BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), Enterprise Manager, BIG-IQ Centralized Management, F5 IWorkflow Security Vulnerabilities
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
EPSS
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
EPSS
CVE-2024-21457 Buffer Over-read in WLAN Host Communication
INformation disclosure while handling Multi-link IE in beacon...
6.5CVSS
EPSS
CVE-2024-21457 Buffer Over-read in WLAN Host Communication
INformation disclosure while handling Multi-link IE in beacon...
6.5CVSS
7.1AI Score
EPSS
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
9.2AI Score
EPSS
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...
8.1CVSS
8AI Score
EPSS
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly...
8.8CVSS
8.6AI Score
EPSS
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.3AI Score
EPSS
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.3AI Score
EPSS
CVE-2024-6424 Server-Side Request Forgery vulnerability in MESbook
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
EPSS
BIT-hubble-ui-backend-2023-27594
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....
7.3CVSS
7.1AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....
7.3CVSS
7.1AI Score
0.001EPSS
BIT-hubble-ui-backend-2023-34242
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...
5.3CVSS
5.1AI Score
0.0005EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...
5.3CVSS
5.1AI Score
0.0005EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent....
6.1CVSS
6.1AI Score
0.0004EPSS
BIT-hubble-ui-backend-2024-28249
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent....
6.1CVSS
6.1AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...
6.1CVSS
6.1AI Score
0.0004EPSS
BIT-hubble-ui-backend-2024-28250
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...
6.1CVSS
6.1AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
BIT-hubble-ui-backend-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....
7.3CVSS
7.1AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...
5.3CVSS
5.1AI Score
0.0005EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent....
6.1CVSS
6.1AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...
6.1CVSS
6.1AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities
At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...
6.7AI Score
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: dex, vault, aactl, cosign, keda, istio-pilot-discovery, kots, traefik, sops, cilium-envoy, fulcio, external-secrets-operator, terragrunt, tkn, cert-manager, flux-kustomize-controller, falco, kubescape, argo-workflows, flux-source-controller, slsa-verifier,...
7.5AI Score
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: nerdctl, syft, docker, nvidia-device-plugin, grype, k3d, kots, cadvisor, ctop, k3s, kubernetes, newrelic-infrastructure-agent, trivy, zarf, kubescape, zot, runc, ingress-nginx-controller, telegraf, datadog-agent, kaniko, buildkitd, skopeo, wolfictl, skaffold,...
8.6CVSS
9.2AI Score
0.051EPSS
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...
6.4CVSS
6.7AI Score
0.0004EPSS
Vulnerabilities for packages: kubernetes-dns-node-cache, consul,...
5.3CVSS
5.5AI Score
0.0004EPSS
7.5AI Score
Vulnerabilities for packages: bank-vaults, aactl, flux-helm-controller, cosign, keda, pulumi, rook, k3d, flux-image-reflector-controller, glab, sops, falcoctl, pulumi-kubernetes-operator, flux, flux-notification-controller, fulcio, k3s, actions-runner-controller, influxd, kargo, kubevela, nuclei,.....
6CVSS
6AI Score
0.0004EPSS
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: aactl, chartmuseum, k3d, ctop, k3s, kpt, scorecard, paranoia, goreleaser, cert-manager, bom, falco, kubescape, slsa-verifier, tekton-pipelines, up, tekton-chains, loki, skaffold,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.8AI Score
0.0004EPSS
Vulnerabilities for packages: aws-ebs-csi-driver, calico, spark-operator, cluster-autoscaler, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, node-feature-discovery, nodetaint, local-static-provisioner,...
2.7CVSS
4.3AI Score
0.0004EPSS
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: melange, argo-cd, argo-workflows, pulumi-kubernetes-operator,...
7.5CVSS
7.7AI Score
0.0005EPSS
GHSA-X84C-P2G9-RQV9 vulnerabilities
Vulnerabilities for packages: dagger, docker-compose, kaniko, harbor-scanner-trivy, helm-push, cri-tools, syft, melange, docker, neuvector-scanner, grype, buf, wolfictl, k3d, policy-controller, prometheus,...
7.5AI Score
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: aactl, falcoctl, ko, goreleaser, tkn, zarf, melange, falco, kubescape, slsa-verifier, flux-source-controller, policy-controller, neuvector-sigstore-interface, zot, gitsign, tekton-chains, wolfictl, skaffold, apko, spire-server,...
7.5AI Score
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: helm, flux-helm-controller, cilium-cli, fuse-overlayfs-snapshotter, eksctl, grype, k3d, kots, ctop, neuvector-agent, kubevela, newrelic-infrastructure-agent, trivy, cert-manager, melange, kubescape, flux-source-controller, zot, tekton-pipelines, telegraf, kaniko,...
7.5AI Score
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, cosign, keda, syft, velero, cilium-cli, prometheus-beat-exporter, kots, restic, rook, rqlite, falcoctl, spicedb, vertical-pod-autoscaler, flux, configmap-reload, flux-notification-controller, fulcio, prometheus-stackdriver-exporter, dagger,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, istio-envoy, flux-notification-controller, prometheus-stackdriver-exporter, dgraph, nri-prometheus, ip-masq-agent, nginx-stable, goreleaser, minio, cert-manager, sigstore-scaffolding, envoy-ratelimit,...
7.5CVSS
9AI Score
0.732EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: bank-vaults, aactl, flux-helm-controller, cosign, keda, pulumi, rook, k3d, flux-image-reflector-controller, glab, sops, falcoctl, pulumi-kubernetes-operator, flux, flux-notification-controller, fulcio, k3s, actions-runner-controller, influxd, kargo, kubevela, nuclei,.....
7.5AI Score
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, falcoctl, vertical-pod-autoscaler, flux, flux-notification-controller, prometheus-stackdriver-exporter, yq, dgraph, nri-prometheus, prometheus-pushgateway, trillian, goreleaser, prometheus-postgres-exporter,....
6.1CVSS
7.3AI Score
0.001EPSS