Microsoft Windows 1607, 1703, And Windows Server 2016. Security Vulnerabilities

CVE-2024-4419 Fetch JFT <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2024-21512

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using...

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

CVE-2023-6743 Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...

CVE-2024-0434 WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save

The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for...

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...

CVE-2016-2124 affecting package samba 4.12.5-6

CVE-2016-2124 affecting package samba 4.12.5-6. No patch is available...

CVE-2016-4912 affecting package openslp 2.0.0-26

CVE-2016-4912 affecting package openslp 2.0.0-26. No patch is available...

CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21

CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21. No patch is available...

CVE-2016-2568 affecting package polkit 0.119-3

CVE-2016-2568 affecting package polkit 0.119-3. No patch is available...

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...

CVE-2016-2568 affecting package polkit 0.116-7

CVE-2016-2568 affecting package polkit 0.116-7. No patch is available...

CVE-2016-3709 affecting package libxml2 2.9.14-3

CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: skaffold, goreleaser, tkn, aactl, flux-source-controller, zot, spire-server, melange, policy-controller, tekton-chains, zarf, wolfictl, apko, gitsign, ko, vexctl, falco, falcoctl, slsa-verifier,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, kaf, haproxy-ingress, flux-source-controller, metrics-server, influxd, minio, up, prometheus-bind-exporter, wireguard-go, ollama, external-dns, nats, dotnet, coredns, grype, nghttp2, hey, gitlab-pages, gatekeeper,.....

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: tkn, terragrunt, sops, keda, cloudflared, cosign, aactl, argo-cd, flux-source-controller, spire-server, kots, vault, rekor, tekton-chains, cilium-envoy, kyverno, cert-manager, external-secrets-operator, gitsign, fulcio, argo-workflows, istio-pilot-discovery, vexctl,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: goreleaser, tkn, trivy, conftest, dagger, aactl, zot, up, spire-server, melange, crossplane, docker-compose, kaniko, telegraf, kargo, wolfictl, grype, syft, ko, buf, loki, buildkitd, datadog-agent, cadvisor, ctop, prometheus,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: amass, trillian, kots, caddy, temporal-server, vault, kine, src, step-ca, spicedb, telegraf, argo-workflows, keda, ferretdb, k3s,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: amass, trillian, kots, caddy, temporal-server, vault, kine, src, step-ca, spicedb, telegraf, argo-workflows, keda, ferretdb, k3s,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, kubeflow-jupyter-web-app, py3-werkzeug, superset, kubeflow-volumes-web-app,...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: py3-pillow, kubeflow-pipelines-visualization-server,...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: falco, kind,...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, kubeflow-jupyter-web-app, py3-werkzeug, superset, kubeflow-volumes-web-app,...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: goreleaser, tkn, trivy, conftest, dagger, aactl, zot, up, spire-server, melange, crossplane, docker-compose, kaniko, telegraf, kargo, wolfictl, grype, syft, ko, buf, loki, buildkitd, datadog-agent, cadvisor, ctop, prometheus,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, sonobuoy, istio-operator, capslock, haproxy-ingress,...

GHSA-HJ3V-M684-V259 vulnerabilities

Vulnerabilities for packages: kyverno, spire-server, boring-registry, external-secrets-operator, mc, falco, istio-pilot-discovery, falcoctl, istio-cni, istio-pilot-agent, istio-operator,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: reflex, kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, pytorch, superset, dask-gateway, kubeflow-volumes-web-app,...

CVE-2024-31081 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31082 vulnerabilities

Vulnerabilities for packages:...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: falco, kind,...

CVE-2023-39320 vulnerabilities

Vulnerabilities for packages:...

GHSA-RXV8-V965-V333 vulnerabilities

Vulnerabilities for packages:...

GHSA-PCJV-393Q-RQF2 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: nri-mssql, kpt, nsc, kaf, yam, http-echo, docker-credential-gcr, chezmoi, nfs-subdir-external-provisioner, newrelic-infra-operator, cluster-api-controller, containerd, kyverno-policy-reporter-kyverno-plugin, kaniko, protoc-gen-go, kor, kwok, aws-flb-kinesis, ollama,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: gobuster, goreleaser, render-template, go-bindata, vertical-pod-autoscaler, nsc, cass-operator, sops, scorecard, go-licenses, influx, mage, nri-discovery-kubernetes, grpcurl, sonobuoy, docker-cli, aactl, wait-for-port, oras, metrics-server,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, thanos-operator, kaf, kubernetes-dashboard, k3s, prometheus-mongodb-exporter, vault-k8s, haproxy-ingress, kube-logging-operator, flux-source-controller, metrics-server, zot, influxd, minio, prometheus-alertmanager,....

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: eksctl, nri-mssql, terraform-docs, nsc, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, vault-k8s, istio-operator, haproxy-ingress, libssh, flux-source-controller, metrics-server, zot, influxd, up, caddy, prometheus-alertmanager,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, sonobuoy, istio-operator, capslock, haproxy-ingress,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....

CVE-2016-1000027 vulnerabilities

Vulnerabilities for packages:...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, dask-gateway, kubeflow-katib, kubeflow-pipelines, az, k8s-sidecar, kubeflow-volumes-web-app, ggshield, py3-idna, confluent-docker-utils,...