BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, WebSafe Security Vulnerabilities

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, cert-manager, kubernetes-csi-external-attacher, thanos, buildkitd, dynamic-localpv-provisioner, node-problem-detector, ko, kubevela, prometheus-blackbox-exporter, terraform, aws-efs-csi-driver, vault-csi-provider, pulumi-language-dotnet,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: policy-controller, ko, gitsign, skaffold, zot, aactl, vexctl, wolfictl, tkn, spire-server, flux-source-controller, slsa-verifier, melange, neuvector-sigstore-interface, apko, goreleaser, kubescape, tekton-chains, falcoctl, falco,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: cert-manager, policy-controller, ko, gitsign, cosign, fulcio, skaffold, grafana, istio-pilot-discovery, aactl, istio-operator, keda, vault, vexctl, wolfictl, external-secrets-operator, tkn, oauth2-proxy, tekton-pipelines, flux-kustomize-controller, dex, cilium,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, memcached-exporter, nvidia-device-plugin, mc,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, prometheus-mysqld-exporter, istio-pilot-discovery, aws-load-balancer-controller, gobuster, up, memcached-exporter,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, gobuster, up, memcached-exporter, bank-vaults, gatekeeper, flux, weaviate, k3s, cloud-sql-proxy, cilium-cli, nsc,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: thanos, terraform, pulumi-language-dotnet, traefik, gobuster, up, memcached-exporter, nvidia-device-plugin, mc, tomcat, neuvector-agent, gatekeeper, pulumi-language-java, weaviate, envoy-ratelimit, terraform-provider-azurerm, nri-prometheus,...

GHSA-MW99-9CHC-XW7R vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, bom, kubevela, gitsign, pulumi-language-dotnet, zot, go-licenses, src-fingerprint, pulumi-language-java, tekton-pipelines, flux-kustomize-controller, pulumi, pulumi-language-yaml, argo-cd, nuclei, scorecard, gomplate, apko, goreleaser,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: zot, cert-manager, cilium-cli, kots, kubescape, up, istio-operator, k9s, flux-source-controller, eksctl, chartmuseum, k8sgpt, flux-helm-controller, helm-push, trivy, zarf,...

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: kind, falco,...

CVE-2023-29404 vulnerabilities

Vulnerabilities for packages: kind, falco,...

GHSA-68G3-2P3G-W9PQ vulnerabilities

Vulnerabilities for packages: kind, falco,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: overmind, flux-image-reflector-controller, delve, thanos, ctop, govulncheck, hcloud, kubernetes-csi-external-resizer, pulumi-language-dotnet, trivy, jitsucom-bulker, prometheus-mysqld-exporter, traefik, kubecolor, vt-cli, regclient, mockery, influx,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: cert-manager, flux-image-reflector-controller, bom, buildkitd, ctop, policy-controller, kubevela, cri-tools, newrelic-infrastructure-agent, gitsign, cosign, flux-helm-controller, k9s, prometheus, trivy, traefik, skaffold, crane, filebeat, istio-pilot-discovery, zot,...

CVE-2023-49568 vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, bom, kubevela, gitsign, pulumi-language-dotnet, zot, go-licenses, src-fingerprint, pulumi-language-java, tekton-pipelines, flux-kustomize-controller, pulumi, pulumi-language-yaml, argo-cd, nuclei, scorecard, gomplate, apko, goreleaser,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, spark-operator, kubernetes-dns-node-cache, local-static-provisioner, aws-ebs-csi-driver, kubernetes, kubernetes-csi-driver-hostpath, cluster-autoscaler, calico, nodetaint,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: buildkitd, ctop, newrelic-infrastructure-agent, docker, k9s, trivy, syft, skaffold, zot, kubernetes, wolfictl, nvidia-device-plugin, k3s, k3d, skopeo, runc, kaniko, datadog-agent, grype, kubescape, kots, ingress-nginx-controller, telegraf, cadvisor, nerdctl,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made meaning.....

Glastonbury ticket hijack vulnerability fixed

The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery,, denial of service, and arbitrary code execution, as described in the "Vulnerability...

Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and...

BIT-gitlab-2024-1493

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...

CVE-2024-6288

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....

CVE-2024-6288

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....

CVE-2024-5788

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

CVE-2024-5788

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....

CVE-2024-5788 Silesia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

CVE-2024-30109

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one...

CVE-2024-30109

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one...

CVE-2023-47802

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...

CVE-2023-47802

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...

CVE-2023-47802

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...

CVE-2024-30109 Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one...

CVE-2024-30109 Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one...

K000140188: PostgreSQL vulnerability CVE-2024-0985

Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...

K000140189: Linux kernel vulnerability CVE-2021-47572

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....

Exploit for CVE-2024-34102

CVE-2024-34102 POC for CVE-2024-34102. A pre-authentication...

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle...

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle...