CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.5AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: protoc-gen-go-grpc, rabbitmq-cluster-operator, vault, ferretdb, k8sgpt-operator, cilium, grpc-health-probe, datadog-agent-fips, k3s, gpu-operator, flux-kustomize-controller, tflint, stakater-reloader, grafana-agent-operator, cert-exporter-fips, go-ipfs-fips, weaviate,....
7.3AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: kubescape, dex, kyverno, wavefront-collector-for-kubernetes, kubernetes-ingress-defaultbackend, trillian, nats, prometheus-mongodb-exporter, vault, k8sgpt-operator, skaffold, cloud-sql-proxy, flux, flux-source-controller, cert-manager-fips, slsa-verifier,...
7.5CVSS
8.2AI Score
0.002EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.3AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: protoc-gen-go-grpc, rabbitmq-cluster-operator, vault, ferretdb, k8sgpt-operator, cilium, grpc-health-probe, datadog-agent-fips, k3s, gpu-operator, flux-kustomize-controller, tflint, stakater-reloader, grafana-agent-operator, cert-exporter-fips, go-ipfs-fips, weaviate,....
6AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: chezmoi, petname, kubernetes-ingress-defaultbackend, gotenberg, protoc-gen-go-grpc, mkcert, harbor-scanner-trivy-fips, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, cilium, harbor-scanner-trivy, grpc-health-probe, step-issuer-fips,...
6.1AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.3AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.5AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.5AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: chezmoi, petname, kubernetes-ingress-defaultbackend, gotenberg, protoc-gen-go-grpc, mkcert, harbor-scanner-trivy-fips, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, cilium, harbor-scanner-trivy, grpc-health-probe, step-issuer-fips,...
7.3AI Score
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.3AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.5AI Score
0.0004EPSS
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.3AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: kubescape, dex, kyverno, wavefront-collector-for-kubernetes, kubernetes-ingress-defaultbackend, trillian, nats, prometheus-mongodb-exporter, vault, k8sgpt-operator, skaffold, cloud-sql-proxy, flux, flux-source-controller, cert-manager-fips, slsa-verifier,...
7.3AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: kubescape, trivy, dex, kyverno, wavefront-collector-for-kubernetes, go-licenses, step, trillian, nsc, prometheus-mongodb-exporter, gitsign, nats, temporal, vault, temporal-server, ferretdb, cloud-sql-proxy, flux, flux-source-controller, cert-manager-fips,...
7.3AI Score
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: kubescape, trivy, dex, kyverno, wavefront-collector-for-kubernetes, go-licenses, step, trillian, nsc, prometheus-mongodb-exporter, gitsign, nats, temporal, vault, temporal-server, ferretdb, cloud-sql-proxy, flux, flux-source-controller, cert-manager-fips,...
5.9CVSS
6.8AI Score
0.962EPSS
Vulnerabilities for packages: dex, kyverno, wavefront-collector-for-kubernetes, trillian, prometheus-mongodb-exporter, vault, k8sgpt-operator, skaffold, cloud-sql-proxy, flux, flux-source-controller, cert-manager-fips, dynamic-localpv-provisioner, karpenter, nfs-subdir-external-provisioner, k3s,...
6.1CVSS
7.3AI Score
0.001EPSS
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.3AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: dex, kyverno, wavefront-collector-for-kubernetes, trillian, prometheus-mongodb-exporter, vault, k8sgpt-operator, skaffold, cloud-sql-proxy, flux, flux-source-controller, cert-manager-fips, dynamic-localpv-provisioner, karpenter, nfs-subdir-external-provisioner, k3s,...
7.3AI Score
nasyanya.ru Cross Site Scripting vulnerability OBB-3928040
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
greeceguide.co.uk Cross Site Scripting vulnerability OBB-3928037
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
reclamecode.nl Cross Site Scripting vulnerability OBB-3928033
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
avmap.it Cross Site Scripting vulnerability OBB-3928025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
breinenwelzijn.nl Cross Site Scripting vulnerability OBB-3928024
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
neobasnet.timeout.ru Cross Site Scripting vulnerability OBB-3928023
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
kreml.ru Cross Site Scripting vulnerability OBB-3928022
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
rallies.info Cross Site Scripting vulnerability OBB-3928019
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
cursusvoor.nl Cross Site Scripting vulnerability OBB-3928015
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
vistv.nl Cross Site Scripting vulnerability OBB-3928014
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
10CVSS
0.0004EPSS
easyresv3.wintersteiger.at Cross Site Scripting vulnerability OBB-3928010
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Trust Risk and Security Management: Why Tackle Them Now?
Co-authored by Sabeen Malik and Laura Ellis In the evolving world of artificial intelligence (AI), keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges...
Subhunter - A Fast Subdomain Takeover Tool
Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization's domain to a website that performs malicious activities, such as phishing campaigns, stealing user cookies, etc. It occurs when.....
almondfootwear.com Cross Site Scripting vulnerability OBB-3928008
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
gites-de-france-hautes-alpes.com Cross Site Scripting vulnerability OBB-3928007
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....
BIT-cilium-operator-2022-29178
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed,...
BIT-cilium-operator-2022-29179
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed,...
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary.....
BIT-cilium-operator-2023-27593
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary.....
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....
BIT-cilium-operator-2023-27594
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can....
BIT-cilium-operator-2023-27595
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can....
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-cilium-operator-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be.....
BIT-cilium-operator-2023-30851
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be.....