BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, WebSafe Security Vulnerabilities

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: guac, argo-workflows, keda, minio, cilium, external-secrets-operator, fulcio, dgraph, tekton-pipelines, nerdctl, weaviate, ko, sigstore-scaffolding, step-ca, skopeo, goreleaser, vexctl, rook, falco, gomplate, cloudflared, melange, rekor, grafana, slsa-verifier, step,.....

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: grpcurl, timoni, aws-load-balancer-controller, dive, git-lfs, nri-prometheus, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, gomplate, kube-state-metrics, hey, vault, thanos, secrets-store-csi-driver-provider-gcp,....

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: grpcurl, timoni, aws-load-balancer-controller, dive, git-lfs, nri-prometheus, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, gomplate, kube-state-metrics, amass, hey, go, vault, thanos,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-attacher, keda, minio, grype, dgraph, scorecard, calico, spark-operator, gitlab-pages, pulumi-language-yaml, terraform, weaviate, prometheus, cilium-envoy, ko, prometheus-stackdriver-exporter, coredns, external-dns, secrets-store-csi-driver,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: nri-mssql, argo-workflows, git-lfs, gitlab-kas, calico, tekton-pipelines, gitness, kubewatch, secrets-store-csi-driver, gomplate, kube-state-metrics, amass, step, secrets-store-csi-driver-provider-azure, vault, terraform-provider-azurerm, thanos,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: istio-operator, helm-push, k9s, zot, cilium-cli, trivy, zarf, up, cert-manager, helm-operator, kubescape, kots, eksctl, chartmuseum, flux-helm-controller, flux-source-controller,...

CVE-2023-29404 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

GHSA-68G3-2P3G-W9PQ vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: grpcurl, git-lfs, calico, nri-prometheus, gitness, kubewatch, cilium-envoy, stakater-reloader, secrets-store-csi-driver, gomplate, amass, hey, nginx-stable, dotnet, terraform-provider-azurerm, envoy-ratelimit, secrets-store-csi-driver-provider-gcp, kind,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...

GHSA-MW99-9CHC-XW7R vulnerabilities

Vulnerabilities for packages: zot, scorecard, tekton-pipelines, pulumi-language-yaml, gitness, goreleaser, nuclei, gomplate, pulumi-kubernetes-operator, kubevela, gitsign, kots, pulumi-language-java, argo-cd, flux-kustomize-controller, go-licenses, apko, pulumi, src-fingerprint,...

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: zot, ko, neuvector-sigstore-interface, goreleaser, vexctl, falco, melange, kubescape, slsa-verifier, aactl, gitsign, skaffold, flux-source-controller, apko, policy-controller, falcoctl, wolfictl, tekton-chains, zarf, tkn,...

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: zot, ko, neuvector-sigstore-interface, goreleaser, vexctl, falco, melange, kubescape, slsa-verifier, aactl, gitsign, skaffold, flux-source-controller, apko, policy-controller, falcoctl, wolfictl, tekton-chains, zarf, tkn,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: guac, argo-workflows, k3s, newrelic-infrastructure-agent, cri-tools, k9s, timoni, zot, cadvisor, helm-operator, scorecard, tekton-pipelines, flux-image-reflector-controller, traefik, nerdctl, gitlab-runner, prometheus, crane, skopeo, loki, goreleaser, vexctl, trivy,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...

CVE-2023-49568 vulnerabilities

Vulnerabilities for packages: zot, scorecard, tekton-pipelines, pulumi-language-yaml, gitness, goreleaser, nuclei, gomplate, pulumi-kubernetes-operator, kubevela, gitsign, kots, pulumi-language-java, argo-cd, flux-kustomize-controller, go-licenses, apko, pulumi, src-fingerprint,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, local-static-provisioner, calico, spark-operator, aws-ebs-csi-driver, kubernetes, cluster-autoscaler, node-feature-discovery,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, k3s, grype, k9s, zot, cadvisor, nerdctl, runc, skopeo, trivy, nvidia-device-plugin, kubescape, telegraf, kaniko, ctop, syft, kots, datadog-agent, kubernetes, skaffold, buildkitd, docker, ingress-nginx-controller, wolfictl, zarf,...

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-24795, CVE-2023-38709]

Summary IBM HTTP Server (IHS) is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. [CVE-2024-24795, CVE-2023-38709] Vulnerability Details Refer to the security bulletin(s) listed in the...

BIT-opencart-2024-21518

This affects versions of the package opencart/opencart from 4.0.0-0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

BIT-opencart-2024-21519

This affects versions of the package opencart/opencart from 4.0.0-0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...

CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

CVE-2024-4196

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

CVE-2024-4196

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1813)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...