BIG-IP Advanced WAF, ASM, And APM Security Vulnerabilities

CVE-2024-3745 MSI Afterburner v4.6.6.16381 Beta 3 - ACL Bypass

MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged...

CVE-2024-5088

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-5088 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

ketterer-rarebooks.com Cross Site Scripting vulnerability OBB-3928523

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4432

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

CVE-2024-3658

The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in.....

US Official Warns a Cell Network Flaw Is Being Exploited for Spying

Plus: Three arrested in North Korean IT workers fraud ring, Tesla staffers shared videos from owners’ cars, and...

CVE-2024-3658 Build App Online <= 1.0.21 - Authentication Bypass via Header

The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in.....

CVE-2024-4432 Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, kaniko, jaeger-agent, cortex, eks-distro-kubernetes-csi-external-provisioner,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: spark-operator, calico-fips, aws-ebs-csi-driver, aws-efs-csi-driver, ip-masq-agent, kubernetes-dns-node-cache, cluster-autoscaler, prometheus-adapter, aws-efs-csi-driver-fips, calico, cluster-autoscaler-fips, nodetaint,...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: kubernetes-fips, aws-ebs-csi-driver-fips, calico-fips, aws-ebs-csi-driver, ip-masq-agent, kubernetes-dns-node-cache, kubernetes, kubernetes-csi-driver-hostpath, kubeflow-pipelines, spark-operator, cluster-autoscaler, local-static-provisioner, aws-efs-csi-driver-fips,.....

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: hey, nvidia-device-plugin, secrets-store-csi-driver, scorecard, volume-modifier-for-k8s-fips, mc, istio-envoy, py3-seldon-core, cilium-envoy, prometheus-postgres-exporter, dynamic-localpv-provisioner, prometheus-elasticsearch-exporter, nats, cortex, ollama, hugo,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, hey, sbom-scorecard, docker-credential-ecr-login, scorecard, prometheus-statsd-exporter, cilium-envoy, prometheus-statsd-exporter-fips, helm-push, go-bindata, nats, cortex, protoc-gen-go-grpc, kubernetes-csi-livenessprobe,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, nvidia-device-plugin, volume-modifier-for-k8s-fips, harbor-fips, cert-manager-webhook-pdns-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, jaeger-agent, opentelemetry-collector-contrib-fips,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, harbor-fips, cert-manager-webhook-pdns-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, kaniko, jaeger-agent,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, kaniko, jaeger-agent, cortex, eks-distro-kubernetes-csi-external-provisioner,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, hey, sbom-scorecard, docker-credential-ecr-login, scorecard, prometheus-statsd-exporter, cilium-envoy, prometheus-statsd-exporter-fips, helm-push, go-bindata, nats, cortex, protoc-gen-go-grpc, kubernetes-csi-livenessprobe,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, nvidia-device-plugin, volume-modifier-for-k8s-fips, harbor-fips, cert-manager-webhook-pdns-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, jaeger-agent, opentelemetry-collector-contrib-fips,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, harbor-fips, cert-manager-webhook-pdns-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, kaniko, jaeger-agent,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: spark-operator, calico-fips, aws-ebs-csi-driver, aws-efs-csi-driver, ip-masq-agent, kubernetes-dns-node-cache, cluster-autoscaler, prometheus-adapter, aws-efs-csi-driver-fips, calico, cluster-autoscaler-fips, nodetaint,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, hey, sbom-scorecard, docker-credential-ecr-login, scorecard, prometheus-statsd-exporter, cilium-envoy, prometheus-statsd-exporter-fips, helm-push, go-bindata, nats, cortex, protoc-gen-go-grpc, kubernetes-csi-livenessprobe,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, nvidia-device-plugin, harbor-fips, cert-manager-webhook-pdns-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, jaeger-agent, opentelemetry-collector-contrib-fips, cortex, multus-cni-fips,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, nvidia-device-plugin, harbor-fips, cert-manager-webhook-pdns-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, jaeger-agent, opentelemetry-collector-contrib-fips, cortex, multus-cni-fips,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: kubernetes-fips, aws-ebs-csi-driver-fips, calico-fips, aws-ebs-csi-driver, ip-masq-agent, kubernetes-dns-node-cache, kubernetes, kubernetes-csi-driver-hostpath, kubeflow-pipelines, spark-operator, cluster-autoscaler, local-static-provisioner, aws-efs-csi-driver-fips,.....

