F5 BIG-IP, REST Framework Logging Security Vulnerabilities

Cross-site Scripting vulnerabilities in Neos

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access....

CVE-2024-27411

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly. This is likely not as big an issue on systems where the...

CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...

CVE-2024-27415

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges......

teaitarakihi.nz Cross Site Scripting vulnerability OBB-3928492

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

alliedrisksecurity.com.au Cross Site Scripting vulnerability OBB-3928490

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, envoy-ratelimit, atlantis, aactl, kyverno, sigstore-scaffolding, bom, opentofu, pulumi-language-yaml, newrelic-infrastructure-agent, haproxy-ingress, nghttp2, thanos, cluster-autoscaler, nri-prometheus, tomcat,...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, nodetaint, kubernetes-csi-driver-hostpath, calico, kubernetes-dns-node-cache, spark-operator, ip-masq-agent, cluster-autoscaler, kubernetes, local-static-provisioner, kubeflow-pipelines,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, crossplane-provider-gcp, k8sgpt, envoy-ratelimit, aactl, atlantis, kyverno, kargo, crossplane-provider-aws, grpc-health-probe, newrelic-nri-kube-events, newrelic-infra-operator,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: prometheus-bind-exporter, oras, crossplane-provider-gcp, k8sgpt, atlantis, aactl, crossplane-provider-aws, neuvector-scanner, newrelic-infra-operator, bom, eksctl, hubble-ui, vault-k8s, confluent-common-docker, capslock, kubernetes-csi-external-provisioner,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: prometheus-bind-exporter, oras, crossplane-provider-gcp, k8sgpt, atlantis, aactl, crossplane-provider-aws, neuvector-scanner, newrelic-infra-operator, bom, eksctl, hubble-ui, vault-k8s, confluent-common-docker, capslock, kubernetes-csi-external-provisioner,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: falco, prometheus-stackdriver-exporter, prometheus-bind-exporter, oras, smarter-device-manager, sbom-scorecard, cni-plugins, kind, slsa-verifier, aactl, amass, protoc-gen-go-grpc, influx, go-md2man, nri-discovery-kubernetes, aws-flb-cloudwatch, nats, grpcurl,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, k8sgpt, sigstore-scaffolding, aactl, kyverno, crossplane-provider-aws, bom, kube-state-metrics, kube-fluentd-operator, opentofu, vault-k8s, kubernetes-csi-external-provisioner, pulumi-language-yaml,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, crossplane-provider-gcp, k8sgpt, envoy-ratelimit, aactl, atlantis, kyverno, kargo, crossplane-provider-aws, grpc-health-probe, newrelic-nri-kube-events, newrelic-infra-operator,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: prometheus-bind-exporter, oras, crossplane-provider-gcp, k8sgpt, atlantis, aactl, crossplane-provider-aws, neuvector-scanner, newrelic-infra-operator, bom, eksctl, hubble-ui, vault-k8s, confluent-common-docker, capslock, kubernetes-csi-external-provisioner,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, k8sgpt, sigstore-scaffolding, atlantis, aactl, kyverno, crossplane-provider-aws, bom, istio-cni, kube-state-metrics, kube-fluentd-operator, opentofu, vault-k8s,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: nodetaint, prometheus-adapter, calico, kubernetes-dns-node-cache, spark-operator, ip-masq-agent, aws-efs-csi-driver, cluster-autoscaler,...

