BIG-IP, Enterprise Manager Security Vulnerabilities

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: nri-nginx, crossplane-provider-azure, cloud-sql-proxy, cni-plugins, docker-cli, prometheus-postgres-exporter, kubeflow-katib, pombump, go-licenses, gops, docker-credential-ecr-login, haproxy-ingress, kind, opentofu, cri-tools, prometheus-elasticsearch-exporter,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: petname, cass-operator, gosu, nats, cni-plugins, go-md2man, docker-cli, slsa-verifier, aactl, k3d, go-licenses, gobuster, gops, ip-masq-agent, docker-credential-ecr-login, influx, nsc, kind, prometheus-bind-exporter, render-template, aws-flb-cloudwatch, dgraph,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: petname, cass-operator, gosu, nats, cni-plugins, go-md2man, docker-cli, slsa-verifier, aactl, k3d, go-licenses, gobuster, gops, ip-masq-agent, docker-credential-ecr-login, influx, nsc, kind, prometheus-bind-exporter, render-template, aws-flb-cloudwatch, dgraph,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, istio-operator, slsa-verifier, tekton-chains, cert-manager, minio, falcoctl, cloudflared, aactl, guac, cilium, cosign, oauth2-proxy, sigstore-scaffolding, step, timestamp-authority, istio-cni, kargo, weaviate,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, cloudflared, aactl, kubeflow-katib, go-licenses, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, nerdctl, dynamic-localpv-provisioner, kubernetes-dashboard,....

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, kubeflow-katib, aactl, secrets-store-csi-driver, haproxy-ingress, kind, opentofu, influxd, prometheus-elasticsearch-exporter, dynamic-localpv-provisioner, kubernetes-dashboard, prometheus,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, kubeflow-katib, aactl, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, prometheus-elasticsearch-exporter, dynamic-localpv-provisioner, kubernetes-dashboard, prometheus,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, pulumi-language-yaml, prometheus-blackbox-exporter, flux-kustomize-controller, cluster-autoscaler, external-dns, prometheus-adapter, slsa-verifier, kubevela, cert-manager, minio, kubeflow-katib, aactl, k3d, cosign, flux-notification-controller,....

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: trivy, chartmuseum, zarf, istio-operator, flux-helm-controller, zot, cert-manager, cilium-cli, kots, flux-source-controller, k9s, k8sgpt, eksctl, helm-push, up, helm-operator,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: petname, cass-operator, gosu, nats, cni-plugins, go-md2man, docker-cli, slsa-verifier, aactl, k3d, go-licenses, gobuster, gops, ip-masq-agent, docker-credential-ecr-login, influx, nsc, kind, prometheus-bind-exporter, render-template, aws-flb-cloudwatch, dgraph,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: slsa-verifier, kubevela, cert-manager, tekton-chains, falcoctl, guac, aactl, datadog-agent, cosign, filebeat, kubeflow-katib, buildkitd, kargo, cri-tools, telegraf, policy-controller, nerdctl, cadvisor, newrelic-infrastructure-agent, prometheus, loki, falco, zot,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: nri-nginx, crossplane-provider-azure, cloud-sql-proxy, cni-plugins, docker-cli, prometheus-postgres-exporter, kubeflow-katib, pombump, go-licenses, gops, docker-credential-ecr-login, haproxy-ingress, kind, opentofu, cri-tools, prometheus-elasticsearch-exporter,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, kubernetes, node-feature-discovery, calico, cluster-autoscaler, local-static-provisioner, nodetaint, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent,...

Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-29018 DESCRIPTION: **moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By...

Federal Reserve “breached” data may actually belong to Evolve Bank

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...

Keep Your Tech Flame Alive: Trailblazer Mie Elmkvist Schneider

In this Akamai FLAME Trailblazer blog post, Mie Elmkvist Schneider from Queue-it describes the differences between being a manager and being a...

Practical Guidance For Securing Your Software Supply Chain

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who.....

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-37532)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details ** CVEID: CVE-2023-38371 DESCRIPTION: **IBM Security Access Manager uses weaker than expected cryptographic algorithms that...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details ** CVEID: CVE-2024-31883 DESCRIPTION: **IBM Security Verify Access, under certain configurations, could allow an...

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

SUSE: Security Advisory (SUSE-SU-2024:2199-1)

The remote host is missing an update for...

RHEL 9 : kernel-rt (RHSA-2024:4106)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4106 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

ROS-20240626-07

A vulnerability in the Net::CIDR::Lite module of the Perl programming language interpreter is related to bugs in the handling foreign null characters at the beginning of an IP address string. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access...

SUSE: Security Advisory (SUSE-SU-2024:2198-1)

The remote host is missing an update for...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...

ROS-20240626-10

A vulnerability in the getUnpushedChanges() function of the dependency manager for PHP Composer is related to the use of the status and reinstall commands. status, reinstall and remove commands. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary...

CVE-2024-4869 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-4869 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

Authentication Bypasses in MOVEit Transfer and MOVEit Gateway

On June 25, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer and MOVEit Gateway: CVE-2024-5806, a critical authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration; and CVE-2024-5805, a critical SFTP-associated...

CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

Cybersecurity in the SMB space — a growing threat

Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise....

CVE-2024-34142

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34142

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34141

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34141

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34142 AMS XSS - /libs/dam/cfm/components/download/clientlib/js/download.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34142 AMS XSS - /libs/dam/cfm/components/download/clientlib/js/download.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34141 AMS XSS - /libs/granite/backup/clientlibs/js/backup.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-34141 AMS XSS - /libs/granite/backup/clientlibs/js/backup.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...