Event Espresso 4 Decaf – Event Registration Event Ticketing Security Vulnerabilities

Glastonbury ticket hijack vulnerability fixed

The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: snyk-cli, opentelemetry-collector-contrib, gitlab-runner, rabbitmq-messaging-topology-operator, tkn, fulcio, gh, cert-manager, guac, kubescape, nuclei, tekton-pipelines, bank-vaults, k3s, tekton-chains, kyverno, vexctl, flux-notification-controller,...

CVE-1999-0901 affecting package ypserv 4.1-4

CVE-1999-0901 affecting package ypserv 4.1-4. No patch is available...

CVE-2021-28543 affecting package varnish-modules 0.16.0-4

CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kots, gitlab-runner, kubernetes-csi-node-driver-registrar, rabbitmq-messaging-topology-operator, temporal, conftest, cert-manager, grpc-health-probe, kubescape, cert-exporter, prometheus-postgres-exporter, tctl, temporal-ui-server, velero, argo-workflows,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: age, render-template, cert-exporter, libnvidia-container, tctl, cluster-api-controller, sonobuoy, mods, hey, delve, docker, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, opa, prometheus-node-exporter, pulumi-language-dotnet, opentofu,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: snyk-cli, opentelemetry-collector-contrib, gitlab-runner, rabbitmq-messaging-topology-operator, tkn, fulcio, gh, cert-manager, guac, kubescape, nuclei, tekton-pipelines, bank-vaults, k3s, tekton-chains, kyverno, vexctl, flux-notification-controller,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: kots, gitlab-runner, temporal, conftest, cert-manager, grpc-health-probe, kubescape, kube-rbac-proxy, prometheus-postgres-exporter, temporal-ui-server, argo-workflows, kubernetes, temporal-server, certificate-transparency, step, thanos, istio-pilot-discovery,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kots, gitlab-runner, kubernetes-csi-node-driver-registrar, rabbitmq-messaging-topology-operator, temporal, conftest, cert-manager, grpc-health-probe, kubescape, cert-exporter, prometheus-postgres-exporter, tctl, temporal-ui-server, velero, argo-workflows,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-1999-0902 affecting package ypserv 4.1-4

CVE-1999-0902 affecting package ypserv 4.1-4. No patch is available...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: render-template, cert-exporter, tctl, cluster-api-controller, sonobuoy, mods, delve, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, prometheus-node-exporter, hugo, pulumi-language-dotnet, opentofu, flux-image-automation-controller,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: render-template, cert-exporter, tctl, cluster-api-controller, sonobuoy, mods, delve, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, prometheus-node-exporter, hugo, pulumi-language-dotnet, opentofu, flux-image-automation-controller,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-2017-5834 affecting package libplist 2.1.0-4

CVE-2017-5834 affecting package libplist 2.1.0-4. No patch is available...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: age, render-template, cert-exporter, libnvidia-container, tctl, cluster-api-controller, sonobuoy, mods, hey, delve, docker, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, opa, prometheus-node-exporter, pulumi-language-dotnet, opentofu,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: age, render-template, cert-exporter, libnvidia-container, tctl, cluster-api-controller, sonobuoy, mods, hey, delve, docker, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, opa, prometheus-node-exporter, pulumi-language-dotnet, opentofu,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-2017-5836 affecting package libplist 2.1.0-4

CVE-2017-5836 affecting package libplist 2.1.0-4. No patch is available...

CVE-2017-5835 affecting package libplist 2.1.0-4

CVE-2017-5835 affecting package libplist 2.1.0-4. No patch is available...

CVE-2013-7381 affecting package libnotify 0.7.9-4

CVE-2013-7381 affecting package libnotify 0.7.9-4. This CVE either no longer is or was never...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: kots, gitlab-runner, temporal, conftest, cert-manager, grpc-health-probe, kubescape, kube-rbac-proxy, prometheus-postgres-exporter, temporal-ui-server, argo-workflows, kubernetes, temporal-server, certificate-transparency, step, thanos, istio-pilot-discovery,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: age, render-template, cert-exporter, libnvidia-container, tctl, cluster-api-controller, sonobuoy, mods, hey, delve, docker, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, opa, prometheus-node-exporter, pulumi-language-dotnet, opentofu,...

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...

CVE-2000-0006 affecting package strace 5.16-4

CVE-2000-0006 affecting package strace 5.16-4. This CVE either no longer is or was never...

CVE-2022-45639 affecting package sleuthkit 4.9.0-4

CVE-2022-45639 affecting package sleuthkit 4.9.0-4. No patch is available...

CVE-2022-25345 affecting package opus 1.3.1-4

CVE-2022-25345 affecting package opus 1.3.1-4. No patch is available...

CVE-2007-1397 affecting package fish 3.1.2-4

CVE-2007-1397 affecting package fish 3.1.2-4. This CVE either no longer is or was never...

CVE-2022-20001 affecting package fish 3.1.2-4

CVE-2022-20001 affecting package fish 3.1.2-4. This CVE either no longer is or was never...

CVE-2023-25136 affecting package openssh 8.9p1-4

CVE-2023-25136 affecting package openssh 8.9p1-4. This CVE either no longer is or was never...

CVE-2020-14150 affecting package bison 3.1-4

CVE-2020-14150 affecting package bison 3.1-4. No patch is available...

CVE-2022-44793 affecting package net-snmp 5.9-4

CVE-2022-44793 affecting package net-snmp 5.9-4. No patch is available...

CVE-2018-14040 affecting package boost 1.66.0-4

CVE-2018-14040 affecting package boost 1.66.0-4. This CVE either no longer is or was never...

CVE-2022-39348 affecting package python-twisted 20.3.0-4

CVE-2022-39348 affecting package python-twisted 20.3.0-4. No patch is available...

CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4

CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4. A patched version of the package is...

CVE-2022-3857 affecting package libpng 1.6.37-4

CVE-2022-3857 affecting package libpng 1.6.37-4. No patch is available...

CVE-2022-3515 affecting package gnupg2 2.2.20-4

CVE-2022-3515 affecting package gnupg2 2.2.20-4. This CVE either no longer is or was never...

CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4

CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4. This CVE either no longer is or was never...

CVE-2022-44792 affecting package net-snmp 5.9-4

CVE-2022-44792 affecting package net-snmp 5.9-4. No patch is available...

Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and...

CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....

CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....