Intel(R) CSME, Server Platform Services, Trusted Execution Engine And Intel(R) Active Management Technology Security Vulnerabilities

rallies.info Cross Site Scripting vulnerability OBB-3928539

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-3745

MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged...

xfenix.ru Open Redirect vulnerability OBB-3928538

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

neyron.ru Open Redirect vulnerability OBB-3928537

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

planetasp.ru Open Redirect vulnerability OBB-3928536

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vipbablo.ru Open Redirect vulnerability OBB-3928534

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-3745 MSI Afterburner v4.6.6.16381 Beta 3 - ACL Bypass

MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged...

johner.no Cross Site Scripting vulnerability OBB-3928532

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

russiacompany.ru Open Redirect vulnerability OBB-3928531

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5088

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-5088 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

ketterer-rarebooks.com Cross Site Scripting vulnerability OBB-3928523

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4432

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

CVE-2024-3658

The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in.....

US Official Warns a Cell Network Flaw Is Being Exploited for Spying

Plus: Three arrested in North Korean IT workers fraud ring, Tesla staffers shared videos from owners’ cars, and...

CVE-2024-3658 Build App Online <= 1.0.21 - Authentication Bypass via Header

The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in.....

CVE-2024-4432 Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1

CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1. A patched version of the package is...

CVE-2023-44487 affecting package moby-engine for versions less than 20.10.25-2

CVE-2023-44487 affecting package moby-engine for versions less than 20.10.25-2. A patched version of the package is...

CVE-2024-23653 affecting package moby-engine for versions less than 20.10.27-3

CVE-2024-23653 affecting package moby-engine for versions less than 20.10.27-3. A patched version of the package is...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, kaniko, jaeger-agent, cortex, eks-distro-kubernetes-csi-external-provisioner,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

CVE-2024-28122 vulnerabilities

Vulnerabilities for packages: istio-operator-fips, istio-pilot-agent, mc, boring-registry, istio-fips, external-secrets-operator, external-secrets, minio, boring-registry-fips, spire-server, istio-cni, istio-pilot-agent-fips, falcoctl-fips, istio-cni-fips, mc-fips, istio-operator,...

CVE-2023-39323 vulnerabilities

Vulnerabilities for packages: smarter-device-manager-fips, kind, falco, metrics-server,...

CVE-2024-21664 vulnerabilities

Vulnerabilities for packages: istio-operator-fips, istio-pilot-agent, gitsign, mc, boring-registry, external-secrets-operator, external-secrets, cosign-fips, minio, kubescape, spire-server, istio-cni, istio-pilot-agent-fips, falcoctl-fips, tekton-chains, istio-cni-fips, istio-operator,...

CVE-2023-46129 vulnerabilities

Vulnerabilities for packages: nats-server, nats, telegraf, minio,...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server,...

CVE-2024-4340 vulnerabilities

Vulnerabilities for packages:...

GHSA-892H-R6CR-53G4 vulnerabilities

Vulnerabilities for packages:...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: smarter-device-manager-fips, kind, falco, metrics-server,...

GHSA-W668-XCXF-V3GG vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31081 vulnerabilities

Vulnerabilities for packages:...

GHSA-CM2M-F7GC-HV64 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: hey, nvidia-device-plugin, secrets-store-csi-driver, scorecard, volume-modifier-for-k8s-fips, mc, istio-envoy, py3-seldon-core, cilium-envoy, prometheus-postgres-exporter, dynamic-localpv-provisioner, prometheus-elasticsearch-exporter, nats, cortex, ollama, hugo,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, hey, sbom-scorecard, docker-credential-ecr-login, scorecard, prometheus-statsd-exporter, cilium-envoy, prometheus-statsd-exporter-fips, helm-push, go-bindata, nats, cortex, protoc-gen-go-grpc, kubernetes-csi-livenessprobe,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: flux-source-controller, gitsign, tekton-pipelines, rekor, slsa-verifier, keda, kots, cilium-envoy, fulcio-fips, external-secrets-operator, fulcio, vault, cosign-fips, argo-cd, flux-kustomize-controller, kubescape, argo-workflows, terragrunt, consul,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, hey, istio-pilot-agent, nvidia-device-plugin, secrets-store-csi-driver, chartmuseum, volume-modifier-for-k8s-fips, mc, prometheus-statsd-exporter, py3-seldon-core, prometheus-postgres-exporter, dynamic-localpv-provisioner,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, nvidia-device-plugin, volume-modifier-for-k8s-fips, harbor-fips, cert-manager-webhook-pdns-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, jaeger-agent, opentelemetry-collector-contrib-fips,...

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: kubernetes-fips, keda, prometheus-adapter-fips, kubevela, envoy-ratelimit, aws-ebs-csi-driver, argo-cd, kubescape, kube-oidc-proxy, k3s, cluster-autoscaler-fips, cri-tools, temporal-fips, kubernetes, temporal-server-fips, temporal-server, cert-manager-fips,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, harbor-fips, cert-manager-webhook-pdns-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, kaniko, jaeger-agent,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, policy-controller, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, kaniko, jaeger-agent, cortex, eks-distro-kubernetes-csi-external-provisioner,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

GHSA-HJ3V-M684-V259 vulnerabilities

Vulnerabilities for packages: istio-operator-fips, istio-pilot-agent, mc, boring-registry, istio-fips, external-secrets-operator, external-secrets, minio, boring-registry-fips, spire-server, istio-cni, istio-pilot-agent-fips, falcoctl-fips, istio-cni-fips, mc-fips, istio-operator,...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: metrics-server-fips, kubernetes-fips, thanos, kubernetes, gitlab-kas, keda, kube-oidc-proxy, ipfs, prometheus-adapter, kubevela, prometheus, k3s, caddy, calico, cert-manager, cluster-autoscaler-fips, gatekeeper,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, envoy-ratelimit-fips, nvidia-device-plugin, volume-modifier-for-k8s-fips, prometheus-statsd-exporter-fips, kubernetes-csi-external-provisioner, cortex, eks-distro-kubernetes-csi-external-provisioner, q, crossplane-provider-azure,...