BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud And Orchestration, IWorkflow, Enterprise Manager Security Vulnerabilities

Malwarebytes Premium stops 100% of malware during AV Lab test

Malwarebytes Premium has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...

bo-systems.nl Cross Site Scripting vulnerability OBB-3939080

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka...

lvs.co.kr Cross Site Scripting vulnerability OBB-3939074

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Practical Guidance For Securing Your Software Supply Chain

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who.....

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and....

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-37532)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: envoy-ratelimit, gobuster, nats, aws-efs-csi-driver, thanos, kots, kubernetes-csi-livenessprobe, external-dns, grype, ollama, pulumi-language-dotnet, tctl, metacontroller, tomcat, vault-csi-provider, prometheus, up, gitlab-runner, telegraf,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: kubescape, cosign, dex, vexctl, cert-manager, rekor, tekton-pipelines, slsa-verifier, sops, tkn, argo-workflows, oauth2-proxy, kots, terragrunt, spire-server, argo-cd, aactl, kyverno, tekton-chains, external-secrets-operator, gitsign, cloudflared, fulcio,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, falcoctl, nats, trillian, osv-scanner, step-ca, kaniko, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, capslock, k8sgpt, datadog-agent, kots, kubeadm-bootstrap-controller, spicedb, temporal-server,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: eksctl, cilium-cli, kubescape, up, cert-manager, k9s, flux-source-controller, istio-operator, trivy, zot, zarf, k8sgpt, helm-operator, flux-helm-controller, helm-push, kots,...

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: melange, pulumi-kubernetes-operator, argo-cd, flux-notification-controller,...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: kubernetes-dns-node-cache, ip-masq-agent, kubernetes, spark-operator, aws-ebs-csi-driver, cluster-autoscaler, node-feature-discovery, kubernetes-csi-driver-hostpath, local-static-provisioner, nodetaint,...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: harbor-scanner-trivy, docker, melange, k3d, prometheus, wolfictl, docker-compose, buf, grype, kaniko, neuvector-scanner, tekton-pipelines, syft, dagger, cri-tools, helm-push,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: docker, kubescape, ingress-nginx-controller, kaniko, newrelic-infrastructure-agent, datadog-agent, nvidia-device-plugin, kots, k3s, buildkitd, grype, nerdctl, zarf, runc, trivy, skopeo, wolfictl, telegraf, ctop, syft, k9s, skaffold, k3d, kubernetes, cadvisor,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: kubescape, helm, cert-manager, kaniko, tekton-pipelines, newrelic-infrastructure-agent, fuse-overlayfs-snapshotter, helm-push, kots, eksctl, gitness, grype, trivy, melange, up, telegraf, ctop, neuvector-agent, skaffold, cilium-cli, k3d, flux-source-controller, zot,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: eksctl, cilium-cli, kubescape, up, cert-manager, k9s, flux-source-controller, istio-operator, trivy, zot, zarf, k8sgpt, helm-operator, flux-helm-controller, helm-push, kots,...

CVE-2024-0874 vulnerabilities

Vulnerabilities for packages: cloudflared, kubernetes-dns-node-cache,...

GHSA-888H-RM2R-VRC7 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: kubescape, falcoctl, vexctl, tkn, slsa-verifier, policy-controller, spire-server, aactl, neuvector-sigstore-interface, zarf, goreleaser, tekton-chains, gitsign, melange, wolfictl, apko, skaffold, flux-source-controller, falco, zot,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cosign, falcoctl, kubescape, influxd, terraform, loki, step-ca, vexctl, flux, cert-manager, gomplate, bank-vaults, rekor, slsa-verifier, sops, tekton-pipelines, guac, tkn, snyk-cli, k3s, opentofu, policy-controller, buildkitd, spire-server,.....

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: kubescape, loki, cert-manager, tekton-pipelines, slsa-verifier, kpt, k3s, aactl, goreleaser, tekton-chains, paranoia, prometheus, up, ctop, scorecard, skaffold, chartmuseum, k3d, bom,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, spicedb, temporal-server, velero-plugin-for-aws, ollama, timestamp-authority, pulumi-language-dotnet, hubble, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, falcoctl, trillian, osv-scanner, step-ca, logstash, flyte, aws-efs-csi-driver, thanos, go, gosu, capslock, jitsucom-bulker, k8sgpt, kubernetes-csi-external-provisioner, local-static-provisioner, dask-gateway, snyk-cli, helm-push,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, snyk-cli, spicedb, velero-plugin-for-aws, ollama, kube-vip, timestamp-authority, pulumi-language-dotnet, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic, nri-nginx,....

