PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in....
6.3AI Score
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an...
7.3AI Score
An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...
7.3AI Score
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by...
6.4AI Score
m.petrescu.xyz Cross Site Scripting vulnerability OBB-3925974
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
pinhalmaior.pt Cross Site Scripting vulnerability OBB-3925973
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Employee/edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack can be initiated remotely....
6.3CVSS
7.6AI Score
azandalucia.com Cross Site Scripting vulnerability OBB-3925972
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Malicious code in zxcvbnmmmmmmkjhgfdssss (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8a752311495084af562274cafb23e80b14975e577ef5aa0af0728f4b95eb14f1) The OpenSSF Package Analysis project identified 'zxcvbnmmmmmmkjhgfdssss' @ 1.0.1 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
Malicious code in @assurantlabs/home-device-inventory (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a9af4bb0451549784551651c28cdaaa58ba61dff221c8c9b2dced0075f92a10f) The OpenSSF Package Analysis project identified '@assurantlabs/home-device-inventory' @ 999.100.1 (npm) as malicious. It is considered malicious...
7.3AI Score
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as...
7.4AI Score
HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations (ASLR, PIC,.....
7.3AI Score
vnba.org.vn Cross Site Scripting vulnerability OBB-3925965
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....
7.7AI Score
0.0004EPSS
GHSA-33PG-M6JH-5237 vulnerabilities
Vulnerabilities for packages: ctop, helm, ko, bom, up, flux-helm-controller-0.37, melange, flux-image-reflector-controller,...
7.3AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, rook, kiam, rekor, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, pulumi-kubernetes-operator, kube-rbac-proxy-fips, istio-pilot-discovery, nodetaint, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.3AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.5AI Score
0.0004EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.3AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.5AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, terraform-provider-aws, hubble-ui, flux-source-controller, kubeflow-pipelines, thanos, tctl, kine, kyverno, trust-manager, atlantis, newrelic-nri-kube-events, prometheus-adapter, vault,...
7.5AI Score
GHSA-HQXW-F8MX-CPMW vulnerabilities
Vulnerabilities for packages: bom, flux-helm-controller-0.37, prometheus, kubernetes-dashboard, traefik, aactl, flux-image-reflector-controller, kubernetes-fips,...
7.3AI Score
CVE-2023-28840 vulnerabilities
Vulnerabilities for packages: ctop, helm, ko, bom, up, flux-helm-controller-0.37, melange, flux-image-reflector-controller,...
8.7CVSS
7.5AI Score
0.003EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, gitness, gitlab-shell, kubernetes-ingress-defaultbackend, stakater-reloader, telegraf, rqlite, keda, kiam, prometheus-redis-exporter-fips, kube-fluentd-operator, tctl, bank-vaults, pulumi-kubernetes-operator, cert-manager-fips,...
7.5CVSS
8.2AI Score
0.002EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, gitness, cilium-envoy, gitlab-shell, stakater-reloader, telegraf, rqlite, kiam, keda, prometheus-redis-exporter-fips, calico, tctl, envoy-ratelimit, pulumi-kubernetes-operator, bank-vaults-fips, ip-masq-agent, terraform-provider-azurerm,.....
7.5CVSS
7.8AI Score
0.739EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: paranoia, grafana-operator, aws-flb-cloudwatch, tctl, newrelic-nri-statsd, croc, prometheus-adapter, fq, gitlab-kas, protoc-gen-go-grpc, nri-postgresql, apko, gosu, confluent-common-docker, vt-cli, calico, flux-image-automation-controller, gh, stakater-reloader, k9s,.....
6.2AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: cortex-fips, kubernetes-csi-livenessprobe, kiam, rekor, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, istio-pilot-discovery, nodetaint, cadvisor-fips, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s,...
5.8AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, rook, kiam, rekor, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, pulumi-kubernetes-operator, kube-rbac-proxy-fips, istio-pilot-discovery, nodetaint, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
5.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.3AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.5AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.5AI Score
0.0004EPSS
Vulnerabilities for packages: kubernetes-csi-external-attacher, dive, thanos, flux-source-controller, tctl, kyverno, trust-manager, prometheus-adapter, vault, prometheus-bind-exporter, influxd, prometheus-alertmanager, crossplane-provider-azure, mc, apko, runc, oauth2-proxy,...
6.1CVSS
7.7AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, nri-kafka, thanos, flux-source-controller, kubeflow-pipelines, nsc, kyverno, atlantis, prometheus-adapter, vault, kyverno-policy-reporter, prometheus-bind-exporter, influxd, fq, prometheus-alertmanager, gitlab-kas, crossplane-provider-azure,...
5.9CVSS
7AI Score
0.962EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: cri-tools, tekton-pipelines, skopeo, nerdctl, istio-pilot-discovery, pulumi, aactl, dagger, k3s, flux-helm-controller, loki, newrelic-infrastructure-agent, kyverno, zarf, kots, eksctl, kubeflow-katib, traefik, falco, cert-manager, kubevela, timoni, prometheus, zot,...
7.8CVSS
8AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, terraform-provider-aws, hubble-ui, flux-source-controller, kubeflow-pipelines, thanos, tctl, kine, kyverno, trust-manager, atlantis, newrelic-nri-kube-events, prometheus-adapter, vault,...
6.2AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....
7.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....
7.7AI Score
0.0004EPSS
GHSA-6WRF-MXFJ-PF5P vulnerabilities
Vulnerabilities for packages: ctop, helm, ko, bom, up, flux-helm-controller-0.37, melange, flux-image-reflector-controller,...
7.3AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: cortex-fips, kubernetes-csi-livenessprobe, kiam, rekor, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, istio-pilot-discovery, nodetaint, cadvisor-fips, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s,...
7.3AI Score
CVE-2023-28842 vulnerabilities
Vulnerabilities for packages: ctop, helm, ko, bom, up, flux-helm-controller-0.37, melange, flux-image-reflector-controller,...
6.8CVSS
7.5AI Score
0.004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: paranoia, grafana-operator, aws-flb-cloudwatch, tctl, newrelic-nri-statsd, croc, prometheus-adapter, fq, gitlab-kas, protoc-gen-go-grpc, nri-postgresql, apko, gosu, confluent-common-docker, vt-cli, calico, flux-image-automation-controller, gh, stakater-reloader, k9s,.....
7.5AI Score
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.3AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: kubernetes-dns-node-cache, kubernetes-csi-external-attacher, dive, thanos, flux-source-controller, tctl, kyverno, trust-manager, atlantis, prometheus-adapter, vault, prometheus-bind-exporter, influxd, prometheus-alertmanager, crossplane-provider-azure, mc, apko,...
7.5CVSS
8.4AI Score
0.002EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.5AI Score
0.0004EPSS
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...
7.3AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: pulumi, flux-notification-controller, boring-registry, aactl, flux-source-controller, pulumi-language-yaml, terraform-provider-google, zarf, crossplane-provider-aws, melange, gitness, vault, falco, tkn, kubevela, flux, spire-server, zot, apko,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....
7.5AI Score