Desigo PX Automation Controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D With Desigo PX Web Modules PXA40-W0, PXA40-W1, PXA40-W2 Security Vulnerabilities

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

CVE-2024-34815 WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through...

CVE-2024-34815 WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through...

CVE-2024-5812

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...

CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server...

CVE-2024-5812

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...

CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server...

CVE-2024-5812 Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...

CVE-2024-5813 SSH Private Key Leak in BeyondInsight PasswordSafe

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server...

CVE-2021-28543 affecting package varnish-modules 0.16.0-4

CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: py3.10-tensorflow-core, kubeflow-volumes-web-app, superset, py3-werkzeug,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: py3.10-tensorflow-core, kubeflow-volumes-web-app, superset, py3-werkzeug,...

GHSA-84PR-M4JR-85G5 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src, temporal-ui-server, prometheus-adapter, sigstore-scaffolding, vertical-pod-autoscaler, grafana, istio-pilot-discovery, flux-source-controller, nuclei, skopeo, zarf, crossplane-provider-azure, trivy, etcd,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: py3-urllib3, kubeflow-volumes-web-app, jwt-tool, py3-tensorflow-serving-api,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: py3-jinja2, reflex, kubeflow-volumes-web-app, pytorch, superset, confluent-docker-utils, kubeflow-jupyter-web-app,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: yq, src, temporal-ui-server, s5cmd, skopeo, nri-haproxy, gitsign, nvidia-device-plugin, secrets-store-csi-driver-provider-aws, esbuild, glab, q, zot, coredns, kyverno-policy-reporter-ui, vexctl, melange, prometheus-postgres-exporter, go-fips, cert-exporter,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src, temporal-ui-server, prometheus-adapter, sigstore-scaffolding, vertical-pod-autoscaler, grafana, istio-pilot-discovery, flux-source-controller, nuclei, skopeo, zarf, crossplane-provider-azure, trivy, etcd,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, kubeflow-volumes-web-app, py3.10-tensorflow-core, az, py3-cassandra-medusa, py3-idna, kubeflow-pipelines-visualization-server, datadog-agent, kubeflow-pipelines, ggshield, jwt-tool, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: kubeflow-katib, kubeflow-volumes-web-app, py3.10-tensorflow-core, az, py3-cassandra-medusa, py3-idna, kubeflow-pipelines-visualization-server, datadog-agent, kubeflow-pipelines, ggshield, jwt-tool, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: yq, src, temporal-ui-server, s5cmd, skopeo, nri-haproxy, nvidia-device-plugin, secrets-store-csi-driver-provider-aws, glab, q, coredns, gops, kyverno-policy-reporter-ui, vexctl, prometheus-postgres-exporter, go-fips, cert-exporter, local-static-provisioner,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, yq, src, prometheus-adapter, sigstore-scaffolding, vertical-pod-autoscaler, dive, flux-source-controller, crossplane-provider-azure, kubernetes-csi-external-provisioner, kube-state-metrics, kube-fluentd-operator, prometheus-bind-exporter,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: src-fingerprint, src, temporal-ui-server, prometheus-adapter, sigstore-scaffolding, step, grafana, istio-pilot-discovery, flux-source-controller, skopeo, crossplane-provider-azure, trivy, kube-state-metrics, kube-fluentd-operator, prometheus-bind-exporter, eksctl,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, falco, grafana, goreleaser, flux-source-controller, zarf, crossplane, flux-image-automation-controller, slsa-verifier, tekton-chains, kubevela, keda, flux-kustomize-controller, gitsign, pulumi, vault, boring-registry, sops, cosign, skaffold, tkn,....

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: yq, src, temporal-ui-server, s5cmd, skopeo, nri-haproxy, gitsign, nvidia-device-plugin, secrets-store-csi-driver-provider-aws, esbuild, glab, q, zot, coredns, kyverno-policy-reporter-ui, vexctl, melange, prometheus-postgres-exporter, go-fips, cert-exporter,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: yq, src, temporal-ui-server, s5cmd, skopeo, nri-haproxy, nvidia-device-plugin, secrets-store-csi-driver-provider-aws, glab, q, coredns, gops, kyverno-policy-reporter-ui, vexctl, prometheus-postgres-exporter, go-fips, cert-exporter, local-static-provisioner,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, yq, src, prometheus-adapter, sigstore-scaffolding, vertical-pod-autoscaler, dive, istio-pilot-discovery, flux-source-controller, crossplane-provider-azure, kubernetes-csi-external-provisioner, kube-state-metrics, kube-fluentd-operator,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: py3-jinja2, reflex, kubeflow-volumes-web-app, pytorch, superset, confluent-docker-utils, kubeflow-jupyter-web-app,...

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: py3-urllib3, kubeflow-volumes-web-app, jwt-tool, py3-tensorflow-serving-api,...

CVE-2024-1681 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, yq, src, prometheus-adapter, sigstore-scaffolding, vertical-pod-autoscaler, dive, istio-pilot-discovery, flux-source-controller, crossplane-provider-azure, kubernetes-csi-external-provisioner, kube-state-metrics, kube-fluentd-operator,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: src-fingerprint, src, temporal-ui-server, prometheus-adapter, sigstore-scaffolding, step, grafana, istio-pilot-discovery, flux-source-controller, skopeo, crossplane-provider-azure, trivy, kube-state-metrics, kube-fluentd-operator, prometheus-bind-exporter, eksctl,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, yq, src, prometheus-adapter, sigstore-scaffolding, vertical-pod-autoscaler, dive, flux-source-controller, crossplane-provider-azure, kubernetes-csi-external-provisioner, kube-state-metrics, kube-fluentd-operator, prometheus-bind-exporter,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: airflow, kubeflow-katib, kubeflow-volumes-web-app, py3.10-tensorflow-core, az, py3-cassandra-medusa, datadog-agent, kubeflow-pipelines, jwt-tool, mlflow, confluent-docker-utils, k8s-sidecar,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: yq, src, temporal-ui-server, s5cmd, skopeo, nri-haproxy, nvidia-device-plugin, secrets-store-csi-driver-provider-aws, glab, q, coredns, gops, kyverno-policy-reporter-ui, vexctl, prometheus-postgres-exporter, go-fips, cert-exporter, local-static-provisioner,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: yq, src, temporal-ui-server, s5cmd, skopeo, nri-haproxy, nvidia-device-plugin, secrets-store-csi-driver-provider-aws, glab, q, coredns, gops, kyverno-policy-reporter-ui, vexctl, prometheus-postgres-exporter, go-fips, cert-exporter, local-static-provisioner,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: kor, pulumi-language-yaml, src-fingerprint, src, temporal-ui-server, s5cmd, yq, prometheus-adapter, vertical-pod-autoscaler, dive, nuclei, crossplane-provider-azure, ytt, etcd, kubernetes-csi-external-provisioner, nri-redis, kube-state-metrics, kuberay-operator,...

CVE-2023-46136 vulnerabilities

Vulnerabilities for packages: airflow, kubeflow-volumes-web-app, py3-werkzeug, py3-tensorflow-serving-api,...