SpeedyCache – Cache, Optimization, Performance Security Vulnerabilities

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines, trust-manager, nodetaint, buf, gomplate, prometheus-operator, helm-operator, prometheus-postgres-exporter, grpc-health-probe, vexctl, kubernetes-dns-node-cache, grafana-agent-operator, aws-efs-csi-driver, containerd, cilium, tctl,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: ip-masq-agent, cluster-autoscaler, local-static-provisioner, nodetaint, kubernetes, node-feature-discovery, calico, spark-operator, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache,...

CVE-2024-0874 vulnerabilities

Vulnerabilities for packages: cloudflared, consul,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: cni-plugins, gomplate, nats-server, vexctl, docker-cli, containerd, nri-elasticsearch, nri-jmx, xcaddy, yam, newrelic-infrastructure-agent, spire-server, ipfs, nri-nginx, telegraf, bincapz, flannel-cni-plugin, cadvisor, pulumi, gobump, sbom-scorecard, zot, ytt,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: local-static-provisioner, trust-manager, docker-credential-acr-env, gomplate, stern, nats-server, delve, regclient, helm-operator, go-fips, kubernetes-dns-node-cache, dask-gateway, grafana-agent-operator, step, aws-efs-csi-driver, spegel, containerd, mage,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: local-static-provisioner, trust-manager, docker-credential-acr-env, gomplate, stern, nats-server, delve, regclient, helm-operator, go-fips, kubernetes-dns-node-cache, dask-gateway, grafana-agent-operator, step, aws-efs-csi-driver, spegel, containerd, mage,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: cni-plugins, local-static-provisioner, gomplate, nats-server, vexctl, nri-elasticsearch, nri-jmx, xcaddy, yam, newrelic-infrastructure-agent, spire-server, ipfs, nri-nginx, telegraf, flannel-cni-plugin, cadvisor, gobump, sbom-scorecard, ytt,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines, trust-manager, nodetaint, buf, gomplate, prometheus-operator, helm-operator, prometheus-postgres-exporter, grpc-health-probe, vexctl, kubernetes-dns-node-cache, grafana-agent-operator, aws-efs-csi-driver, containerd, cilium, tctl,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

GHSA-M9W6-WP3H-VQ8G vulnerabilities

Vulnerabilities for packages: cloudflared, consul,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: cni-plugins, gomplate, nats-server, vexctl, docker-cli, containerd, nri-elasticsearch, nri-jmx, xcaddy, yam, newrelic-infrastructure-agent, spire-server, ipfs, nri-nginx, telegraf, bincapz, flannel-cni-plugin, cadvisor, pulumi, gobump, sbom-scorecard, zot, ytt,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: local-static-provisioner, trust-manager, docker-credential-acr-env, gomplate, stern, nats-server, delve, regclient, helm-operator, kubernetes-dns-node-cache, dask-gateway, grafana-agent-operator, step, aws-efs-csi-driver, spegel, containerd, mage,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: cni-plugins, local-static-provisioner, gomplate, nats-server, vexctl, nri-elasticsearch, nri-jmx, xcaddy, yam, newrelic-infrastructure-agent, spire-server, ipfs, nri-nginx, telegraf, flannel-cni-plugin, cadvisor, gobump, sbom-scorecard, ytt,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: trust-manager, nodetaint, gomplate, prometheus-operator, prometheus-postgres-exporter, kubernetes-dns-node-cache, aws-efs-csi-driver, containerd, tctl, node-problem-detector, newrelic-infrastructure-agent, src, telegraf, istio-operator, tkn, skaffold,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: ip-masq-agent, aws-efs-csi-driver, cluster-autoscaler, nodetaint, calico, spark-operator, prometheus-adapter, kubernetes-dns-node-cache,...

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: ip-masq-agent, aws-efs-csi-driver, cluster-autoscaler, nodetaint, calico, spark-operator, prometheus-adapter, kubernetes-dns-node-cache,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: cni-plugins, local-static-provisioner, gomplate, nats-server, vexctl, nri-elasticsearch, nri-jmx, xcaddy, yam, newrelic-infrastructure-agent, spire-server, ipfs, nri-nginx, telegraf, flannel-cni-plugin, cadvisor, gobump, sbom-scorecard, ytt,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: trust-manager, nodetaint, gomplate, prometheus-operator, prometheus-postgres-exporter, kubernetes-dns-node-cache, aws-efs-csi-driver, containerd, tctl, node-problem-detector, newrelic-infrastructure-agent, src, telegraf, istio-operator, tkn, skaffold,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: local-static-provisioner, trust-manager, docker-credential-acr-env, gomplate, stern, nats-server, delve, regclient, helm-operator, kubernetes-dns-node-cache, dask-gateway, grafana-agent-operator, step, aws-efs-csi-driver, spegel, containerd, mage,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: cni-plugins, local-static-provisioner, gomplate, nats-server, vexctl, nri-elasticsearch, nri-jmx, xcaddy, yam, newrelic-infrastructure-agent, spire-server, ipfs, nri-nginx, telegraf, flannel-cni-plugin, cadvisor, gobump, sbom-scorecard, ytt,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: cni-plugins, kubeflow-pipelines, nodetaint, docker-credential-acr-env, gomplate, nats-server, delve, regclient, prometheus-operator, helm-operator, prometheus-postgres-exporter, vexctl, docker-cli, kubernetes-dns-node-cache, dask-gateway, aws-efs-csi-driver, mage,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: ip-masq-agent, cluster-autoscaler, local-static-provisioner, nodetaint, kubernetes, node-feature-discovery, calico, spark-operator, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache,...

Classic builder cache poisoning in github.com/docker/docker

Classic builder cache poisoning in...

Security Bulletin: Vulnerability in Gunicorn affects IBM Process Mining CVE-2024-1135

Summary There is a vulnerability in Gunicorn that could allow an attacker to conduct XSS attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION:...

Security Bulletin: A vulnerability in urllib3 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the urllib3 package has been addressed. Vulnerability Details ** CVEID: CVE-2019-11236 DESCRIPTION: **Python urllib3 is vulnerable to CRLF injection, caused by improper validation of user-supplied input by the request parameter. By sending a specially-crafted HTTP...

Glastonbury ticket hijack vulnerability fixed

The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study...

Decoding OWASP – A Security Engineer’s Roadmap to Application Security

In a time where over 60% of data breaches are linked to software vulnerabilities and a single overlooked software vulnerability can expose sensitive data, the imperative of robust application security cannot be overstated. The 2023 IBM Security Cost of a Data Breach Report highlights that...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring (ITM) portal server. have been remediated. Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM...

CVE-2024-6038

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history....

CVE-2024-6038

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history....

CVE-2024-6038 ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history....

CVE-2024-6038 ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history....

Exploit for CVE-2024-34102

CVE-2024-34102: Unauthenticated Magento XXE CVEHunter tool...

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure

Summary IBM QRadar Suite software is vulnerable to information exposure through cache data. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for June 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...

Yokogawa FAST/TOOLS and CI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: FAST/TOOLS and CI Server Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

SDG Technologies PnPSCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...