Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure And Networking Security Vulnerabilities

dashboard.chamtest.tourone.de Cross Site Scripting vulnerability OBB-3931409

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dartliga-as.de Cross Site Scripting vulnerability OBB-3931407

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-30314

An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of...

CVE-2023-30312

An issue discovered in routers running Openwrt 18.06, 19.07, 21.02, 22.03 and beyond allows attackers to hijack TCP sessions which could lead to a denial of...

dalui.de Cross Site Scripting vulnerability OBB-3931406

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: syft, k3s, skaffold, grype, newrelic-infrastructure-agent, docker, wolfictl, runc, datadog-agent, zarf, kubernetes, nvidia-device-plugin, ctop, trivy, kots, k3d, kubescape, buildkitd, zot, skopeo, nerdctl, cadvisor, telegraf, ingress-nginx-controller, kaniko,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: skaffold, grype, newrelic-infrastructure-agent, cert-manager, kubevela, flux-helm-controller, flux-source-controller, up, ctop, cilium-cli, melange, trivy, kots, eksctl, k3d, kubescape, zot, tekton-pipelines, helm-push, telegraf, fuse-overlayfs-snapshotter, kaniko,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: kind, external-dns, grype, prometheus-elasticsearch-exporter, pulumi-language-dotnet, vault-csi-provider, cilium-envoy, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding, cortex, argo-cd, aws-efs-csi-driver, dgraph, node-problem-detector, kaf,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: kind, external-dns, grype, prometheus-elasticsearch-exporter, pulumi-language-dotnet, vault-csi-provider, cilium-envoy, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding, cortex, argo-cd, aws-efs-csi-driver, dgraph, node-problem-detector, kaf,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: syft, k3s, skaffold, grype, newrelic-infrastructure-agent, docker, wolfictl, runc, datadog-agent, zarf, kubernetes, nvidia-device-plugin, ctop, trivy, kots, k3d, kubescape, buildkitd, zot, skopeo, nerdctl, cadvisor, telegraf, ingress-nginx-controller, kaniko,...

garotasdavan.uol.com.br Cross Site Scripting vulnerability OBB-3931403

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...

Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG...

CVE-2024-35240 Stored Cross-site Scripting on Print Functionality in Umbraco Commerce

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised.....

bpag.uol.com.br Cross Site Scripting vulnerability OBB-3931401

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-30308

An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of...

SimpleSAMLphp signature validation bypass

Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....

CVE-2023-30307

An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows attackers to hijack TCP sessions which could lead to a denial of...

CVE-2023-30311

An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of...

CVE-2024-36107 Information disclosure in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to....

CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc

CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows <script> tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upg...

CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...

CVE-2024-36110 Cross-site scripting in ansibleguy-webui

ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on...

accessibyte.com Cross Site Scripting vulnerability OBB-3931400

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

SimpleSAMLphp Link Injection vulnerability

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts...