Event Monster – Event Management, Tickets Booking, Upcoming Event Security Vulnerabilities

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, cert-manager, flux-image-reflector-controller, buildkitd, ksops, policy-controller, kubevela, terraform, gitsign, vault-csi-provider, cosign, flux-helm-controller, prometheus, fulcio, zot, aactl, keda, gh, vexctl, glab, tkn, bank-vaults,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, ctop, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, aws-load-balancer-controller, up,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, wait-for-port, nsc, nri-f5, prometheus-nats-exporter, controller-gen, nri-prometheus, kubebuilder, step, crossplane-provider-azure, k8ssandra-operator,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, cert-manager, flux-image-reflector-controller, buildkitd, ksops, policy-controller, kubevela, terraform, gitsign, vault-csi-provider, cosign, flux-helm-controller, prometheus, fulcio, zot, aactl, keda, gh, vexctl, glab, tkn, bank-vaults,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, gobuster, up, memcached-exporter, bank-vaults, gatekeeper, flux, weaviate, k3s, cloud-sql-proxy, cilium-cli, nsc,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, ctop, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, aws-load-balancer-controller, up,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, wait-for-port, nsc, nri-f5, prometheus-nats-exporter, controller-gen, nri-prometheus, kubebuilder, step, crossplane-provider-azure, k8ssandra-operator,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, gobuster, up, memcached-exporter, bank-vaults, gatekeeper, flux, weaviate, k3s, cloud-sql-proxy, cilium-cli, nsc,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

GHSA-5JPM-X58V-624V vulnerabilities

Vulnerabilities for packages: opensearch, spark, keycloak, neo4j, cloudwatch-exporter, selenium, management-api-for-apache-cassandra,...

CVE-2024-29025 vulnerabilities

Vulnerabilities for packages: opensearch, spark, keycloak, neo4j, cloudwatch-exporter, selenium, management-api-for-apache-cassandra,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....

CVE-2024-38531 Nix sandbox escape

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can...

CVE-2024-38531 Nix sandbox escape

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can...

Glastonbury ticket hijack vulnerability fixed

The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security...

Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and...

TeamViewer Detects Security Breach in Corporate IT Environment

TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary...

Ubuntu: Security Advisory (USN-6857-1)

The remote host is missing an update for...

CVE-2024-22272

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...

CVE-2024-22272

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...

Decoding OWASP – A Security Engineer’s Roadmap to Application Security

In a time where over 60% of data breaches are linked to software vulnerabilities and a single overlooked software vulnerability can expose sensitive data, the imperative of robust application security cannot be overstated. The 2023 IBM Security Cost of a Data Breach Report highlights that...

CVE-2024-22272

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...

An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack

On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins). After adding the malicious code to our...

CVE-2024-5714

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5710

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

CVE-2024-5710

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

CVE-2024-5714

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2022-43904)

Summary IBM Security Guardium has addressed this vulnerability. Vulnerability Details CVEID: CVE-2022-43904 DESCRIPTION: IBM Security Guardium could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. CVSS Base score: 7.5 CVSS Temporal...

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. We're not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

CVE-2024-6374

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site...

CVE-2024-6374

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site...

CVE-2024-6374 lahirudanushka School Management System Subject Page subject.php cross site scripting

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site...