BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, And WebSafe Security Vulnerabilities

CVE-2024-6308 itsourcecode Simple Online Hotel Reservation System index.php sql injection

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to cross-site scripting due to WebSphere Application Server Liberty

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27270). Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site...

CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

CVE-2024-5990 ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

CVE-2024-5988 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

Security Bulletin: IBM Sterling B2B Integrator Standard Edition does not correctly restrict frame objects

Summary IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Vulnerability Details ** CVEID:...

WordPress 6.5.5 Security Release – What You Need to Know

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

Security Bulletin: Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting ( CVE-2023-42014).

Summary In Sterling B2B Integrator Standard Edition Console, the Content-Security-Policy header in the console for B2Bi is not set to the stictest available value. The Content-Security-Policy that is set by the server allows inline Javascript and "eval" functions in the browser. Allowing inline...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, k3s, grype, k9s, zot, cadvisor, nerdctl, runc, skopeo, trivy, nvidia-device-plugin, kubescape, telegraf, kaniko, ctop, syft, kots, datadog-agent, kubernetes, skaffold, buildkitd, docker, ingress-nginx-controller, wolfictl, zarf,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, grype, zot, tekton-pipelines, gitness, trivy, fuse-overlayfs-snapshotter, melange, kubescape, telegraf, eksctl, flux-helm-controller, kaniko, ctop, kubevela, up, kots, neuvector-agent, cert-manager, skaffold, flux-source-controller,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: grpcurl, argo-workflows, cri-tools, metallb, timoni, cilium, aws-load-balancer-controller, calico, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, nuclei,...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, local-static-provisioner, calico, spark-operator, aws-ebs-csi-driver, kubernetes, cluster-autoscaler, node-feature-discovery,...

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: flux-notification-controller, pulumi-kubernetes-operator, argo-workflows, melange,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: docker, dagger, helm-push, harbor-scanner-trivy, policy-controller, cri-tools, grype, docker-compose, neuvector-scanner, wolfictl, syft, melange, tekton-pipelines, k3d, buf, prometheus,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: istio-operator, helm-push, k9s, zot, cilium-cli, trivy, zarf, up, cert-manager, helm-operator, kubescape, kots, eksctl, chartmuseum, flux-helm-controller, flux-source-controller,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: istio-operator, helm-push, k9s, zot, cilium-cli, trivy, zarf, up, cert-manager, helm-operator, kubescape, kots, eksctl, chartmuseum, flux-helm-controller, flux-source-controller,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: argo-workflows, keda, external-secrets-operator, fulcio, tekton-pipelines, traefik, cilium-envoy, vexctl, falco, cloudflared, rekor, kubescape, spire-server, slsa-verifier, vault, istio-pilot-discovery, aactl, cosign, dex, gitsign, kots, cert-manager, argo-cd,...

CVE-2024-0874 vulnerabilities

Vulnerabilities for packages: cloudflared, consul,...

GHSA-888H-RM2R-VRC7 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: zot, ko, neuvector-sigstore-interface, goreleaser, vexctl, falco, melange, kubescape, slsa-verifier, aactl, gitsign, skaffold, flux-source-controller, apko, policy-controller, falcoctl, wolfictl, tekton-chains, zarf, tkn,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: grpcurl, git-lfs, calico, nri-prometheus, gitness, kubewatch, cilium-envoy, stakater-reloader, secrets-store-csi-driver, gomplate, amass, hey, nginx-stable, dotnet, terraform-provider-azurerm, envoy-ratelimit, secrets-store-csi-driver-provider-gcp, kind,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: grafana-mimir, guac, crossplane-provider-azure, k3s, keda, zot, opentofu, flux, fulcio, gitlab-kas, scorecard, tekton-pipelines, flux-image-reflector-controller, terraform, ksops, gitlab-runner, opentelemetry-collector-contrib, prometheus, kubernetes-event-exporter,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: grafana-mimir, guac, crossplane-provider-azure, k3s, keda, zot, opentofu, flux, fulcio, gitlab-kas, scorecard, tekton-pipelines, flux-image-reflector-controller, terraform, ksops, gitlab-runner, opentelemetry-collector-contrib, prometheus, kubernetes-event-exporter,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: nri-mssql, argo-workflows, git-lfs, gitlab-kas, calico, tekton-pipelines, gitness, kubewatch, secrets-store-csi-driver, gomplate, kube-state-metrics, amass, step, secrets-store-csi-driver-provider-azure, vault, terraform-provider-azurerm, thanos,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: grpcurl, timoni, aws-load-balancer-controller, dive, git-lfs, nri-prometheus, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, gomplate, kube-state-metrics, hey, vault, thanos, secrets-store-csi-driver-provider-gcp,....

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: guac, argo-workflows, k3s, newrelic-infrastructure-agent, cri-tools, k9s, timoni, zot, cadvisor, helm-operator, scorecard, tekton-pipelines, flux-image-reflector-controller, traefik, nerdctl, gitlab-runner, prometheus, crane, skopeo, loki, goreleaser, vexctl, trivy,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: grpcurl, argo-workflows, cri-tools, metallb, timoni, cilium, aws-load-balancer-controller, calico, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, nuclei,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: grafana-mimir, teleport, guac, argo-workflows, keda, zot, external-secrets-operator, flux, fulcio, tekton-pipelines, prometheus-operator, flux-image-reflector-controller, sqlpad, traefik, ksops, gitlab-runner, opentelemetry-collector-contrib, prometheus, airflow,...

CVE-2024-32473 vulnerabilities

Vulnerabilities for packages: docker, dagger, helm-push, harbor-scanner-trivy, policy-controller, cri-tools, grype, docker-compose, neuvector-scanner, wolfictl, syft, melange, tekton-pipelines, k3d, buf, prometheus,...

GHSA-M9W6-WP3H-VQ8G vulnerabilities

Vulnerabilities for packages: cloudflared, consul,...

GHSA-2HMF-46V7-V6FX vulnerabilities

Vulnerabilities for packages: external-dns, dagger, guac, zot,...

CVE-2023-29403 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

GHSA-F2CJ-5636-4J38 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

GHSA-RXX3-4978-3CC9 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...

GHSA-3F2Q-6294-FMQ5 vulnerabilities

Vulnerabilities for packages: flux-notification-controller, pulumi-kubernetes-operator, argo-workflows, melange,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: grafana-mimir, teleport, guac, argo-workflows, keda, zot, external-secrets-operator, flux, fulcio, tekton-pipelines, prometheus-operator, flux-image-reflector-controller, sqlpad, traefik, ksops, gitlab-runner, opentelemetry-collector-contrib, prometheus, airflow,...