BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, FPS, Link Controller, PEM, WebAccelerator) Security Vulnerabilities

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: helm-operator, flux-source-controller, kots, k8sgpt, trivy, zarf, k9s, cert-manager, eksctl, helm-push, chartmuseum, kubescape, flux-helm-controller, up, zot, cilium-cli,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: reflex, dask-gateway, py3-jinja2, confluent-docker-utils, kubeflow-volumes-web-app, superset, kubeflow-jupyter-web-app,...

CVE-2024-27306 vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa,...

CVE-2023-29405 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

GHSA-88JX-383Q-W4QC vulnerabilities

Vulnerabilities for packages: skaffold, policy-controller, wolfictl, apko, slsa-verifier, goreleaser, flux-source-controller, neuvector-sigstore-interface, aactl, falcoctl, tkn, tekton-chains, ko, spire-server, vexctl, gitsign, zarf, kubescape, zot, falco,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, ksops, wireguard-go, go, neuvector-scanner, aws-ebs-csi-driver, guac, http-echo, capslock, git-lfs, grafana-rollout-operator, gobump, sops, kubernetes-dns-node-cache, kubeadm-bootstrap-controller,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: configmap-reload, nuclei, k8sgpt, k8ssandra-operator, nri-cassandra, http-echo, gobump, tigera-operator, aws-network-policy-agent, aws-load-balancer-controller, grpcurl, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, dagger, k8ssandra-operator, nri-cassandra, http-echo, gobump, aws-load-balancer-controller, grpcurl, logstash, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi, speedtest-go,...

CVE-2023-46737 vulnerabilities

Vulnerabilities for packages: cosign, tekton-chains, skaffold, apko, aactl, slsa-verifier, kubescape, tkn, falco, spire-server, ko, policy-controller, goreleaser,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, wireguard-go, go, aws-ebs-csi-driver, git-lfs, apko, kubernetes-dns-node-cache, oauth2-proxy, istio-pilot-agent, aws-load-balancer-controller, grpcurl, istio-cni, spark-operator, pulumi-language-java,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: boring-registry, rclone, skaffold, flux-image-automation-controller, vault, pulumi-language-yaml, policy-controller, pulumi-kubernetes-operator, flux-notification-controller, kaniko, sops, wolfictl, apko, slsa-verifier, actions-runner-controller, flux, goreleaser,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, oras, configmap-reload, nsc, vertical-pod-autoscaler, flannel-cni-plugin, prometheus-stackdriver-exporter, sbom-scorecard, influx, dgraph, protoc-gen-go-grpc, nri-discovery-kubernetes, kubernetes-dashboard-metrics-scraper, hey, go-bindata,...

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: skaffold, policy-controller, wolfictl, apko, slsa-verifier, goreleaser, flux-source-controller, neuvector-sigstore-interface, aactl, falcoctl, tkn, tekton-chains, ko, spire-server, vexctl, gitsign, zarf, kubescape, zot, falco,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, wireguard-go, go, aws-ebs-csi-driver, git-lfs, apko, kubernetes-dns-node-cache, oauth2-proxy, istio-pilot-agent, aws-load-balancer-controller, grpcurl, istio-cni, spark-operator, pulumi-language-java,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: libssh2, temporal-ui-server, kaf, wireguard-go, temporal, git-lfs, sops, apko, tigera-operator, oauth2-proxy, istio-pilot-agent, istio-cni, docker-credential-acr-env, argo-workflows, grpc-health-probe, spark-operator, kube-rbac-proxy, flux-source-controller,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

CVE-2024-37891 vulnerabilities

Vulnerabilities for packages: mlflow, dask-gateway, ggshield, kubeflow-katib, az, confluent-docker-utils, py3-urllib3, kubeflow-volumes-web-app, superset, py3-cassandra-medusa, k8s-sidecar, kubeflow-jupyter-web-app, airflow, reflex,...

GHSA-MW99-9CHC-XW7R vulnerabilities

Vulnerabilities for packages: nuclei, pulumi-language-yaml, kots, pulumi-kubernetes-operator, apko, bom, goreleaser, pulumi-language-java, tekton-pipelines, pulumi-language-dotnet, argo-cd, gomplate, go-licenses, gitness, gitsign, flux-kustomize-controller, kubevela, pulumi, scorecard,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: helm-operator, flux-source-controller, kots, k8sgpt, trivy, zarf, k9s, cert-manager, eksctl, helm-push, chartmuseum, kubescape, flux-helm-controller, up, zot, cilium-cli,...

GHSA-7GPW-8WMC-PM8G vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa,...

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

GHSA-68G3-2P3G-W9PQ vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-20

CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-20. This CVE either no longer is or was never...

CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-20

CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-20. This CVE either no longer is or was never...

