BIG-IP AFM & PEM Security Vulnerabilities
CVE-2024-35903 x86/bpf: Fix IP after emitting call depth accounting
In the Linux kernel, the following vulnerability has been resolved: x86/bpf: Fix IP after emitting call depth accounting Adjust the IP passed to emit_patch so it calculates the correct offset for the CALL instruction if x86_call_depth_emit_accounting emits code. Otherwise we will skip some...
6.9AI Score
0.0004EPSS
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: prometheus-adapter, nodetaint, ip-masq-agent, aws-efs-csi-driver, argo-cd-fips, aws-ebs-csi-driver, cluster-autoscaler-fips, calico, spark-operator, aws-efs-csi-driver-fips, cluster-autoscaler, kubernetes-dns-node-cache,...
7.3AI Score
Vulnerabilities for packages: nodetaint, kubeflow-pipelines, kubernetes-csi-driver-hostpath, kubernetes-fips, ip-masq-agent, node-feature-discovery, aws-ebs-csi-driver-fips, aws-ebs-csi-driver, kubernetes, cluster-autoscaler-fips, calico, local-static-provisioner, aws-efs-csi-driver-fips,...
3.6AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
6.3AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...
8AI Score
0.001EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, vault-k8s-fips, kots, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...
8.3AI Score
0.732EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, tekton-pipelines, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, docker, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, dynamic-localpv-provisioner, cilium, goreleaser, spark-operator, k8sgpt,...
7.3AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.1AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...
7.3AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, tekton-pipelines, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, docker, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, dynamic-localpv-provisioner, cilium, goreleaser, spark-operator, k8sgpt,...
6.2AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, tekton-pipelines, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic,...
6.5AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, tekton-pipelines, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic,...
7.3AI Score
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
7.3AI Score
Vulnerabilities for packages: prometheus-adapter, nodetaint, ip-masq-agent, aws-efs-csi-driver, argo-cd-fips, aws-ebs-csi-driver, cluster-autoscaler-fips, calico, spark-operator, aws-efs-csi-driver-fips, cluster-autoscaler, kubernetes-dns-node-cache,...
8.8AI Score
0.001EPSS
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...
7.1AI Score
0.001EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: nodetaint, kubeflow-pipelines, kubernetes-csi-driver-hostpath, kubernetes-fips, ip-masq-agent, node-feature-discovery, aws-ebs-csi-driver-fips, aws-ebs-csi-driver, kubernetes, cluster-autoscaler-fips, calico, local-static-provisioner, aws-efs-csi-driver-fips,...
7.3AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
7.3AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
6.3AI Score
0.0004EPSS
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, vault-k8s-fips, kots, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...
7.3AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...
7.3AI Score
[SECURITY] Fedora 39 Update: suricata-6.0.19-1.fc39
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
7.2AI Score
[SECURITY] Fedora 40 Update: suricata-7.0.5-1.fc40
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_enc_ipi_handler' function when the ctx_list has been deleted due to an unexpected.....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_dec_ipi_handler' function when the ctx_list has been deleted due to an unexpected.....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/bpf: Fix IP after emitting call depth accounting Adjust the IP passed to emit_patch so it calculates the correct offset for the CALL instruction if x86_call_depth_emit_accounting emits code. Otherwise we will skip some...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges......
6.6AI Score
0.0004EPSS
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which...
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges......
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges......
7.7AI Score
0.0004EPSS
Exploit for OS Command Injection in Fortinet Fortisiem
CVE-2023-34992: Fortinet FortiSIEM Unauthenticated Command...
9.8CVSS
8AI Score
0.001EPSS
CVE-2024-27415 netfilter: bridge: confirm multicast packets before passing them up the stack
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges......
6.5AI Score
0.0004EPSS
FBI Seizes BreachForums Website
The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum's backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be...
6.9AI Score
Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through...
3.7CVSS
4.3AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through...
3.7CVSS
6.8AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS