F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, PEM, PSM Security Vulnerabilities

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...

GHSA-VFP6-JRW2-99G9 vulnerabilities

Vulnerabilities for packages: cosign, goreleaser, aactl, melange, tkn, apko, slsa-verifier, ko, kubescape, skaffold, falco, policy-controller, tekton-chains,...

CVE-2023-29405 vulnerabilities

Vulnerabilities for packages: falco, policy-controller,...

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: kubescape, skaffold, wolfictl, tekton-chains, gitsign, tkn, ko, falcoctl, falco, flux-source-controller, spire-server, melange, apko, policy-controller, vexctl, goreleaser, aactl, slsa-verifier, zarf, neuvector-sigstore-interface,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: rook, guac, kyverno, skaffold, tekton-pipelines, wolfictl, tekton-chains, containerd, nerdctl, cosign, gitsign, keda, istio-operator, skopeo, fulcio, terragrunt, tkn, rekor, sigstore-scaffolding, ko, cilium, vault, falcoctl, falco, flux-source-controller,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: src-fingerprint, flux-helm-controller, terraform-docs, opentofu, tekton-chains, containerd, cosign, certificate-transparency, skopeo, istio-operator, src, prometheus, terragrunt, cluster-autoscaler, kubernetes, buildkitd, kubernetes-event-exporter, scorecard,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, flux-helm-controller, opentofu, skaffold, tekton-chains, containerd, cosign, src, kubevela, istio-operator, fuse-overlayfs-snapshotter, prometheus, kubernetes-csi-external-provisioner, prometheus-operator, aws-ebs-csi-driver, cluster-autoscaler,.....

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: up, cilium-cli, helm-push, istio-operator, k8sgpt, k9s, chartmuseum, trivy, helm-operator, kubescape, zot, flux-helm-controller, cert-manager, zarf, eksctl, flux-source-controller,...

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: falco, policy-controller,...

CVE-2023-29404 vulnerabilities

Vulnerabilities for packages: falco, policy-controller,...

GHSA-68G3-2P3G-W9PQ vulnerabilities

Vulnerabilities for packages: falco, policy-controller,...

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: kubescape, skaffold, wolfictl, tekton-chains, gitsign, tkn, ko, falcoctl, falco, flux-source-controller, spire-server, melange, apko, policy-controller, vexctl, goreleaser, aactl, slsa-verifier, zarf, neuvector-sigstore-interface,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: local-static-provisioner, terraform-docs, skaffold, tekton-chains, kafka-proxy, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: aws-efs-csi-driver, conftest, spark-operator, dgraph, terraform-provider-azurerm, neuvector-agent, kubescape, coredns, flux-helm-controller, tctl, pulumi-language-java, kubernetes-csi-node-driver-registrar, nvidia-device-plugin, cosign, src, keda, kubevela,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: metacontroller, flux-helm-controller, opentofu, skaffold, cosign, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller, cluster-autoscaler, kpt, mc, pulumi-kubernetes-operator, buildkitd, scorecard, metrics-server, hey, pulumi-language-yaml,....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

GHSA-MW99-9CHC-XW7R vulnerabilities

Vulnerabilities for packages: src-fingerprint, bom, gitness, pulumi-language-java, tekton-pipelines, nuclei, gitsign, kubevela, go-licenses, pulumi-kubernetes-operator, scorecard, apko, flux-kustomize-controller, pulumi-language-yaml, pulumi-language-dotnet, gomplate, goreleaser, pulumi, zot,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, flux-helm-controller, opentofu, skaffold, containerd, cosign, src, kubevela, fuse-overlayfs-snapshotter, prometheus, kubernetes-csi-external-provisioner, prometheus-operator, aws-ebs-csi-driver, cluster-autoscaler, kpt, mc,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: local-static-provisioner, terraform-docs, skaffold, tekton-chains, kafka-proxy, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: k9s, gitlab-runner, helm-operator, guac, kubescape, ctop, dagger, flux-helm-controller, kyverno, bom, skaffold, tekton-pipelines, tekton-chains, nerdctl, cosign, gitsign, kubevela, skopeo, cadvisor, cri-tools, prometheus, datadog-agent, timoni, telegraf, buildkitd,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

CVE-2023-49568 vulnerabilities

Vulnerabilities for packages: src-fingerprint, bom, gitness, pulumi-language-java, tekton-pipelines, nuclei, gitsign, kubevela, go-licenses, pulumi-kubernetes-operator, scorecard, apko, flux-kustomize-controller, pulumi-language-yaml, pulumi-language-dotnet, gomplate, goreleaser, pulumi, zot,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, local-static-provisioner, spark-operator, calico, aws-ebs-csi-driver, cluster-autoscaler, kubernetes-dns-node-cache, kubernetes, nodetaint, ip-masq-agent,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: runc, k9s, kubescape, ctop, skaffold, wolfictl, nvidia-device-plugin, nerdctl, skopeo, cadvisor, syft, ingress-nginx-controller, datadog-agent, kubernetes, telegraf, buildkitd, newrelic-infrastructure-agent, k3s, k3d, trivy, zot, docker, kaniko, zarf, grype,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...

CVE-2024-6044 D-Link router - Arbitrary File Reading

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

Exploit for CVE-2024-36837

CVE-2024-36837 POC write URL in url.txt and run...

Exploit for Deserialization of Untrusted Data in Clear Clearml

ClearML Exploit Script This repository contains a Python...

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995 PoC and Bulk Scanner Overview This...

CVE-2024-6003

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

CVE-2024-6003

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

CVE-2024-6003 Guangdong Baolun Electronics IP Network Broadcasting Service Platform maps sql injection

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

Metasploit Weekly Wrap-Up 06/14/2024

New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...

CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...

CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...

CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...

linux-nvidia-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or...

CVE-2024-33377

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...

CVE-2024-33375

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...

CVE-2024-33374

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...