Frontend File Manager & Sharing – User Private Files Security Vulnerabilities

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2024-31902)

Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-31902 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and.....

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc

Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details ** CVEID: CVE-2024-35153 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

CVE-2024-39828

R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game...

CVE-2024-39828

R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2023-3817 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check()...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details ** CVEID: CVE-2024-27268 DESCRIPTION: **IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure authorization (CVE-2023-35022)

Summary An insecure authorization vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-35022 DESCRIPTION: **IBM InfoSphere Information Server could allow a local user to update projects that they do not have the authorization to access. CVSS...

CVE-2024-39302

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...

CVE-2024-39302

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: vault, istio-pilot-discovery, kots, sops, cloudflared, kyverno, slsa-verifier, oauth2-proxy, argo-workflows, cosign, tekton-pipelines, flux-source-controller, aactl, external-secrets-operator, argo-cd, tkn, fulcio, tekton-chains, spire-server, terragrunt, vexctl,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: skaffold, prometheus, k3d, ctop, slsa-verifier, k3s, bom, paranoia, goreleaser, tekton-pipelines, aactl, kpt, up, tekton-chains, scorecard, cert-manager, kubescape, loki, chartmuseum,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: neuvector-agent, trivy, skaffold, cilium-cli, kots, k3d, kaniko, newrelic-infrastructure-agent, helm, ctop, telegraf, tekton-pipelines, flux-source-controller, eksctl, up, gitness, grype, kubevela, cert-manager, kubescape, helm-push, zot, flux-helm-controller,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: helm-operator, flux-source-controller, kots, k8sgpt, trivy, zarf, k9s, cert-manager, eksctl, helm-push, chartmuseum, kubescape, flux-helm-controller, up, zot, cilium-cli,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: helm-operator, flux-source-controller, kots, k8sgpt, trivy, zarf, k9s, cert-manager, eksctl, helm-push, chartmuseum, kubescape, flux-helm-controller, up, zot, cilium-cli,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: configmap-reload, nuclei, k8sgpt, dagger, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, guac, capslock, kaniko, sops, temporal, filebeat, kubernetes-dns-node-cache,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: nuclei, step-ca, skopeo, flux-image-automation-controller, ksops, gitlab-shell, consul, gitlab-kas, prometheus, timestamp-authority, crossplane-provider-azure, guac, policy-controller, rook, k3d, flux-notification-controller, pulumi-kubernetes-operator, sops, kyverno,....

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-gcp, kaf, wireguard-go, git-lfs, oauth2-proxy, grpcurl, spark-operator, pulumi-language-java, flux-source-controller, kubeflow-katib, dotnet, weaviate, atlantis, gitlab-runner, kind, buildkitd, keda, cert-manager,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: trivy, k8sgpt, dagger, skopeo, skaffold, cri-tools, timoni, prometheus, istio-pilot-discovery, guac, policy-controller, docker-credential-gcr, kots, newrelic-infrastructure-agent, kyverno, flux-image-reflector-controller, filebeat, helm, ctop, slsa-verifier, telegraf,....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: configmap-reload, nuclei, k8sgpt, k8ssandra-operator, nri-cassandra, http-echo, gobump, tigera-operator, aws-network-policy-agent, aws-load-balancer-controller, grpcurl, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, ksops, wireguard-go, go, neuvector-scanner, aws-ebs-csi-driver, guac, http-echo, capslock, git-lfs, grafana-rollout-operator, gobump, sops, kubernetes-dns-node-cache, kubeadm-bootstrap-controller,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, ksops, wireguard-go, go, neuvector-scanner, aws-ebs-csi-driver, guac, http-echo, capslock, git-lfs, grafana-rollout-operator, gobump, sops, kubernetes-dns-node-cache, kubeadm-bootstrap-controller,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, dagger, k8ssandra-operator, nri-cassandra, http-echo, gobump, aws-load-balancer-controller, grpcurl, logstash, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi, speedtest-go,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: nuclei, step-ca, skopeo, flux-image-automation-controller, ksops, gitlab-shell, consul, gitlab-kas, prometheus, timestamp-authority, crossplane-provider-azure, guac, policy-controller, rook, k3d, flux-notification-controller, pulumi-kubernetes-operator, sops, kyverno,....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, wireguard-go, aws-ebs-csi-driver, git-lfs, apko, oauth2-proxy, aws-load-balancer-controller, grpcurl, spark-operator, pulumi-language-java, flux-source-controller, kubeflow-katib, prometheus-mongodb-exporter,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: libssh2, temporal-ui-server, kaf, wireguard-go, temporal, git-lfs, sops, apko, tigera-operator, oauth2-proxy, istio-pilot-agent, istio-cni, docker-credential-acr-env, argo-workflows, grpc-health-probe, spark-operator, kube-rbac-proxy, flux-source-controller,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: configmap-reload, nuclei, k8sgpt, dagger, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, guac, capslock, kaniko, sops, temporal, filebeat, kubernetes-dns-node-cache,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: boring-registry, sqlpad, trivy, nuclei, k8sgpt, rclone, step-ca, velero, ksops, harbor-registry, prometheus, timestamp-authority, guac, policy-controller, tempo, rook, cortex, sops, teleport, fluent-bit-plugin-loki, flux-image-reflector-controller, filebeat, kyverno,.....

