CMP – Coming Soon & Maintenance Plugin By NiteoThemes Security Vulnerabilities

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: cni-plugins, cilium-envoy, kubernetes-dashboard-metrics-scraper, go-bindata, prometheus-stackdriver-exporter, falco, wait-for-port, slsa-verifier, render-template, configmap-reload, docker-cli, scorecard, kind, ip-masq-agent, mage, aws-flb-kinesis,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: cni-plugins, cilium-envoy, kubernetes-dashboard-metrics-scraper, go-bindata, prometheus-stackdriver-exporter, falco, wait-for-port, slsa-verifier, render-template, configmap-reload, docker-cli, scorecard, kind, ip-masq-agent, mage, aws-flb-kinesis,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: trust-manager, nodetaint, gomplate, prometheus-operator, prometheus-postgres-exporter, aws-efs-csi-driver, containerd, tctl, node-problem-detector, newrelic-infrastructure-agent, src, telegraf, tkn, skaffold, prometheus-adapter, buildkitd, apko, oauth2-proxy, kpt,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: trust-manager, nodetaint, gomplate, prometheus-operator, prometheus-postgres-exporter, kubernetes-dns-node-cache, aws-efs-csi-driver, containerd, tctl, node-problem-detector, newrelic-infrastructure-agent, src, telegraf, istio-operator, tkn, skaffold,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: cilium-envoy, prometheus, kubernetes-csi-livenessprobe, prometheus-stackdriver-exporter, influxd, dynamic-localpv-provisioner, helm, falco, pulumi-kubernetes-operator, gitlab-pages, cosign, coredns, slsa-verifier, up, grype, secrets-store-csi-driver, spark-operator,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: cilium-envoy, nodetaint, gomplate, aws-efs-csi-driver, tctl, node-problem-detector, newrelic-infrastructure-agent, src, telegraf, skaffold, envoy-ratelimit, prometheus-adapter, buildkitd, oauth2-proxy, kpt, grpcurl, pulumi-language-java, pulumi-language-yaml, pulumi,.....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: local-static-provisioner, trust-manager, docker-credential-acr-env, gomplate, stern, nats-server, delve, regclient, helm-operator, kubernetes-dns-node-cache, dask-gateway, grafana-agent-operator, step, aws-efs-csi-driver, spegel, containerd, mage,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: cni-plugins, local-static-provisioner, gomplate, nats-server, vexctl, nri-elasticsearch, nri-jmx, xcaddy, yam, newrelic-infrastructure-agent, spire-server, ipfs, nri-nginx, telegraf, flannel-cni-plugin, cadvisor, gobump, sbom-scorecard, ytt,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: nerdctl, docker, ingress-nginx-controller, runc, grype, kots, newrelic-infrastructure-agent, telegraf, k9s, skaffold, nvidia-device-plugin, buildkitd, kubernetes, kubescape, cadvisor, ctop, zarf, skopeo, zot, k3s, wolfictl, syft, k3d, trivy, datadog-agent,...

CVE-2024-6405

The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...

CVE-2024-6405

The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...

CVE-2024-6405 Floating Social Buttons <= 1.5 - Cross-Site Request Forgery

The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...

bartlettltd.co.uk Cross Site Scripting vulnerability OBB-3939500

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-28795

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2023-50952

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-31898

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-28794

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-28797

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-28798

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2023-35022

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-35119

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2023-50964

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2023-50953

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2023-50954

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-31902

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

Exploit for CVE-2024-34102

🚨 CVE-2024-34102 Exploit Script 🚨 Description This...

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Oracle MySQL Connectors (CVE-2023-22102)

Summary A vulnerability in Oracle MySQL Connectors used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-22102 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote attacker to cause.....

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc

Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details ** CVEID: CVE-2024-35153 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

Security Bulletin: IBM InfoSphere Information Server is affected by a code execution vulnerability in Eclipse JGit (CVE-2023-4759)

Summary A code execution vulnerability in Eclipse JGit used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-4759 DESCRIPTION: **Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2023-3817 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check()...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details ** CVEID: CVE-2024-27268 DESCRIPTION: **IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in tqdm (CVE-2024-34062)

Summary A vulnerability in tqdm used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-34062 DESCRIPTION: **tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Psf Requests (CVE-2024-35195)

Summary A vulnerability in Psf Requests used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35195 DESCRIPTION: **Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in XNIO (CVE-2023-5685)

Summary A vulnerability in XNIO used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-5685 DESCRIPTION: **XNIO is vulnerable to a denial of service, caused by a stack overflow exception when the chain of notifier states becomes problematically large. By...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes

Summary Multiple vulnerabilities in Kubernetes used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2020-8562 DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use...

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

Metasploit Weekly Wrap-Up 06/28/2024

Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...