Announcement & Notification Banner – Bulletin Security Vulnerabilities

importadosbr.net Cross Site Scripting vulnerability OBB-3929560

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

spielstil.net Cross Site Scripting vulnerability OBB-3929559

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

users.netnitco.net Cross Site Scripting vulnerability OBB-3929558

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bbqhub.net Cross Site Scripting vulnerability OBB-3929557

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: flux-source-controller, kpt, flux-kustomize-controller, hugo, nri-prometheus, nginx-mainline, istio-envoy, kaf, gitlab-runner, aws-efs-csi-driver, conftest, keda, secrets-store-csi-driver, rqlite, cue, argo-cd, ollama, frp, pulumi-language-dotnet, gitlab-pages,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: cri-tools, cloud-sql-proxy, flux-source-controller, protoc-gen-go-grpc, kpt, guac, chartmuseum, kyverno-policy-reporter-ui, kubernetes-csi-driver-hostpath, prometheus-nats-exporter, aws-ebs-csi-driver, dagger, kube-bench, prometheus-mongodb-exporter,...

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: flux-notification-controller, pulumi-kubernetes-operator, melange, argo-workflows,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: postgres-operator, flux-source-controller, dagdotdev, kyverno-policy-reporter-ui, speedtest-go, nri-haproxy, crane, istio-operator, eksctl, tailscale, temporal, step-ca, rqlite, kube-rbac-proxy, skopeo, gh, frp, spegel, go-fips, kubernetes-dashboard-metrics-scraper,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: cri-tools, wgcf, grafana-rollout-operator, flux-source-controller, helm, go, kpt, src-fingerprint, guac, chartmuseum, kyverno-policy-reporter-ui, kubernetes-csi-driver-hostpath, prometheus-nats-exporter, delve, flux-kustomize-controller, hello-world-golang,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: cri-tools, wgcf, grafana-rollout-operator, flux-source-controller, helm, go, kpt, src-fingerprint, guac, chartmuseum, kyverno-policy-reporter-ui, kubernetes-csi-driver-hostpath, prometheus-nats-exporter, delve, flux-kustomize-controller, hello-world-golang,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: cloud-sql-proxy, flux-source-controller, kpt, yq, chartmuseum, flux-kustomize-controller, aws-ebs-csi-driver, prometheus-mongodb-exporter, prometheus-pushgateway, hugo, nri-prometheus, kaf, gitlab-runner, aws-efs-csi-driver, prometheus-postgres-exporter, apko, keda,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: cri-tools, cloud-sql-proxy, flux-source-controller, protoc-gen-go-grpc, kpt, guac, chartmuseum, kyverno-policy-reporter-ui, kubernetes-csi-driver-hostpath, prometheus-nats-exporter, aws-ebs-csi-driver, dagger, kube-bench, prometheus-mongodb-exporter,...