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: calico, kubernetes, prometheus-adapter, ipfs, keda, kubevela, cert-manager, up, gitlab-kas, thanos, prometheus, k3s, caddy,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, oras, configmap-reload, nsc, vertical-pod-autoscaler, flannel-cni-plugin, prometheus-stackdriver-exporter, sbom-scorecard, influx, dgraph, protoc-gen-go-grpc, nri-discovery-kubernetes, kubernetes-dashboard-metrics-scraper, hey, go-bindata,...

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: calico, kubernetes, prometheus-adapter, ipfs, keda, kubevela, cert-manager, up, gitlab-kas, thanos, prometheus, k3s, caddy,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: boring-registry, sqlpad, trivy, nuclei, k8sgpt, rclone, step-ca, velero, ksops, harbor-registry, prometheus, timestamp-authority, guac, policy-controller, tempo, rook, cortex, sops, teleport, fluent-bit-plugin-loki, flux-image-reflector-controller, filebeat, kyverno,.....

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: step-ca, skopeo, skaffold, cilium, dgraph, vault, containerd, istio-pilot-discovery, timestamp-authority, guac, policy-controller, rook, minio, cloudflared, wolfictl, apko, slsa-verifier, oauth2-proxy, istio-pilot-agent, kargo, istio-cni, argo-workflows, goreleaser,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, configmap-reload, nuclei, k8sgpt, dagger, flannel-cni-plugin, secrets-store-csi-driver-provider-gcp, velero, temporal-ui-server, kaf, wireguard-go, wazero, k8ssandra-operator, aws-ebs-csi-driver, nri-discovery-kubernetes, nri-couchbase,...

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: helm-operator, flux-source-controller, kots, k8sgpt, trivy, zarf, k9s, cert-manager, eksctl, helm-push, chartmuseum, kubescape, flux-helm-controller, up, zot, cilium-cli,...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, ksops, wireguard-go, go, neuvector-scanner, aws-ebs-csi-driver, guac, http-echo, capslock, git-lfs, grafana-rollout-operator, gobump, sops, kubernetes-dns-node-cache, kubeadm-bootstrap-controller,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: configmap-reload, nuclei, k8sgpt, k8ssandra-operator, nri-cassandra, http-echo, gobump, tigera-operator, aws-network-policy-agent, aws-load-balancer-controller, grpcurl, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, dagger, k8ssandra-operator, nri-cassandra, http-echo, gobump, aws-load-balancer-controller, grpcurl, logstash, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi, speedtest-go,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: k8sgpt, secrets-store-csi-driver-provider-gcp, kaf, wireguard-go, go, aws-ebs-csi-driver, git-lfs, apko, kubernetes-dns-node-cache, oauth2-proxy, istio-pilot-agent, aws-load-balancer-controller, grpcurl, istio-cni, spark-operator, pulumi-language-java,...

GHSA-8PGV-569H-W5RW vulnerabilities

Vulnerabilities for packages: temporal, kubernetes, docker-compose, envoy-ratelimit, keda, kubevela, cri-tools, kyverno, temporal-server, cert-manager, argo-cd, kubescape, containerd, kine, k3s, aws-ebs-csi-driver,...

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: temporal, kubernetes, docker-compose, envoy-ratelimit, keda, kubevela, cri-tools, kyverno, temporal-server, cert-manager, argo-cd, kubescape, containerd, kine, k3s, aws-ebs-csi-driver,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: configmap-reload, k8sgpt, dagger, k8ssandra-operator, nri-cassandra, http-echo, gobump, aws-load-balancer-controller, grpcurl, logstash, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi, speedtest-go,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, oras, configmap-reload, nsc, vertical-pod-autoscaler, flannel-cni-plugin, prometheus-stackdriver-exporter, sbom-scorecard, influx, dgraph, protoc-gen-go-grpc, nri-discovery-kubernetes, kubernetes-dashboard-metrics-scraper, hey, go-bindata,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, oras, configmap-reload, nsc, vertical-pod-autoscaler, flannel-cni-plugin, prometheus-stackdriver-exporter, sbom-scorecard, influx, dgraph, protoc-gen-go-grpc, nri-discovery-kubernetes, kubernetes-dashboard-metrics-scraper, hey, go-bindata,...