Album And Image Gallery With Lightbox – Flagallery Photo Portfolio Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

CVE-2024-34500

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in....

CVE-2024-34502

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an...

CVE-2024-34506

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...

CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by...

m.petrescu.xyz Cross Site Scripting vulnerability OBB-3925974

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pinhalmaior.pt Cross Site Scripting vulnerability OBB-3925973

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4500

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Employee/edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack can be initiated remotely....

azandalucia.com Cross Site Scripting vulnerability OBB-3925972

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Malicious code in zxcvbnmmmmmmkjhgfdssss (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8a752311495084af562274cafb23e80b14975e577ef5aa0af0728f4b95eb14f1) The OpenSSF Package Analysis project identified 'zxcvbnmmmmmmkjhgfdssss' @ 1.0.1 (npm) as malicious. It is considered malicious because: The...

Malicious code in @assurantlabs/home-device-inventory (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a9af4bb0451549784551651c28cdaaa58ba61dff221c8c9b2dced0075f92a10f) The OpenSSF Package Analysis project identified '@assurantlabs/home-device-inventory' @ 999.100.1 (npm) as malicious. It is considered malicious...

CVE-2024-34474

Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as...

HardeningMeter - Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries And Systems

HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations (ASLR, PIC,.....

vnba.org.vn Cross Site Scripting vulnerability OBB-3925965

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....

GHSA-33PG-M6JH-5237 vulnerabilities

Vulnerabilities for packages: ctop, helm, ko, bom, up, flux-helm-controller-0.37, melange, flux-image-reflector-controller,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, rook, kiam, rekor, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, pulumi-kubernetes-operator, kube-rbac-proxy-fips, istio-pilot-discovery, nodetaint, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, terraform-provider-aws, hubble-ui, flux-source-controller, kubeflow-pipelines, thanos, tctl, kine, kyverno, trust-manager, atlantis, newrelic-nri-kube-events, prometheus-adapter, vault,...

GHSA-HQXW-F8MX-CPMW vulnerabilities

Vulnerabilities for packages: bom, flux-helm-controller-0.37, prometheus, kubernetes-dashboard, traefik, aactl, flux-image-reflector-controller, kubernetes-fips,...

CVE-2023-28840 vulnerabilities

Vulnerabilities for packages: ctop, helm, ko, bom, up, flux-helm-controller-0.37, melange, flux-image-reflector-controller,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, gitness, gitlab-shell, kubernetes-ingress-defaultbackend, stakater-reloader, telegraf, rqlite, keda, kiam, prometheus-redis-exporter-fips, kube-fluentd-operator, tctl, bank-vaults, pulumi-kubernetes-operator, cert-manager-fips,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, gitness, cilium-envoy, gitlab-shell, stakater-reloader, telegraf, rqlite, kiam, keda, prometheus-redis-exporter-fips, calico, tctl, envoy-ratelimit, pulumi-kubernetes-operator, bank-vaults-fips, ip-masq-agent, terraform-provider-azurerm,.....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: paranoia, grafana-operator, aws-flb-cloudwatch, tctl, newrelic-nri-statsd, croc, prometheus-adapter, fq, gitlab-kas, protoc-gen-go-grpc, nri-postgresql, apko, gosu, confluent-common-docker, vt-cli, calico, flux-image-automation-controller, gh, stakater-reloader, k9s,.....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: cortex-fips, kubernetes-csi-livenessprobe, kiam, rekor, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, istio-pilot-discovery, nodetaint, cadvisor-fips, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, rook, kiam, rekor, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, pulumi-kubernetes-operator, kube-rbac-proxy-fips, istio-pilot-discovery, nodetaint, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-attacher, dive, thanos, flux-source-controller, tctl, kyverno, trust-manager, prometheus-adapter, vault, prometheus-bind-exporter, influxd, prometheus-alertmanager, crossplane-provider-azure, mc, apko, runc, oauth2-proxy,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, nri-kafka, thanos, flux-source-controller, kubeflow-pipelines, nsc, kyverno, atlantis, prometheus-adapter, vault, kyverno-policy-reporter, prometheus-bind-exporter, influxd, fq, prometheus-alertmanager, gitlab-kas, crossplane-provider-azure,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: cri-tools, tekton-pipelines, skopeo, nerdctl, istio-pilot-discovery, pulumi, aactl, dagger, k3s, flux-helm-controller, loki, newrelic-infrastructure-agent, kyverno, zarf, kots, eksctl, kubeflow-katib, traefik, falco, cert-manager, kubevela, timoni, prometheus, zot,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, terraform-provider-aws, hubble-ui, flux-source-controller, kubeflow-pipelines, thanos, tctl, kine, kyverno, trust-manager, atlantis, newrelic-nri-kube-events, prometheus-adapter, vault,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....

GHSA-6WRF-MXFJ-PF5P vulnerabilities

Vulnerabilities for packages: ctop, helm, ko, bom, up, flux-helm-controller-0.37, melange, flux-image-reflector-controller,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: cortex-fips, kubernetes-csi-livenessprobe, kiam, rekor, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, istio-pilot-discovery, nodetaint, cadvisor-fips, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s,...

CVE-2023-28842 vulnerabilities

Vulnerabilities for packages: ctop, helm, ko, bom, up, flux-helm-controller-0.37, melange, flux-image-reflector-controller,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: paranoia, grafana-operator, aws-flb-cloudwatch, tctl, newrelic-nri-statsd, croc, prometheus-adapter, fq, gitlab-kas, protoc-gen-go-grpc, nri-postgresql, apko, gosu, confluent-common-docker, vt-cli, calico, flux-image-automation-controller, gh, stakater-reloader, k9s,.....

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kubernetes-dns-node-cache, kubernetes-csi-external-attacher, dive, thanos, flux-source-controller, tctl, kyverno, trust-manager, atlantis, prometheus-adapter, vault, prometheus-bind-exporter, influxd, prometheus-alertmanager, crossplane-provider-azure, mc, apko,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe, kiam, calico, tctl, nri-kubernetes, nvidia-device-plugin-fips, shfmt, pulumi-kubernetes-operator, kube-rbac-proxy-fips, nodetaint, aws-flb-cloudwatch, kubernetes-csi-external-provisioner, vault-k8s, nuclei, kine,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: pulumi, flux-notification-controller, boring-registry, aactl, flux-source-controller, pulumi-language-yaml, terraform-provider-google, zarf, crossplane-provider-aws, melange, gitness, vault, falco, tkn, kubevela, flux, spire-server, zot, apko,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: paranoia, kubernetes-dns-node-cache, grafana-operator, kubernetes-csi-external-attacher, dive, delve, petname, nri-kafka, aws-flb-cloudwatch, hubble-ui, kubeflow-pipelines, thanos, tctl, kine, prometheus-adapter, kyverno-policy-reporter, prometheus-bind-exporter, fq,.....