SpaceLogic C-Bus Application Controller, 5500AC2 Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

dyseno.com Cross Site Scripting vulnerability OBB-3939837

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

moon-fachhandel.de Cross Site Scripting vulnerability OBB-3939836

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

aeropostale.talentify.io Cross Site Scripting vulnerability OBB-3939834

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

4-wheel-parts.talentify.io Cross Site Scripting vulnerability OBB-3939832

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

albemarle.talentify.io Cross Site Scripting vulnerability OBB-3939833

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stuco-sicherheitsschuhe.de Cross Site Scripting vulnerability OBB-3939823

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

juz-einstein.de Cross Site Scripting vulnerability OBB-3939821

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stuco.hu Cross Site Scripting vulnerability OBB-3939820

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stuco.com Cross Site Scripting vulnerability OBB-3939819

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

duplo-frank.de Cross Site Scripting vulnerability OBB-3939818

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stuco.ch Cross Site Scripting vulnerability OBB-3939816

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...

Exploit for CVE-2024-37765

Description MachForm up to version 19 is affected by an...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: dex, vault, aactl, cosign, keda, istio-pilot-discovery, kots, traefik, sops, cilium-envoy, fulcio, external-secrets-operator, terragrunt, tkn, cert-manager, flux-kustomize-controller, falco, kubescape, argo-workflows, flux-source-controller, slsa-verifier,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: nerdctl, syft, docker, nvidia-device-plugin, grype, k3d, kots, cadvisor, ctop, k3s, kubernetes, newrelic-infrastructure-agent, trivy, zarf, kubescape, zot, runc, ingress-nginx-controller, telegraf, datadog-agent, kaniko, buildkitd, skopeo, wolfictl, skaffold,...

GHSA-888H-RM2R-VRC7 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: bank-vaults, aactl, flux-helm-controller, cosign, keda, pulumi, rook, k3d, flux-image-reflector-controller, glab, sops, falcoctl, pulumi-kubernetes-operator, flux, flux-notification-controller, fulcio, k3s, actions-runner-controller, influxd, kargo, kubevela, nuclei,.....

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, istio-envoy, flux-notification-controller, prometheus-stackdriver-exporter, dgraph, nri-prometheus, ip-masq-agent, nginx-stable, goreleaser, minio, cert-manager, sigstore-scaffolding, envoy-ratelimit,...

CVE-2023-31130 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: melange, argo-cd, argo-workflows, pulumi-kubernetes-operator,...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: dagger, docker-compose, kaniko, harbor-scanner-trivy, helm-push, cri-tools, syft, melange, docker, neuvector-scanner, grype, buf, wolfictl, k3d, policy-controller, prometheus,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: aactl, falcoctl, ko, goreleaser, tkn, zarf, melange, falco, kubescape, slsa-verifier, flux-source-controller, policy-controller, neuvector-sigstore-interface, zot, gitsign, tekton-chains, wolfictl, skaffold, apko, spire-server,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: helm, flux-helm-controller, cilium-cli, fuse-overlayfs-snapshotter, eksctl, grype, k3d, kots, ctop, neuvector-agent, kubevela, newrelic-infrastructure-agent, trivy, cert-manager, melange, kubescape, flux-source-controller, zot, tekton-pipelines, telegraf, kaniko,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, cosign, keda, syft, velero, cilium-cli, prometheus-beat-exporter, kots, restic, rook, rqlite, falcoctl, spicedb, vertical-pod-autoscaler, flux, configmap-reload, flux-notification-controller, fulcio, prometheus-stackdriver-exporter, dagger,...

CVE-2023-29403 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

GHSA-F2CJ-5636-4J38 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

GHSA-RXX3-4978-3CC9 vulnerabilities

Vulnerabilities for packages: kind, policy-controller,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: coredns, dex, cosign, cilium-cli, nri-mssql, rqlite, kots, falcoctl, flux, fulcio, prometheus-stackdriver-exporter, dgraph, trillian, goreleaser, kubernetes-event-exporter, prometheus-postgres-exporter, certificate-transparency, cfssl, temporal-ui-server, tkn,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, goreleaser, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: bank-vaults, aactl, flux-helm-controller, cosign, keda, pulumi, rook, k3d, flux-image-reflector-controller, glab, sops, falcoctl, pulumi-kubernetes-operator, flux, flux-notification-controller, fulcio, k3s, actions-runner-controller, influxd, kargo, kubevela, nuclei,.....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, falcoctl, vertical-pod-autoscaler, flux, flux-notification-controller, prometheus-stackdriver-exporter, yq, dgraph, nri-prometheus, prometheus-pushgateway, trillian, goreleaser, prometheus-postgres-exporter,....

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: aactl, flux-helm-controller, helm, cosign, nerdctl, cri-tools, pulumi, istio-pilot-discovery, eksctl, istio-pilot-agent, kots, flux-image-reflector-controller, traefik, falcoctl, cadvisor, timoni, ctop, k3s, dagger, crane, k8sgpt, kargo, kubevela, scorecard,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, cosign, keda, syft, velero, cilium-cli, prometheus-beat-exporter, kots, restic, rook, rqlite, falcoctl, spicedb, vertical-pod-autoscaler, flux, configmap-reload, flux-notification-controller, fulcio, prometheus-stackdriver-exporter, dagger,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: bank-vaults, cosign, keda, harbor-registry, pulumi, fluent-bit-plugin-loki, teleport, velero, restic, rook, flux-image-reflector-controller, step, sops, falcoctl, traefik, flux, fulcio, sqlpad, external-secrets-operator, k8sgpt, chezmoi, goreleaser, rclone,...

GHSA-3F2Q-6294-FMQ5 vulnerabilities

Vulnerabilities for packages: melange, argo-cd, argo-workflows, pulumi-kubernetes-operator,...

CVE-2024-32473 vulnerabilities

Vulnerabilities for packages: dagger, docker-compose, kaniko, harbor-scanner-trivy, helm-push, cri-tools, syft, melange, docker, neuvector-scanner, grype, buf, wolfictl, k3d, policy-controller, prometheus,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: bank-vaults, cosign, keda, harbor-registry, pulumi, fluent-bit-plugin-loki, teleport, velero, restic, rook, flux-image-reflector-controller, step, sops, falcoctl, traefik, flux, fulcio, sqlpad, external-secrets-operator, k8sgpt, chezmoi, goreleaser, rclone,...

GHSA-88JX-383Q-W4QC vulnerabilities

Vulnerabilities for packages: aactl, falcoctl, ko, goreleaser, tkn, zarf, melange, falco, kubescape, slsa-verifier, flux-source-controller, policy-controller, neuvector-sigstore-interface, zot, gitsign, tekton-chains, wolfictl, skaffold, apko, spire-server,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, goreleaser, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...