Cross-site Scripting vulnerabilities in Neos
It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access....
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly. This is likely not as big an issue on systems where the...
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges......
teaitarakihi.nz Cross Site Scripting vulnerability OBB-3928492
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
alliedrisksecurity.com.au Cross Site Scripting vulnerability OBB-3928490
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, envoy-ratelimit, atlantis, aactl, kyverno, sigstore-scaffolding, bom, opentofu, pulumi-language-yaml, newrelic-infrastructure-agent, haproxy-ingress, nghttp2, thanos, cluster-autoscaler, nri-prometheus, tomcat,...
8.7AI Score
0.72EPSS
Vulnerabilities for packages: node-feature-discovery, nodetaint, kubernetes-csi-driver-hostpath, calico, kubernetes-dns-node-cache, spark-operator, ip-masq-agent, cluster-autoscaler, kubernetes, local-static-provisioner, kubeflow-pipelines,...
3.8AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, crossplane-provider-gcp, k8sgpt, envoy-ratelimit, aactl, atlantis, kyverno, kargo, crossplane-provider-aws, grpc-health-probe, newrelic-nri-kube-events, newrelic-infra-operator,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: prometheus-bind-exporter, oras, crossplane-provider-gcp, k8sgpt, atlantis, aactl, crossplane-provider-aws, neuvector-scanner, newrelic-infra-operator, bom, eksctl, hubble-ui, vault-k8s, confluent-common-docker, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: prometheus-bind-exporter, oras, crossplane-provider-gcp, k8sgpt, atlantis, aactl, crossplane-provider-aws, neuvector-scanner, newrelic-infra-operator, bom, eksctl, hubble-ui, vault-k8s, confluent-common-docker, capslock, kubernetes-csi-external-provisioner,...
6.6AI Score
0.0004EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: falco, prometheus-stackdriver-exporter, prometheus-bind-exporter, oras, smarter-device-manager, sbom-scorecard, cni-plugins, kind, slsa-verifier, aactl, amass, protoc-gen-go-grpc, influx, go-md2man, nri-discovery-kubernetes, aws-flb-cloudwatch, nats, grpcurl,...
8.2AI Score
0.001EPSS
Vulnerabilities for packages: gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, k8sgpt, sigstore-scaffolding, aactl, kyverno, crossplane-provider-aws, bom, kube-state-metrics, kube-fluentd-operator, opentofu, vault-k8s, kubernetes-csi-external-provisioner, pulumi-language-yaml,...
6.5AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, crossplane-provider-gcp, k8sgpt, envoy-ratelimit, aactl, atlantis, kyverno, kargo, crossplane-provider-aws, grpc-health-probe, newrelic-nri-kube-events, newrelic-infra-operator,...
6.6AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: prometheus-bind-exporter, oras, crossplane-provider-gcp, k8sgpt, atlantis, aactl, crossplane-provider-aws, neuvector-scanner, newrelic-infra-operator, bom, eksctl, hubble-ui, vault-k8s, confluent-common-docker, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, k8sgpt, sigstore-scaffolding, atlantis, aactl, kyverno, crossplane-provider-aws, bom, istio-cni, kube-state-metrics, kube-fluentd-operator, opentofu, vault-k8s,...
8.2AI Score
0.002EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
Vulnerabilities for packages: nodetaint, prometheus-adapter, calico, kubernetes-dns-node-cache, spark-operator, ip-masq-agent, aws-efs-csi-driver, cluster-autoscaler,...
8.9AI Score
0.001EPSS
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: nodetaint, prometheus-adapter, calico, kubernetes-dns-node-cache, spark-operator, ip-masq-agent, aws-efs-csi-driver, cluster-autoscaler,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: falco, prometheus-stackdriver-exporter, prometheus-bind-exporter, oras, smarter-device-manager, sbom-scorecard, cni-plugins, kind, slsa-verifier, aactl, amass, protoc-gen-go-grpc, influx, go-md2man, nri-discovery-kubernetes, aws-flb-cloudwatch, nats, grpcurl,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: falco, prometheus-stackdriver-exporter, prometheus-bind-exporter, oras, smarter-device-manager, sbom-scorecard, cni-plugins, kind, slsa-verifier, aactl, amass, protoc-gen-go-grpc, influx, go-md2man, nri-discovery-kubernetes, aws-flb-cloudwatch, nats, grpcurl,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: falco, prometheus-stackdriver-exporter, prometheus-bind-exporter, oras, smarter-device-manager, sbom-scorecard, cni-plugins, kind, slsa-verifier, aactl, amass, protoc-gen-go-grpc, influx, go-md2man, nri-discovery-kubernetes, aws-flb-cloudwatch, nats, grpcurl,...