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cosign, falcoctl, kubescape, influxd, terraform, loki, step-ca, vexctl, flux, cert-manager, gomplate, bank-vaults, rekor, slsa-verifier, sops, tekton-pipelines, guac, tkn, snyk-cli, k3s, opentofu, policy-controller, buildkitd, spire-server,.....

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: gobuster, nats, dgraph, render-template, flannel-cni-plugin, sbom-scorecard, gitlab-logger, slsa-verifier, gosu, prometheus-stackdriver-exporter, sops, cni-plugins, gke-gcloud-auth-plugin, gops, helm-push, cortex, docker-cli, sonobuoy, aactl, wait-for-port,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, trillian, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, k8sgpt, kots, kubernetes-csi-livenessprobe, prometheus-statsd-exporter, external-dns, ollama, aws-ebs-csi-driver, pulumi-language-dotnet,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: kubescape, cosign, falcoctl, loki, helm, vexctl, cert-manager, tekton-pipelines, newrelic-infrastructure-agent, slsa-verifier, cri-tools, guac, k8sgpt, argo-workflows, flux-image-reflector-controller, datadog-agent, kots, k3s, policy-controller, buildkitd, eksctl,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...

GHSA-753J-MPMX-QQ6G vulnerabilities

Vulnerabilities for packages: airflow, dask-gateway,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: kubescape, cosign, falcoctl, loki, step-ca, flux, cert-manager, flyte, bank-vaults, harbor-registry, rekor, sops, tekton-pipelines, guac, thanos, k8sgpt, argo-workflows, tkn, terragrunt, boring-registry, policy-controller, buildkitd, airflow, spire-server, cortex,...

GHSA-3F2Q-6294-FMQ5 vulnerabilities

Vulnerabilities for packages: melange, pulumi-kubernetes-operator, argo-cd, flux-notification-controller,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, az, py3-idna, kubeflow-pipelines, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, confluent-docker-utils, kubeflow-katib, datadog-agent, k8s-sidecar, kubeflow-jupyter-web-app, py3.10-tensorflow-core, ggshield, dask-gateway,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, az, py3-idna, kubeflow-pipelines, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, confluent-docker-utils, kubeflow-katib, datadog-agent, k8s-sidecar, kubeflow-jupyter-web-app, py3.10-tensorflow-core, ggshield, dask-gateway,...

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: keda, prometheus, up, kubernetes, cert-manager, kubevela, gitlab-kas, thanos, prometheus-adapter, ipfs, k3s, calico, gatekeeper,...

GHSA-M9W6-WP3H-VQ8G vulnerabilities

Vulnerabilities for packages: cloudflared, kubernetes-dns-node-cache,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, superset, confluent-docker-utils, reflex, kubeflow-jupyter-web-app, py3-jinja2, dask-gateway,...

GHSA-2HMF-46V7-V6FX vulnerabilities

Vulnerabilities for packages: melange, external-dns, guac, dagger,...

GHSA-5M98-QGG9-WH84 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-30251 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, falcoctl, nats, trillian, osv-scanner, step-ca, kaniko, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, capslock, k8sgpt, datadog-agent, kots, kubeadm-bootstrap-controller, spicedb, temporal-server,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, nats, trillian, step-ca, thanos, helm-push, kots, temporal-server, prometheus-statsd-exporter, external-dns, grype, ollama, nerdctl, crossplane-provider-aws, tekton-chains, vault-csi-provider, trivy, prometheus, up,...

CVE-2024-32473 vulnerabilities

Vulnerabilities for packages: harbor-scanner-trivy, docker, melange, k3d, prometheus, wolfictl, docker-compose, buf, grype, kaniko, neuvector-scanner, tekton-pipelines, syft, dagger, cri-tools, helm-push,...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: keda, prometheus, up, kubernetes, cert-manager, kubevela, gitlab-kas, thanos, prometheus-adapter, ipfs, k3s, calico, gatekeeper,...

CVE-2023-29403 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

GHSA-F2CJ-5636-4J38 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...