Com-Server Highspeed 19" 1Port Security Vulnerabilities

cottrellchiro.com Cross Site Scripting vulnerability OBB-3934766

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...

linux-aws, linux-oracle vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-19

CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-19. This CVE either no longer is or was never...

CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-19

CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-19. This CVE either no longer is or was never...

CVE-2021-3611 affecting package qemu 6.2.0-19

CVE-2021-3611 affecting package qemu 6.2.0-19. No patch is available...

CVE-2022-3162 affecting package keda 2.4.0-19

CVE-2022-3162 affecting package keda 2.4.0-19. No patch is available...

CVE-2022-3162 affecting package rook 1.6.2-19

CVE-2022-3162 affecting package rook 1.6.2-19. No patch is available...

CVE-2022-0530 affecting package unzip 6.0-19

CVE-2022-0530 affecting package unzip 6.0-19. No patch is available...

CVE-2022-0529 affecting package unzip 6.0-19

CVE-2022-0529 affecting package unzip 6.0-19. No patch is available...

[slackware-security] cups

New cups packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.9-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: When starting the cupsd server with a...

TellYouThePass Ransomware Exploits Critical PHP Flaw, Patch NOW

Urgent alert for PHP users: Update your server immediately to protect against the newly exploited CVE-2024-4577 by...

CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...

Jupyter Server Proxy has a reflected XSS issue in host parameter

Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...

Jupyter Server Proxy has a reflected XSS issue in host parameter

Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: wolfictl, goreleaser, aactl, melange, apko, flux-source-controller, gitsign, tkn, slsa-verifier, skaffold, falcoctl, ko, falco, vexctl, policy-controller, neuvector-sigstore-interface, kubescape, zot, tekton-chains, zarf,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: cloudflared, kots, dex, sops, flux-kustomize-controller, cosign, tekton-pipelines, aactl, flux-source-controller, gitsign, cilium-envoy, vault, keda, kyverno, oauth2-proxy, external-secrets-operator, tkn, rekor, slsa-verifier, fulcio, traefik, argo-workflows,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: conftest, loki, wolfictl, datadog-agent, crossplane, kaniko, syft, cadvisor, goreleaser, docker-compose, buildkitd, aactl, melange, buf, tkn, kargo, prometheus, dagger, ko, grype, trivy, kubescape, zot, telegraf, ctop, spire-server,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kubernetes-csi-external-attacher, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, tctl,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: vault, kine, caddy, keda, kots, kube-bench, temporal-server, amass, k3s, spicedb, telegraf, src, trillian, step-ca, argo-workflows,...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: datadog-agent, py3-pymongo,...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, falco,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...

GHSA-M87M-MMVP-V9QM vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-20994 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21047 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21062 vulnerabilities

Vulnerabilities for packages:...

GHSA-5XQ9-RCPJ-P52V vulnerabilities

Vulnerabilities for packages:...

GHSA-88H4-JW57-85V9 vulnerabilities

Vulnerabilities for packages:...

GHSA-R27R-5FWH-VXQW vulnerabilities

Vulnerabilities for packages:...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: conftest, loki, wolfictl, datadog-agent, crossplane, kaniko, syft, cadvisor, goreleaser, docker-compose, buildkitd, aactl, melange, buf, tkn, kargo, prometheus, dagger, ko, grype, trivy, kubescape, zot, telegraf, ctop, spire-server,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kots, kubernetes-csi-external-attacher, cilium-cli, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, timestamp-authority, kubernetes-csi-external-snapshotter, haproxy-ingress,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: vault, kine, caddy, keda, kots, kube-bench, temporal-server, amass, k3s, spicedb, telegraf, src, trillian, step-ca, argo-workflows,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: envoy-ratelimit, nodetaint, kots, kubernetes-csi-external-attacher, kubernetes-csi-livenessprobe, haproxy-ingress, tctl, scorecard, gitlab-runner, aactl, bom, wireguard-go, nri-prometheus, kyverno, mc, terraform, prometheus, cert-manager, skaffold, thanos, kpt,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: nodetaint, kubernetes-csi-external-attacher, cilium-cli, timestamp-authority, haproxy-ingress, tctl, supercronic, sops, ghaudit, wireguard-go, go-md2man, trillian, prometheus, thanos, pulumi-language-java, dagdotdev, restic, harbor-registry, spire-server, kubebuilder,....

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-attacher, cilium-cli, node-feature-discovery, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, go-licenses, secrets-store-csi-driver-provider-azure, snyk-cli, k3d, harbor-scanner-trivy, mkcert,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-attacher, cilium-cli, node-feature-discovery, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, go-licenses, secrets-store-csi-driver-provider-azure, snyk-cli, k3d, harbor-scanner-trivy, mkcert,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: metrics-server, go-licenses, k3d, kubernetes-dashboard-metrics-scraper, hey, cni-plugins, sops, cass-operator, scorecard, aws-flb-kinesis, goreleaser, oras, protoc-gen-go-grpc, aws-flb-firehose, docker-credential-ecr-login, influx, smarter-device-manager, gops, aactl,....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: nodetaint, kots, kubernetes-csi-external-attacher, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, tctl, k3d, gitlab-runner, aactl, bom, wireguard-go, nri-prometheus, kyverno, mc, k8sgpt-operator, terraform, trillian, prometheus,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: kots, cilium-cli, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, k3d, sops, scorecard, gitlab-runner, libssh2, libssh, aactl, local-path-provisioner, bom, gitsign, dockerize, wireguard-go, kyverno, terraform, kubernetes-event-exporter,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kots, kubernetes-csi-external-attacher, cilium-cli, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, timestamp-authority, kubernetes-csi-external-snapshotter, haproxy-ingress,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kubernetes-csi-external-attacher, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, tctl,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kubernetes-csi-external-attacher, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, tctl,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: az, jwt-tool, k8s-sidecar, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, kubeflow-pipelines, datadog-agent, ggshield, dask-gateway, py3.10-tensorflow-core, confluent-docker-utils, py3-idna,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: az, jwt-tool, k8s-sidecar, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, kubeflow-pipelines, datadog-agent, ggshield, dask-gateway, py3.10-tensorflow-core, confluent-docker-utils, py3-idna,...