
7.2AI Score
Vulnerabilities for packages: kubernetes-csi-external-snapshotter, crossplane-provider-azure, metrics-server, prometheus-pushgateway, aactl, kube-state-metrics, prometheus-operator, prometheus-elasticsearch-exporter, telegraf, pulumi-language-dotnet, cluster-autoscaler, zot,...
6.1CVSS
6.9AI Score
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: vexctl, traefik, k3s, cadvisor, k9s, dagger, datadog-agent, k8sgpt, buildkitd, aactl, eksctl, filebeat, timoni, pulumi, guac, falcoctl, kubeflow-katib, skaffold, nerdctl, telegraf, up, helm, slsa-verifier, ctop, cert-manager, falco, kots, zot, docker-credential-gcr,...
7.8CVSS
8AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: vexctl, rclone, cfssl, cadvisor, datadog-agent, terraform-provider-aws, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, metrics-server, prometheus-pushgateway, aactl, eksctl, kube-state-metrics, golangci-lint, sops,...
6.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.7AI Score
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.5AI Score
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, terraform-provider-aws, crossplane-provider-azure, metrics-server, go-licenses, aactl, eksctl, kube-state-metrics, sops, istio-operator, gitlab-kas, telegraf, nri-mssql, cert-manager, cluster-autoscaler, zot, flux-source-controller, k3d,...
5.9CVSS
7.1AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: mkcert, rclone, cfssl, cadvisor, docker-credential-ecr-login, kubernetes-csi-external-snapshotter, crossplane-provider-azure, metrics-server, go-licenses, aactl, eksctl, kube-state-metrics, golangci-lint, sops, kubeadm-bootstrap-controller, croc, istio-operator,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: mkcert, vexctl, gcsfuse, kube-state-metrics, croc, pulumi-language-dotnet, nri-kubernetes, zot, supercronic, nri-f5, grafana-agent-operator, calico, memcached-exporter, nri-mongodb, kubernetes-csi-node-driver-registrar, node-problem-detector, clusterctl, trillian,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: mkcert, vexctl, wolfictl, terraform-provider-aws, gcsfuse, kube-state-metrics, croc, age, pulumi-language-dotnet, nri-kubernetes, supercronic, nri-f5, grafana-agent-operator, memcached-exporter, nri-mongodb, kubernetes-csi-node-driver-registrar, node-problem-detector,....
7.2AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: vexctl, rclone, wolfictl, kaniko, terraform-provider-google, aactl, pulumi-language-java, pulumi, sops, flux-image-automation-controller, flux, skaffold, slsa-verifier, pulumi-language-dotnet, pulumi-language-yaml, crossplane, falco, vault, zot,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-snapshotter, crossplane-provider-azure, metrics-server, prometheus-pushgateway, aactl, kube-state-metrics, istio-operator, prometheus-operator, prometheus-elasticsearch-exporter, telegraf, pulumi-language-dotnet, cluster-autoscaler, zot,...
7.5CVSS
8.4AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: mkcert, vexctl, wolfictl, terraform-provider-aws, gcsfuse, kube-state-metrics, croc, age, pulumi-language-dotnet, nri-kubernetes, supercronic, nri-f5, grafana-agent-operator, memcached-exporter, nri-mongodb, kubernetes-csi-node-driver-registrar, node-problem-detector,....
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-snapshotter, crossplane-provider-azure, metrics-server, prometheus-pushgateway, aactl, kube-state-metrics, prometheus-operator, prometheus-elasticsearch-exporter, telegraf, pulumi-language-dotnet, cluster-autoscaler, zot,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-snapshotter, crossplane-provider-azure, metrics-server, prometheus-pushgateway, aactl, kube-state-metrics, istio-operator, prometheus-operator, prometheus-elasticsearch-exporter, telegraf, pulumi-language-dotnet, cluster-autoscaler, zot,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, terraform-provider-aws, crossplane-provider-azure, metrics-server, go-licenses, aactl, eksctl, kube-state-metrics, sops, istio-operator, gitlab-kas, telegraf, nri-mssql, cert-manager, cluster-autoscaler, zot, flux-source-controller, k3d,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.7AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.7AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: mkcert, vexctl, wolfictl, terraform-provider-aws, gcsfuse, kube-state-metrics, croc, age, pulumi-language-dotnet, nri-kubernetes, supercronic, nri-f5, grafana-agent-operator, memcached-exporter, nri-mongodb, kubernetes-csi-node-driver-registrar, node-problem-detector,....
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: vexctl, traefik, k3s, cadvisor, k9s, dagger, datadog-agent, k8sgpt, buildkitd, aactl, eksctl, filebeat, timoni, pulumi, guac, falcoctl, kubeflow-katib, skaffold, nerdctl, telegraf, up, helm, slsa-verifier, ctop, cert-manager, falco, kots, zot, docker-credential-gcr,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: vexctl, cfssl, cadvisor, docker-credential-ecr-login, datadog-agent, kubernetes-csi-external-snapshotter, crossplane-provider-azure, gcsfuse, go-licenses, metrics-server, prometheus-pushgateway, eksctl, kube-state-metrics, golangci-lint, kubeadm-bootstrap-controller,.....
7.7AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: mkcert, rclone, cfssl, cadvisor, docker-credential-ecr-login, kubernetes-csi-external-snapshotter, crossplane-provider-azure, metrics-server, go-licenses, aactl, eksctl, kube-state-metrics, golangci-lint, sops, kubeadm-bootstrap-controller, croc, istio-operator,...
6.5AI Score
Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)
Check Point Security Gateway is a secure web gateway that is an on-premises or cloud-delivered network security service. Check Point enforces network security policies, including firewall, VPN, and intrusion prevention capabilities. Check Point published a zero-day advisory on May 28, 2024,...
8.6CVSS
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. WebSphere Application Server is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct...
4.3CVSS
Zend-Diactoros URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
Zend-Diactoros URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
Zend-Feed URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
Zend-Feed URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
Exploit for Code Injection in Exiftool Project Exiftool
CVE-2021-22204 Summary of the CVE Improper sanitization...
7.8CVSS
Zend-HTTP URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
Zend-HTTP URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
aimeos-core arbitrary file uopload vulnerability
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
aimeos-core arbitrary file uopload vulnerability
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
Zend_Dojo_View_Helper_Editor was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a...
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
Zend_Dojo_View_Helper_Editor was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a...
Zendframework URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
Zendframework URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
Cross-site scripting (XSS) vulnerability in Description metadata
Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the.....
4.8CVSS
Cross-site scripting (XSS) vulnerability in Description metadata
Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the.....
4.8CVSS
Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details **...
5.3CVSS
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...