7.4AI Score
0.001EPSS
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, k8sgpt, sigstore-scaffolding, atlantis, aactl, kyverno, crossplane-provider-aws, bom, istio-cni, kube-state-metrics, kube-fluentd-operator, opentofu, vault-k8s,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, k8sgpt, sigstore-scaffolding, aactl, kyverno, crossplane-provider-aws, bom, kube-state-metrics, kube-fluentd-operator, opentofu, vault-k8s, kubernetes-csi-external-provisioner, pulumi-language-yaml,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, envoy-ratelimit, atlantis, aactl, kyverno, sigstore-scaffolding, bom, opentofu, pulumi-language-yaml, newrelic-infrastructure-agent, haproxy-ingress, nghttp2, thanos, cluster-autoscaler, nri-prometheus, tomcat,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: node-feature-discovery, nodetaint, kubernetes-csi-driver-hostpath, calico, kubernetes-dns-node-cache, spark-operator, ip-masq-agent, cluster-autoscaler, kubernetes, local-static-provisioner, kubeflow-pipelines,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: prometheus-bind-exporter, oras, crossplane-provider-gcp, k8sgpt, atlantis, aactl, crossplane-provider-aws, neuvector-scanner, newrelic-infra-operator, bom, eksctl, hubble-ui, vault-k8s, confluent-common-docker, capslock, kubernetes-csi-external-provisioner,...
6.6AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: k8sgpt, envoy-ratelimit, aactl, kyverno, nri-redis, bom, terraform-provider-google, opentofu, newrelic-infrastructure-agent, crossplane-provider-azure, ferretdb, xcaddy, lazygit, stern, task, cri-tools, dynamic-localpv-provisioner, nats-server, pulumi, kubevela,...
6.9AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: k8sgpt, envoy-ratelimit, aactl, kyverno, nri-redis, bom, terraform-provider-google, opentofu, newrelic-infrastructure-agent, crossplane-provider-azure, ferretdb, xcaddy, lazygit, stern, task, cri-tools, dynamic-localpv-provisioner, nats-server, pulumi, kubevela,...
7.5AI Score
imaxleadingedgere.com Cross Site Scripting vulnerability OBB-3928489
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
imaxsales.net Cross Site Scripting vulnerability OBB-3928488
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
encoreliving.net Cross Site Scripting vulnerability OBB-3928487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
lynnpappas.com Cross Site Scripting vulnerability OBB-3928486
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
imaxwebsolutions.com Cross Site Scripting vulnerability OBB-3928485
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
sullivanteam.net Cross Site Scripting vulnerability OBB-3928484
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...
freetrx.ru Open Redirect vulnerability OBB-3928479
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Vulnerabilities for packages: ip-masq-agent, spark-operator, nodetaint, calico, calico-fips, kubernetes-csi-driver-hostpath, aws-ebs-csi-driver, node-feature-discovery, cluster-autoscaler, kubernetes-fips, kubernetes-dns-node-cache, local-static-provisioner, kubernetes, aws-ebs-csi-driver-fips,...
3.6AI Score
0.0004EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: gatekeeper, bom, prometheus-statsd-exporter, fuse-overlayfs-snapshotter, azure-aad-pod-identity-mic, kaf, oauth2-proxy, falcoctl-fips, prometheus-bind-exporter, external-secrets, kube-logging-logging-operator, flux-source-controller,...
8AI Score
0.002EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: gosu, prometheus-statsd-exporter, gitlab-logger, prometheus-bind-exporter, kube-logging-logging-operator, helm-push, docker-cli, aws-ebs-csi-driver, fulcio-fips, mage, cluster-autoscaler-fips, gke-gcloud-auth-plugin, k3d, kind, tigera-operator, go-licenses, scorecard,....
8AI Score
0.001EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: prometheus-statsd-exporter, istio-operator-fips, tctl-fips, tailscale, external-secrets-fips, nerdctl, external-secrets, kube-logging-logging-operator, eks-distro-kubernetes-csi-node-driver-registrar, rqlite, s5cmd, temporal-ui-server, argo-cd-fips,...
6.2AI Score
0.0004EPSS