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: nodetaint, prometheus-adapter, calico, kubernetes-dns-node-cache, spark-operator, ip-masq-agent, aws-efs-csi-driver, cluster-autoscaler,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: falco, prometheus-stackdriver-exporter, prometheus-bind-exporter, oras, smarter-device-manager, sbom-scorecard, cni-plugins, kind, slsa-verifier, aactl, amass, protoc-gen-go-grpc, influx, go-md2man, nri-discovery-kubernetes, aws-flb-cloudwatch, nats, grpcurl,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: falco, prometheus-stackdriver-exporter, prometheus-bind-exporter, oras, smarter-device-manager, sbom-scorecard, cni-plugins, kind, slsa-verifier, aactl, amass, protoc-gen-go-grpc, influx, go-md2man, nri-discovery-kubernetes, aws-flb-cloudwatch, nats, grpcurl,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: falco, prometheus-stackdriver-exporter, prometheus-bind-exporter, oras, smarter-device-manager, sbom-scorecard, cni-plugins, kind, slsa-verifier, aactl, amass, protoc-gen-go-grpc, influx, go-md2man, nri-discovery-kubernetes, aws-flb-cloudwatch, nats, grpcurl,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, k8sgpt, sigstore-scaffolding, atlantis, aactl, kyverno, crossplane-provider-aws, bom, istio-cni, kube-state-metrics, kube-fluentd-operator, opentofu, vault-k8s,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, k8sgpt, sigstore-scaffolding, aactl, kyverno, crossplane-provider-aws, bom, kube-state-metrics, kube-fluentd-operator, opentofu, vault-k8s, kubernetes-csi-external-provisioner, pulumi-language-yaml,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, envoy-ratelimit, atlantis, aactl, kyverno, sigstore-scaffolding, bom, opentofu, pulumi-language-yaml, newrelic-infrastructure-agent, haproxy-ingress, nghttp2, thanos, cluster-autoscaler, nri-prometheus, tomcat,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, nodetaint, kubernetes-csi-driver-hostpath, calico, kubernetes-dns-node-cache, spark-operator, ip-masq-agent, cluster-autoscaler, kubernetes, local-static-provisioner, kubeflow-pipelines,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: prometheus-bind-exporter, oras, crossplane-provider-gcp, k8sgpt, atlantis, aactl, crossplane-provider-aws, neuvector-scanner, newrelic-infra-operator, bom, eksctl, hubble-ui, vault-k8s, confluent-common-docker, capslock, kubernetes-csi-external-provisioner,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: k8sgpt, envoy-ratelimit, aactl, kyverno, nri-redis, bom, terraform-provider-google, opentofu, newrelic-infrastructure-agent, crossplane-provider-azure, ferretdb, xcaddy, lazygit, stern, task, cri-tools, dynamic-localpv-provisioner, nats-server, pulumi, kubevela,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: k8sgpt, envoy-ratelimit, aactl, kyverno, nri-redis, bom, terraform-provider-google, opentofu, newrelic-infrastructure-agent, crossplane-provider-azure, ferretdb, xcaddy, lazygit, stern, task, cri-tools, dynamic-localpv-provisioner, nats-server, pulumi, kubevela,...

imaxleadingedgere.com Cross Site Scripting vulnerability OBB-3928489

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

imaxsales.net Cross Site Scripting vulnerability OBB-3928488

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

encoreliving.net Cross Site Scripting vulnerability OBB-3928487

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lynnpappas.com Cross Site Scripting vulnerability OBB-3928486

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

imaxwebsolutions.com Cross Site Scripting vulnerability OBB-3928485

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sullivanteam.net Cross Site Scripting vulnerability OBB-3928484

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

freetrx.ru Open Redirect vulnerability OBB-3928479

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: ip-masq-agent, spark-operator, nodetaint, calico, calico-fips, kubernetes-csi-driver-hostpath, aws-ebs-csi-driver, node-feature-discovery, cluster-autoscaler, kubernetes-fips, kubernetes-dns-node-cache, local-static-provisioner, kubernetes, aws-ebs-csi-driver-fips,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: gatekeeper, bom, prometheus-statsd-exporter, fuse-overlayfs-snapshotter, azure-aad-pod-identity-mic, kaf, oauth2-proxy, falcoctl-fips, prometheus-bind-exporter, external-secrets, kube-logging-logging-operator, flux-source-controller,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: gosu, prometheus-statsd-exporter, gitlab-logger, prometheus-bind-exporter, kube-logging-logging-operator, helm-push, docker-cli, aws-ebs-csi-driver, fulcio-fips, mage, cluster-autoscaler-fips, gke-gcloud-auth-plugin, k3d, kind, tigera-operator, go-licenses, scorecard,....

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: prometheus-statsd-exporter, istio-operator-fips, tctl-fips, tailscale, external-secrets-fips, nerdctl, external-secrets, kube-logging-logging-operator, eks-distro-kubernetes-csi-node-driver-registrar, rqlite, s5cmd, temporal-ui-server, argo-cd-fips,...