GHSA-3F2Q-6294-FMQ5 vulnerabilities

Vulnerabilities for packages: flux-notification-controller, pulumi-kubernetes-operator, melange, argo-workflows,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: postgres-operator, flux-source-controller, dagdotdev, kyverno-policy-reporter-ui, speedtest-go, nri-haproxy, crane, istio-operator, eksctl, tailscale, temporal, step-ca, rqlite, kube-rbac-proxy, skopeo, gh, frp, spegel, go-fips, kubernetes-dashboard-metrics-scraper,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: cri-tools, wgcf, grafana-rollout-operator, flux-source-controller, helm, go, kpt, src-fingerprint, guac, chartmuseum, kyverno-policy-reporter-ui, kubernetes-csi-driver-hostpath, prometheus-nats-exporter, delve, flux-kustomize-controller, hello-world-golang,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: cloud-sql-proxy, flux-source-controller, go, kpt, yq, chartmuseum, flux-kustomize-controller, aws-ebs-csi-driver, prometheus-mongodb-exporter, prometheus-pushgateway, hugo, nri-prometheus, kaf, gitlab-runner, aws-efs-csi-driver, istio-operator,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, kubevela, flux-source-controller, spire-server, skaffold, crossplane, flux-kustomize-controller, slsa-verifier, terraform-provider-google, policy-controller, kaniko, pulumi-language-java, vault, scorecard, aactl, apko,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: cloud-sql-proxy, flux-source-controller, go, kpt, yq, chartmuseum, flux-kustomize-controller, aws-ebs-csi-driver, prometheus-mongodb-exporter, prometheus-pushgateway, hugo, nri-prometheus, kaf, gitlab-runner, aws-efs-csi-driver, istio-operator,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: cloud-sql-proxy, flux-source-controller, kpt, yq, chartmuseum, flux-kustomize-controller, aws-ebs-csi-driver, prometheus-mongodb-exporter, prometheus-pushgateway, hugo, nri-prometheus, kaf, gitlab-runner, aws-efs-csi-driver, prometheus-postgres-exporter, apko, keda,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: flux-source-controller, kpt, flux-kustomize-controller, hugo, nri-prometheus, nginx-mainline, istio-envoy, kaf, gitlab-runner, aws-efs-csi-driver, conftest, keda, secrets-store-csi-driver, rqlite, cue, argo-cd, ollama, frp, pulumi-language-dotnet, gitlab-pages,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, cluster-autoscaler, kubevela, mc, flux-source-controller, gatekeeper, ko, flux-helm-controller, kubernetes-csi-livenessprobe, dgraph, flux-kustomize-controller, terraform-provider-azurerm, slsa-verifier, k3d, node-problem-detector, dex,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: cri-tools, wgcf, grafana-rollout-operator, flux-source-controller, helm, go, kpt, src-fingerprint, guac, chartmuseum, kyverno-policy-reporter-ui, kubernetes-csi-driver-hostpath, prometheus-nats-exporter, delve, flux-kustomize-controller, hello-world-golang,...

caligare.com Cross Site Scripting vulnerability OBB-3929555

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

fredericksburgsoccer.org Cross Site Scripting vulnerability OBB-3929554

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-22274

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating...

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive...

CVE-2024-22273

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a...

biomerieux.fr Cross Site Scripting vulnerability OBB-3929553

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bedinsat.com.br Cross Site Scripting vulnerability OBB-3929551

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pingpdf.com Cross Site Scripting vulnerability OBB-3929548

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

theanalystpro.com Cross Site Scripting vulnerability OBB-3929545

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vacationparties.com Cross Site Scripting vulnerability OBB-3929544

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

resorts.hotel.co.za Cross Site Scripting vulnerability OBB-3929542

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Storage Fusion is vulnerable to authorization bypass due to go-restful.

Summary emicklei/go-restful is used by IBM Storage Fusion's isf-prereq-operator to create pre-requisite resources and deploy dependent operators. CVE-2022-1996. Vulnerability Details ** CVEID: CVE-2022-1996 DESCRIPTION: **go-restful could allow a remote attacker to bypass security restrictions,...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to arbitrary code execution due to Node.js IP package.

Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code...

Security Bulletin: IBM Storage Fusion is vulnerable to arbitrary code execution due to Node.js IP package.

Summary IP from Node.js is used by IBM Storage Fusion as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code on...

expresscar.am Cross Site Scripting vulnerability OBB-3929539

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

azslide.com Cross Site Scripting vulnerability OBB-3929536

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

asociacionsolosurf.com Cross Site Scripting vulnerability OBB-3929532

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bradwarestudios.com Cross Site Scripting vulnerability OBB-3929533

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

waracon.com Cross Site Scripting vulnerability OBB-3929527

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

newtoncountytimes.com Cross Site Scripting vulnerability OBB-3929524

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dbcs4christ.com Cross Site Scripting vulnerability OBB-3929526

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

theweddingentourage.com.sg Cross Site Scripting vulnerability OBB-3929523

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

newton.creativecirclemedia.com Cross Site Scripting vulnerability OBB-3929525

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

verzasca.net Cross Site Scripting vulnerability OBB-3929522

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

boxmyjob.com Cross Site Scripting vulnerability OBB-3929521

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vitaminasocial.com Cross Site Scripting vulnerability OBB-3929520

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stltrend.com Cross Site Scripting vulnerability OBB-3929519

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

allergimat.com Cross Site Scripting vulnerability OBB-3929518

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...