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: hey, nvidia-device-plugin, secrets-store-csi-driver, scorecard, volume-modifier-for-k8s-fips, mc, istio-envoy, py3-seldon-core, cilium-envoy, prometheus-postgres-exporter, dynamic-localpv-provisioner, prometheus-elasticsearch-exporter, nats, cortex, ollama, hugo,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, hey, sbom-scorecard, docker-credential-ecr-login, scorecard, prometheus-statsd-exporter, cilium-envoy, prometheus-statsd-exporter-fips, helm-push, go-bindata, nats, cortex, protoc-gen-go-grpc, kubernetes-csi-livenessprobe,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: scorecard, envoy-ratelimit, conftest, hugo, kaf, bom, tctl, dgraph, ollama, cilium-envoy, cert-manager, terraform-provider-aws, vault-csi-provider, hey, nodetaint, node-problem-detector, flux-helm-controller, kubevela, kubernetes-csi-node-driver-registrar, weaviate,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, cert-exporter, restic, scorecard, envoy-ratelimit, kubeflow-pipelines, conftest, hugo, loki, cloudflared, kaf, secrets-store-csi-driver-provider-aws, trust-manager, cluster-proportional-autoscaler, supercronic,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, cert-exporter, scorecard, envoy-ratelimit, kubeflow-pipelines, loki, mage, esbuild, kaf, secrets-store-csi-driver-provider-aws, bom, cluster-proportional-autoscaler, docker-credential-acr-env, supercronic, tctl, k3d,...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: calico, ip-masq-agent, kubeflow-pipelines, kubernetes-csi-driver-hostpath, aws-ebs-csi-driver, cluster-autoscaler, local-static-provisioner, nodetaint, kubernetes-dns-node-cache, spark-operator, kubernetes,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter, esbuild, secrets-store-csi-driver-provider-aws, trust-manager, tctl, docker-credential-acr-env, doppler-kubernetes-operator, ollama, wazero, consul, kuberay-operator, node-problem-detector, opentelemetry-collector-contrib,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: protoc-gen-go-grpc, scorecard, smarter-device-manager, docker-credential-ecr-login, aws-flb-cloudwatch, mage, grpcurl, prometheus-stackdriver-exporter, gitlab-logger, k3d, slsa-verifier, dgraph, amass, aactl, configmap-reload, sops, cilium-envoy, nats, ctop, falco,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, cert-exporter, restic, scorecard, envoy-ratelimit, kubeflow-pipelines, conftest, hugo, loki, cloudflared, kaf, secrets-store-csi-driver-provider-aws, trust-manager, cluster-proportional-autoscaler, supercronic,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, cert-exporter, scorecard, envoy-ratelimit, kubeflow-pipelines, loki, mage, esbuild, kaf, secrets-store-csi-driver-provider-aws, bom, cluster-proportional-autoscaler, docker-credential-acr-env, supercronic, tctl, k3d,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, cert-exporter, scorecard, envoy-ratelimit, kubeflow-pipelines, loki, mage, esbuild, kaf, secrets-store-csi-driver-provider-aws, bom, cluster-proportional-autoscaler, docker-credential-acr-env, supercronic, tctl, k3d,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: cert-exporter, scorecard, conftest, mage, cloudflared, kaf, secrets-store-csi-driver-provider-aws, overmind, bom, gostatsd, docker-credential-acr-env, grafana-agent-operator, trust-manager, k3d, kubeadm-bootstrap-controller, osv-scanner, dgraph, guac, tfsec, opa,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: cert-exporter, scorecard, conftest, mage, cloudflared, kaf, secrets-store-csi-driver-provider-aws, overmind, bom, gostatsd, docker-credential-acr-env, grafana-agent-operator, trust-manager, k3d, kubeadm-bootstrap-controller, osv-scanner, dgraph, guac, tfsec, opa,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter, esbuild, secrets-store-csi-driver-provider-aws, trust-manager, tctl, docker-credential-acr-env, doppler-kubernetes-operator, ollama, wazero, consul, kuberay-operator, node-problem-detector, opentelemetry-collector-contrib,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: cert-exporter, scorecard, conftest, mage, cloudflared, kaf, secrets-store-csi-driver-provider-aws, overmind, bom, gostatsd, docker-credential-acr-env, grafana-agent-operator, trust-manager, k3d, kubeadm-bootstrap-controller, osv-scanner, dgraph, guac, tfsec, opa,...