BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, And WebSafe Security Vulnerabilities

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: spark-operator, kubernetes-dns-node-cache, aws-ebs-csi-driver, aws-efs-csi-driver, cluster-autoscaler, prometheus-adapter, calico, nodetaint,...

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: spark-operator, kubernetes-dns-node-cache, aws-ebs-csi-driver, aws-efs-csi-driver, cluster-autoscaler, prometheus-adapter, calico, nodetaint,...

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: zot, cert-manager, cilium-cli, kots, kubescape, up, istio-operator, k9s, flux-source-controller, eksctl, chartmuseum, k8sgpt, flux-helm-controller, helm-push, trivy, zarf,...

CVE-2023-49559 vulnerabilities

Vulnerabilities for packages: zot, guac, melange, dagger,...

CVE-2023-29405 vulnerabilities

Vulnerabilities for packages: kind, falco,...

GHSA-88JX-383Q-W4QC vulnerabilities

Vulnerabilities for packages: policy-controller, ko, gitsign, skaffold, zot, aactl, vexctl, wolfictl, tkn, spire-server, flux-source-controller, slsa-verifier, melange, neuvector-sigstore-interface, apko, goreleaser, kubescape, tekton-chains, falcoctl, falco,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: overmind, flux-image-reflector-controller, delve, thanos, ctop, govulncheck, hcloud, kubernetes-csi-external-resizer, pulumi-language-dotnet, trivy, jitsucom-bulker, prometheus-mysqld-exporter, traefik, kubecolor, vt-cli, regclient, mockery, influx,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, wait-for-port, nsc, nri-f5, prometheus-nats-exporter, controller-gen, nri-prometheus, kubebuilder, step, crossplane-provider-azure, k8ssandra-operator,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, prometheus-mysqld-exporter, istio-pilot-discovery, aws-load-balancer-controller, gobuster, up, memcached-exporter,...

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: policy-controller, ko, gitsign, skaffold, zot, aactl, vexctl, wolfictl, tkn, spire-server, flux-source-controller, slsa-verifier, melange, neuvector-sigstore-interface, apko, goreleaser, kubescape, tekton-chains, falcoctl, falco,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, cert-manager, kubernetes-csi-external-attacher, thanos, buildkitd, dynamic-localpv-provisioner, node-problem-detector, ko, kubevela, prometheus-blackbox-exporter, terraform, aws-efs-csi-driver, vault-csi-provider, pulumi-language-dotnet,...

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: policy-controller, ko, gitsign, skaffold, zot, aactl, vexctl, wolfictl, tkn, spire-server, flux-source-controller, slsa-verifier, melange, neuvector-sigstore-interface, apko, goreleaser, kubescape, tekton-chains, falcoctl, falco,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: cert-manager, policy-controller, ko, gitsign, cosign, fulcio, skaffold, grafana, istio-pilot-discovery, aactl, istio-operator, keda, vault, vexctl, wolfictl, external-secrets-operator, tkn, oauth2-proxy, tekton-pipelines, flux-kustomize-controller, dex, cilium,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, memcached-exporter, nvidia-device-plugin, mc,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, prometheus-mysqld-exporter, istio-pilot-discovery, aws-load-balancer-controller, gobuster, up, memcached-exporter,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, gobuster, up, memcached-exporter, bank-vaults, gatekeeper, flux, weaviate, k3s, cloud-sql-proxy, cilium-cli, nsc,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: thanos, terraform, pulumi-language-dotnet, traefik, gobuster, up, memcached-exporter, nvidia-device-plugin, mc, tomcat, neuvector-agent, gatekeeper, pulumi-language-java, weaviate, envoy-ratelimit, terraform-provider-azurerm, nri-prometheus,...

GHSA-MW99-9CHC-XW7R vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, bom, kubevela, gitsign, pulumi-language-dotnet, zot, go-licenses, src-fingerprint, pulumi-language-java, tekton-pipelines, flux-kustomize-controller, pulumi, pulumi-language-yaml, argo-cd, nuclei, scorecard, gomplate, apko, goreleaser,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: zot, cert-manager, cilium-cli, kots, kubescape, up, istio-operator, k9s, flux-source-controller, eksctl, chartmuseum, k8sgpt, flux-helm-controller, helm-push, trivy, zarf,...

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: kind, falco,...

CVE-2023-29404 vulnerabilities

Vulnerabilities for packages: kind, falco,...

GHSA-68G3-2P3G-W9PQ vulnerabilities

Vulnerabilities for packages: kind, falco,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: overmind, flux-image-reflector-controller, delve, thanos, ctop, govulncheck, hcloud, kubernetes-csi-external-resizer, pulumi-language-dotnet, trivy, jitsucom-bulker, prometheus-mysqld-exporter, traefik, kubecolor, vt-cli, regclient, mockery, influx,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: cert-manager, flux-image-reflector-controller, bom, buildkitd, ctop, policy-controller, kubevela, cri-tools, newrelic-infrastructure-agent, gitsign, cosign, flux-helm-controller, k9s, prometheus, trivy, traefik, skaffold, crane, filebeat, istio-pilot-discovery, zot,...

CVE-2023-49568 vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, bom, kubevela, gitsign, pulumi-language-dotnet, zot, go-licenses, src-fingerprint, pulumi-language-java, tekton-pipelines, flux-kustomize-controller, pulumi, pulumi-language-yaml, argo-cd, nuclei, scorecard, gomplate, apko, goreleaser,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, spark-operator, kubernetes-dns-node-cache, local-static-provisioner, aws-ebs-csi-driver, kubernetes, kubernetes-csi-driver-hostpath, cluster-autoscaler, calico, nodetaint,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: buildkitd, ctop, newrelic-infrastructure-agent, docker, k9s, trivy, syft, skaffold, zot, kubernetes, wolfictl, nvidia-device-plugin, k3s, k3d, skopeo, runc, kaniko, datadog-agent, grype, kubescape, kots, ingress-nginx-controller, telegraf, cadvisor, nerdctl,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

app.lotterease.com Cross Site Scripting vulnerability OBB-3939482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bridalpartytees.com Cross Site Scripting vulnerability OBB-3939481

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made meaning.....

tgpecatsib.tatamotors.com Cross Site Scripting vulnerability OBB-3939480

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-34102

🇮🇱 **#BringThemHome...

hanson.ad Cross Site Scripting vulnerability OBB-3939478

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

gratisspil.dk Cross Site Scripting vulnerability OBB-3939476

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

fysikoaerioellados.gr Cross Site Scripting vulnerability OBB-3939475

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lasalina.es Cross Site Scripting vulnerability OBB-3939474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CometBFT is unstability during blocksync when syncing from malicious peer

Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....

search.staffs.ac.uk Cross Site Scripting vulnerability OBB-3939471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

campion.edu.ro Cross Site Scripting vulnerability OBB-3939472

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

probabilistic-robotics.org Cross Site Scripting vulnerability OBB-3939470

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...