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: skaffold, policy-controller, wolfictl, apko, slsa-verifier, goreleaser, flux-source-controller, neuvector-sigstore-interface, aactl, falcoctl, tkn, tekton-chains, ko, spire-server, vexctl, gitsign, zarf, kubescape, zot, falco,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, dagger, k8ssandra-operator, nri-cassandra, http-echo, gobump, aws-load-balancer-controller, grpcurl, logstash, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi, speedtest-go,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, oras, configmap-reload, nsc, vertical-pod-autoscaler, flannel-cni-plugin, prometheus-stackdriver-exporter, sbom-scorecard, influx, dgraph, protoc-gen-go-grpc, nri-discovery-kubernetes, kubernetes-dashboard-metrics-scraper, hey, go-bindata,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, oras, configmap-reload, nsc, vertical-pod-autoscaler, flannel-cni-plugin, prometheus-stackdriver-exporter, sbom-scorecard, influx, dgraph, protoc-gen-go-grpc, nri-discovery-kubernetes, kubernetes-dashboard-metrics-scraper, hey, go-bindata,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: step-ca, skopeo, skaffold, cilium, dgraph, vault, containerd, istio-pilot-discovery, timestamp-authority, guac, policy-controller, rook, minio, cloudflared, wolfictl, apko, slsa-verifier, oauth2-proxy, istio-pilot-agent, kargo, istio-cni, argo-workflows, goreleaser,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, wireguard-go, aws-ebs-csi-driver, git-lfs, apko, oauth2-proxy, aws-load-balancer-controller, grpcurl, spark-operator, pulumi-language-java, flux-source-controller, kubeflow-katib, prometheus-mongodb-exporter,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: neuvector-agent, prometheus-stackdriver-exporter, gitlab-pages, dgraph, kubernetes-csi-external-attacher, prometheus, src, coredns, pulumi-language-yaml, cluster-autoscaler, kots, cortex, dynamic-localpv-provisioner, flux-notification-controller, k3d, minio,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-gcp, kaf, wireguard-go, git-lfs, oauth2-proxy, grpcurl, spark-operator, pulumi-language-java, flux-source-controller, kubeflow-katib, dotnet, weaviate, atlantis, gitlab-runner, kind, buildkitd, keda, cert-manager,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

CVE-2023-29404 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, ksops, wireguard-go, go, neuvector-scanner, aws-ebs-csi-driver, guac, http-echo, capslock, git-lfs, grafana-rollout-operator, gobump, sops, kubernetes-dns-node-cache, kubeadm-bootstrap-controller,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, dagger, k8ssandra-operator, nri-cassandra, http-echo, gobump, aws-load-balancer-controller, grpcurl, logstash, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi, speedtest-go,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: kubernetes, trivy, skopeo, skaffold, ingress-nginx-controller, kots, k3d, kaniko, newrelic-infrastructure-agent, wolfictl, ctop, telegraf, k3s, nvidia-device-plugin, cadvisor, syft, runc, buildkitd, grype, zarf, nerdctl, docker, k9s, kubescape, zot,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: dask-gateway, py3-urllib3, kubeflow-volumes-web-app, kube-downscaler, kubeflow-jupyter-web-app,...

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: dask-gateway, py3-urllib3, kubeflow-volumes-web-app, kube-downscaler, kubeflow-jupyter-web-app,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: trivy, k8sgpt, dagger, skopeo, skaffold, cri-tools, timoni, prometheus, istio-pilot-discovery, guac, policy-controller, docker-credential-gcr, kots, newrelic-infrastructure-agent, kyverno, flux-image-reflector-controller, filebeat, helm, ctop, slsa-verifier, telegraf,....

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

GHSA-W235-7P84-XX57 vulnerabilities

Vulnerabilities for packages: airflow, py3-tornado,...

GHSA-34JH-P97F-MPXF vulnerabilities

Vulnerabilities for packages: mlflow, dask-gateway, ggshield, kubeflow-katib, az, confluent-docker-utils, py3-urllib3, kubeflow-volumes-web-app, superset, py3-cassandra-medusa, k8s-sidecar, kubeflow-jupyter-web-app, airflow, reflex,...

CVE-2023-49568 vulnerabilities

Vulnerabilities for packages: nuclei, pulumi-language-yaml, kots, pulumi-kubernetes-operator, apko, bom, goreleaser, pulumi-language-java, tekton-pipelines, pulumi-language-dotnet, argo-cd, gomplate, go-licenses, gitness, gitsign, flux-kustomize-controller, kubevela, pulumi, scorecard,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, kubernetes-csi-driver-hostpath, kubernetes, calico, local-static-provisioner, kubernetes-dns-node-cache, nodetaint, aws-ebs-csi-driver, cluster-autoscaler, ip-masq-agent,...

CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15

CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15. A patched version of the package is...

Metasploit Weekly Wrap-Up 06/28/2024

Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...

CVE-2024-38518 bbb-web API additional parameters considered

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....