Automation License Manager 5, Automation License Manager 6 Security Vulnerabilities

CVE-2022-3857 affecting package libpng for versions less than 1.6.39-1

CVE-2022-3857 affecting package libpng for versions less than 1.6.39-1. No patch is available...

CVE-2023-0286 affecting package reaper 3.1.1-6

CVE-2023-0286 affecting package reaper 3.1.1-6. This CVE either no longer is or was never...

CVE-2023-25136 affecting package openssh 8.9p1-5

CVE-2023-25136 affecting package openssh 8.9p1-5. This CVE either no longer is or was never...

CVE-2022-3437 affecting package samba 4.12.5-6

CVE-2022-3437 affecting package samba 4.12.5-6. No patch is available...

CVE-2023-22466 affecting package rpm-ostree 2022.1-6

CVE-2023-22466 affecting package rpm-ostree 2022.1-6. This CVE either no longer is or was never...

CVE-2022-42898 affecting package samba 4.12.5-6

CVE-2022-42898 affecting package samba 4.12.5-6. No patch is available...

CVE-2022-2989 affecting package podman 4.1.1-5

CVE-2022-2989 affecting package podman 4.1.1-5. This CVE either no longer is or was never...

CVE-2022-32742 affecting package samba 4.12.5-6

CVE-2022-32742 affecting package samba 4.12.5-6. No patch is available...

CVE-2020-25718 affecting package samba 4.12.5-6

CVE-2020-25718 affecting package samba 4.12.5-6. No patch is available...

CVE-2020-25717 affecting package samba 4.12.5-6

CVE-2020-25717 affecting package samba 4.12.5-6. No patch is available...

CVE-2021-44142 affecting package samba 4.12.5-6

CVE-2021-44142 affecting package samba 4.12.5-6. No patch is available...

CVE-2020-27840 affecting package samba 4.12.5-6

CVE-2020-27840 affecting package samba 4.12.5-6. No patch is available...

CVE-2019-25051 affecting package aspell 0.60.8-5

CVE-2019-25051 affecting package aspell 0.60.8-5. This CVE either no longer is or was never...

CVE-2022-4515 affecting package ctags 5.8-6

CVE-2022-4515 affecting package ctags 5.8-6. No patch is available...

CVE-2021-25741 affecting package kubernetes-1.19.13 1.19.13-5

CVE-2021-25741 affecting package kubernetes-1.19.13 1.19.13-5. No patch is available...

CVE-2022-30699 affecting package unbound 1.10.0-5

CVE-2022-30699 affecting package unbound 1.10.0-5. No patch is available...

CVE-2022-30698 affecting package unbound 1.10.0-5

CVE-2022-30698 affecting package unbound 1.10.0-5. No patch is available...

CVE-2020-8563 affecting package kubernetes-1.18.17 1.18.17-6

CVE-2020-8563 affecting package kubernetes-1.18.17 1.18.17-6. No patch is available...

CVE-2022-4904 affecting package python-gevent 1.3.6-5

CVE-2022-4904 affecting package python-gevent 1.3.6-5. No patch is available...

CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5

CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5. This CVE either no longer is or was never...

CVE-2018-25078 affecting package man-db 2.8.4-5

CVE-2018-25078 affecting package man-db 2.8.4-5. This CVE either no longer is or was never...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5

CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5. An upgraded version of the package is available that resolves this...

CVE-2023-39325 affecting package vitess for versions less than 16.0.2-5

CVE-2023-39325 affecting package vitess for versions less than 16.0.2-5. An upgraded version of the package is available that resolves this...

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...

CVE-2023-44487 affecting package opa for versions less than 0.50.2-6

CVE-2023-44487 affecting package opa for versions less than 0.50.2-6. A patched version of the package is...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 affecting package opa for versions less than 0.50.2-6

CVE-2023-39325 affecting package opa for versions less than 0.50.2-6. A patched version of the package is...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of.....

CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX.....

Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls...

CVE-2023-42503

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed.....

Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

Impact If GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is....

ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r...

CVE-2024-5655: GitLab Fixes CI/CD Vulnerability & 13 Other Flaws With Latest Patch Release

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version...

WordPress Security Research: A Beginner’s Series

Learn How To Find WordPress Vulnerabilities Step-by-Step Welcome to the inaugural post of our WordPress Security Research Beginner's Series! With the success of the Wordfence Bug Bounty Program, we wanted to provide emerging vulnerability researchers, and experienced Bug Bounty Hunters, with a...

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership...

WordPress Security Research Series: WordPress Request Architecture and Hooks

Welcome to Part 1 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect. Before diving into the security features of WordPress, it's critical to understand the.....

Cisco NX-OS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: zarf, consul, flux, influxd, flux-source-controller, policy-controller, ksops, timestamp-authority, flux-helm-controller, opentofu, fulcio, argo-cd, neuvector-sigstore-interface, zot, nuclei, pulumi-kubernetes-operator, k3s, vexctl, glab, snyk-cli, kargo,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: flux-source-controller, grype, kubeflow-katib, ip-masq-agent, nghttp2, cortex, tctl, gke-gcloud-auth-plugin, mc, kubescape, gitlab-shell, kyverno, node-problem-detector, weaviate, kaf, metacontroller, prometheus-blackbox-exporter, helm, cluster-autoscaler,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: istio-pilot-discovery, flux-source-controller, cloudflared, argo-cd, fulcio, vexctl, traefik, tekton-pipelines, terragrunt, gitsign, aactl, keda, kubescape, sops, kots, tekton-chains, external-secrets-operator, cosign, kyverno, vault, slsa-verifier, cilium-envoy,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: temporal-ui-server, supercronic, docker, logstash-exporter, prometheus-alertmanager, doppler-kubernetes-operator, flux-source-controller, kuberay-operator, grype, policy-controller, k8sgpt-operator, cloud-sql-proxy, kubeflow-katib, ip-masq-agent, zot, golangci-lint,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: kaniko, flux-source-controller, grype, telegraf, skaffold, flux-helm-controller, zot, tekton-pipelines, helm-push, k3d, kubescape, melange, kots, newrelic-infrastructure-agent, ctop, up, cert-manager, trivy, eksctl, helm, neuvector-agent, fuse-overlayfs-snapshotter,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: helm-operator, k9s, k8sgpt, zarf, helm-push, istio-operator, flux-source-controller, cilium-cli, cert-manager, chartmuseum, kubescape, flux-helm-controller, kots, trivy, eksctl, zot,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: helm-operator, k9s, k8sgpt, zarf, helm-push, istio-operator, flux-source-controller, cilium-cli, cert-manager, chartmuseum, kubescape, flux-helm-controller, kots, trivy, eksctl, zot,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: skaffold, k3s, tekton-pipelines, k3d, aactl, chartmuseum, kubescape, kpt, tekton-chains, ctop, loki, up, scorecard, slsa-verifier, cert-manager, bom, goreleaser, falco, paranoia,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: temporal-ui-server, supercronic, logstash-exporter, prometheus-alertmanager, direnv, doppler-kubernetes-operator, kuberay-operator, grype, k8sgpt-operator, cloud-sql-proxy, kubeflow-katib, mongo-tools, ip-masq-agent, golangci-lint, kubernetes, k3s, go-bindata,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: temporal-ui-server, prometheus-alertmanager, flux-source-controller, grype, cloud-sql-proxy, kubeflow-katib, mongo-tools, zot, kubernetes, k3s, cortex, helm-push, kubescape, gitlab-shell, loki, kyverno, node-problem-detector, flux-image-reflector-controller,...