Classified Listing Store & Membership Addon Security Vulnerabilities

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, dotnet, nodetaint, pulumi-language-yaml, ko, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, tctl, hey, pulumi, minio, sigstore-scaffolding, cert-manager, metacontroller,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: calico, grype, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, aws-ebs-csi-driver, consul, nodetaint, cilium, k9s, pulumi-language-yaml, zot, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, kubernetes-csi-livenessprobe, trust-manager, tctl, hey, pulumi, minio, prometheus-operator,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, aactl, prometheus, flux-image-reflector-controller, consul, zot, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubescape, temporal-server, pulumi, dockerize, secrets-store-csi-driver-provider-azure, sigstore-scaffolding,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: calico, grype, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, aws-ebs-csi-driver, consul, nodetaint, cilium, k9s, pulumi-language-yaml, zot, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: cosign, filebeat, buildkitd, bank-vaults, nuclei, prometheus, fluent-bit-plugin-loki, step, flux-image-reflector-controller, tekton-pipelines, gitlab-runner, grafana, tkn, k8sgpt, falcoctl, goreleaser, zarf, zot, py3-cassandra-medusa, boring-registry,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: cosign, filebeat, buildkitd, bank-vaults, nuclei, prometheus, fluent-bit-plugin-loki, step, flux-image-reflector-controller, tekton-pipelines, gitlab-runner, grafana, tkn, k8sgpt, falcoctl, goreleaser, zarf, zot, py3-cassandra-medusa, boring-registry,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl, hey, pulumi, minio,....

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2023-2878 vulnerabilities

Vulnerabilities for packages: vault-csi-provider,...

GHSA-G82W-58JF-GCXX vulnerabilities

Vulnerabilities for packages: vault-csi-provider,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, aactl, prometheus, flux-image-reflector-controller, consul, zot, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubescape, temporal-server, pulumi, dockerize, secrets-store-csi-driver-provider-azure, sigstore-scaffolding,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, kubernetes-csi-livenessprobe, trust-manager, tctl, hey, pulumi, minio, prometheus-operator,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl, hey, pulumi, minio,....

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: calico, grype, cosign, aactl, flux-notification-controller, kubevela, buildkitd, helm, prometheus, weaviate, gitlab-pages, secrets-store-csi-driver, goreleaser, pulumi-language-yaml, ko, slsa-verifier, pulumi-kubernetes-operator, conftest, keda,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, dotnet, nodetaint, pulumi-language-yaml, ko, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, tctl, hey, pulumi, minio, sigstore-scaffolding, cert-manager, metacontroller,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1849)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...

EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1828)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1828)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...