cottrellchiro.com Cross Site Scripting vulnerability OBB-3934766
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
EPSS
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
8.4AI Score
EPSS
linux-aws, linux-oracle vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
7.5AI Score
0.002EPSS
CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-19
CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-19. This CVE either no longer is or was never...
5.5CVSS
6.6AI Score
0.001EPSS
CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-19
CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-19. This CVE either no longer is or was never...
7.5CVSS
7.8AI Score
0.005EPSS
CVE-2021-3611 affecting package qemu 6.2.0-19
CVE-2021-3611 affecting package qemu 6.2.0-19. No patch is available...
6.5CVSS
7AI Score
0.001EPSS
CVE-2022-3162 affecting package keda 2.4.0-19
CVE-2022-3162 affecting package keda 2.4.0-19. No patch is available...
6.5CVSS
7AI Score
0.001EPSS
CVE-2022-3162 affecting package rook 1.6.2-19
CVE-2022-3162 affecting package rook 1.6.2-19. No patch is available...
6.5CVSS
7AI Score
0.001EPSS
CVE-2022-0530 affecting package unzip 6.0-19
CVE-2022-0530 affecting package unzip 6.0-19. No patch is available...
5.5CVSS
5.9AI Score
0.002EPSS
CVE-2022-0529 affecting package unzip 6.0-19
CVE-2022-0529 affecting package unzip 6.0-19. No patch is available...
5.5CVSS
5.9AI Score
0.002EPSS
New cups packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.9-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: When starting the cupsd server with a...
4.4CVSS
7.3AI Score
EPSS
TellYouThePass Ransomware Exploits Critical PHP Flaw, Patch NOW
Urgent alert for PHP users: Update your server immediately to protect against the newly exploited CVE-2024-4577 by...
9.8CVSS
7AI Score
0.249EPSS
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
EPSS
Jupyter Server Proxy has a reflected XSS issue in host parameter
Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...
9.6CVSS
5.8AI Score
EPSS
Jupyter Server Proxy has a reflected XSS issue in host parameter
Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...
9.6CVSS
6AI Score
EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: wolfictl, goreleaser, aactl, melange, apko, flux-source-controller, gitsign, tkn, slsa-verifier, skaffold, falcoctl, ko, falco, vexctl, policy-controller, neuvector-sigstore-interface, kubescape, zot, tekton-chains, zarf,...
7.5AI Score
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: cloudflared, kots, dex, sops, flux-kustomize-controller, cosign, tekton-pipelines, aactl, flux-source-controller, gitsign, cilium-envoy, vault, keda, kyverno, oauth2-proxy, external-secrets-operator, tkn, rekor, slsa-verifier, fulcio, traefik, argo-workflows,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: conftest, loki, wolfictl, datadog-agent, crossplane, kaniko, syft, cadvisor, goreleaser, docker-compose, buildkitd, aactl, melange, buf, tkn, kargo, prometheus, dagger, ko, grype, trivy, kubescape, zot, telegraf, ctop, spire-server,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kubernetes-csi-external-attacher, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, tctl,...
7.8AI Score
0.0004EPSS
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: vault, kine, caddy, keda, kots, kube-bench, temporal-server, amass, k3s, spicedb, telegraf, src, trillian, step-ca, argo-workflows,...
9.8CVSS
9.7AI Score
0.0004EPSS
5.5AI Score
0.0004EPSS
7.5AI Score
CVE-2024-28219 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...
6.7CVSS
7AI Score
0.0004EPSS
7.5AI Score
7.8CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.8CVSS
7.1AI Score
0.0004EPSS
5.3CVSS
6.1AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: conftest, loki, wolfictl, datadog-agent, crossplane, kaniko, syft, cadvisor, goreleaser, docker-compose, buildkitd, aactl, melange, buf, tkn, kargo, prometheus, dagger, ko, grype, trivy, kubescape, zot, telegraf, ctop, spire-server,...
5.9CVSS
5.9AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kots, kubernetes-csi-external-attacher, cilium-cli, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, timestamp-authority, kubernetes-csi-external-snapshotter, haproxy-ingress,...
7.5AI Score
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: vault, kine, caddy, keda, kots, kube-bench, temporal-server, amass, k3s, spicedb, telegraf, src, trillian, step-ca, argo-workflows,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: envoy-ratelimit, nodetaint, kots, kubernetes-csi-external-attacher, kubernetes-csi-livenessprobe, haproxy-ingress, tctl, scorecard, gitlab-runner, aactl, bom, wireguard-go, nri-prometheus, kyverno, mc, terraform, prometheus, cert-manager, skaffold, thanos, kpt,...
7.5CVSS
9AI Score
0.732EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nodetaint, kubernetes-csi-external-attacher, cilium-cli, timestamp-authority, haproxy-ingress, tctl, supercronic, sops, ghaudit, wireguard-go, go-md2man, trillian, prometheus, thanos, pulumi-language-java, dagdotdev, restic, harbor-registry, spire-server, kubebuilder,....
6.8AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-attacher, cilium-cli, node-feature-discovery, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, go-licenses, secrets-store-csi-driver-provider-azure, snyk-cli, k3d, harbor-scanner-trivy, mkcert,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-attacher, cilium-cli, node-feature-discovery, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, go-licenses, secrets-store-csi-driver-provider-azure, snyk-cli, k3d, harbor-scanner-trivy, mkcert,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: metrics-server, go-licenses, k3d, kubernetes-dashboard-metrics-scraper, hey, cni-plugins, sops, cass-operator, scorecard, aws-flb-kinesis, goreleaser, oras, protoc-gen-go-grpc, aws-flb-firehose, docker-credential-ecr-login, influx, smarter-device-manager, gops, aactl,....
7.5CVSS
7.9AI Score
0.001EPSS
Vulnerabilities for packages: nodetaint, kots, kubernetes-csi-external-attacher, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, tctl, k3d, gitlab-runner, aactl, bom, wireguard-go, nri-prometheus, kyverno, mc, k8sgpt-operator, terraform, trillian, prometheus,...
6.1CVSS
7.2AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: kots, cilium-cli, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, k3d, sops, scorecard, gitlab-runner, libssh2, libssh, aactl, local-path-provisioner, bom, gitsign, dockerize, wireguard-go, kyverno, terraform, kubernetes-event-exporter,...
5.9CVSS
7.1AI Score
0.962EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kots, kubernetes-csi-external-attacher, cilium-cli, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, timestamp-authority, kubernetes-csi-external-snapshotter, haproxy-ingress,...
6.6AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kubernetes-csi-external-attacher, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, tctl,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: doppler-kubernetes-operator, envoy-ratelimit, nodetaint, kubernetes-csi-external-attacher, kubeadm-bootstrap-controller, kubernetes-csi-livenessprobe, kubernetes-csi-external-snapshotter, haproxy-ingress, go-licenses, secrets-store-csi-driver-provider-azure, tctl,...
7.5AI Score
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: az, jwt-tool, k8s-sidecar, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, kubeflow-pipelines, datadog-agent, ggshield, dask-gateway, py3.10-tensorflow-core, confluent-docker-utils, py3-idna,...
7.5AI Score
Vulnerabilities for packages: az, jwt-tool, k8s-sidecar, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, kubeflow-pipelines, datadog-agent, ggshield, dask-gateway, py3.10-tensorflow-core, confluent-docker-utils, py3-idna,...
7.8AI Score
EPSS