Big-ip (ltm, Aam, Afm, Apm, Asm, Edge Gateway, Link Controller, Pem, Psm, Webaccelerator, Websafe) Security Vulnerabilities

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-jinja2, pytorch, confluent-docker-utils, dask-gateway, kubeflow-volumes-web-app, reflex,...

CVE-2024-27306 vulnerabilities

Vulnerabilities for packages: dask-gateway,...

CVE-2023-29405 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

GHSA-88JX-383Q-W4QC vulnerabilities

Vulnerabilities for packages: policy-controller, goreleaser, ko, zarf, falcoctl, slsa-verifier, zot, neuvector-sigstore-interface, gitsign, spire-server, vexctl, skaffold, apko, flux-source-controller, aactl, kubescape, falco, tkn, wolfictl, tekton-chains,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, policy-controller, newrelic-prometheus-configurator, crane, traefik, sonobuoy, telegraf, kubebuilder, kubernetes-dashboard, eksctl, wait-for-port, confluent-common-docker, harbor-cli, docker-credential-acr-env,...

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: calico, ip-masq-agent, aws-efs-csi-driver, aws-ebs-csi-driver, cluster-autoscaler, kubernetes-dns-node-cache, nodetaint, spark-operator,...

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: calico, ip-masq-agent, aws-efs-csi-driver, aws-ebs-csi-driver, cluster-autoscaler, kubernetes-dns-node-cache, nodetaint, spark-operator,...

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: policy-controller, goreleaser, ko, zarf, falcoctl, slsa-verifier, zot, neuvector-sigstore-interface, gitsign, spire-server, vexctl, skaffold, apko, flux-source-controller, aactl, kubescape, falco, tkn, wolfictl, tekton-chains,...

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: policy-controller, goreleaser, ko, zarf, falcoctl, slsa-verifier, zot, neuvector-sigstore-interface, gitsign, spire-server, vexctl, skaffold, apko, flux-source-controller, aactl, kubescape, falco, tkn, wolfictl, tekton-chains,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: cortex, prometheus-bind-exporter, flannel-cni-plugin, goreleaser, nats, local-path-provisioner, sonobuoy, cni-plugins, gke-gcloud-auth-plugin, influx, nsc, go-md2man, protoc-gen-go-grpc, slsa-verifier, wait-for-port, sbom-scorecard, configmap-reload,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: cortex, prometheus-bind-exporter, flannel-cni-plugin, goreleaser, nats, local-path-provisioner, sonobuoy, cni-plugins, gke-gcloud-auth-plugin, influx, nsc, go-md2man, protoc-gen-go-grpc, slsa-verifier, wait-for-port, sbom-scorecard, configmap-reload,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: cortex, prometheus-bind-exporter, flannel-cni-plugin, goreleaser, nats, local-path-provisioner, sonobuoy, cni-plugins, gke-gcloud-auth-plugin, influx, nsc, go-md2man, protoc-gen-go-grpc, slsa-verifier, wait-for-port, sbom-scorecard, configmap-reload,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: policy-controller, gomplate, goreleaser, oauth2-proxy, melange, external-secrets-operator, rabbitmq-messaging-topology-operator, zarf, nerdctl, cilium, falcoctl, istio-pilot-agent, slsa-verifier, istio-cni, gitsign, keda, spire-server, cert-manager, argo-workflows,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: nfs-subdir-external-provisioner, ollama, k3s, prometheus-operator, telegraf, kubernetes-dashboard, kubeflow-katib, karpenter, cue, kubernetes-dashboard-metrics-scraper, memcached-exporter, apko, thanos-operator, spark-operator, flux-source-controller,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ollama, nats, k3s, prometheus-operator, telegraf, kubernetes-dashboard, kubeflow-katib, karpenter, cue, kubernetes-dashboard-metrics-scraper, memcached-exporter, apko, thanos-operator, spark-operator, flux-source-controller,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, ollama, nats, traefik, k3s, telegraf, kubernetes-dashboard, eksctl, kubeflow-katib, nsc, docker-credential-acr-env, prometheus-nats-exporter, calico, memcached-exporter, apko, dockerize, spark-operator,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: src, prometheus, cortex, prometheus-adapter, prometheus-blackbox-exporter, goreleaser, oauth2-proxy, pulumi, pulumi-kubernetes-operator, up, telegraf, ko, kubeflow-katib, slsa-verifier, tctl, gitlab-pages, keda, k3d, calico, cert-manager, aws-efs-csi-driver,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: ollama, nats, traefik, telegraf, kubeflow-katib, calico, nginx-mainline, cue, memcached-exporter, spark-operator, flux-source-controller, envoy-ratelimit, nghttp2, bom, argo-cd, prometheus-elasticsearch-exporter, secrets-store-csi-driver, helm, pulumi-language-java,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...

CVE-2024-37891 vulnerabilities

Vulnerabilities for packages: ggshield, kubeflow-jupyter-web-app, k8s-sidecar, py3-urllib3, mlflow, kubeflow-pipelines, py3-cassandra-medusa, airflow, confluent-docker-utils, kubeflow-katib, dask-gateway, kubeflow-volumes-web-app, az, reflex,...

GHSA-MW99-9CHC-XW7R vulnerabilities

Vulnerabilities for packages: gomplate, goreleaser, pulumi, nuclei, pulumi-kubernetes-operator, zot, gitsign, apko, kubevela, pulumi-language-dotnet, go-licenses, bom, kots, argo-cd, scorecard, pulumi-language-yaml, src-fingerprint, pulumi-language-java, gitness, tekton-pipelines,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: helm-operator, cilium-cli, cert-manager, helm-push, istio-operator, trivy, kubescape, k8sgpt, kots, up, zarf, eksctl, k9s, zot, flux-source-controller, chartmuseum,...

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

CVE-2023-29404 vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

GHSA-68G3-2P3G-W9PQ vulnerabilities

Vulnerabilities for packages: policy-controller, kind,...

GHSA-7GPW-8WMC-PM8G vulnerabilities

Vulnerabilities for packages: dask-gateway,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: prometheus, policy-controller, filebeat, goreleaser, pulumi, crane, traefik, cadvisor, k3s, telegraf, up, zarf, nerdctl, eksctl, falcoctl, istio-pilot-agent, kubeflow-katib, slsa-verifier, zot, trivy, docker-credential-gcr, gitsign, helm-operator, argo-workflows,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...

GHSA-34JH-P97F-MPXF vulnerabilities

Vulnerabilities for packages: ggshield, kubeflow-jupyter-web-app, k8s-sidecar, py3-urllib3, mlflow, kubeflow-pipelines, py3-cassandra-medusa, airflow, confluent-docker-utils, kubeflow-katib, dask-gateway, kubeflow-volumes-web-app, az, reflex,...

CVE-2023-49568 vulnerabilities

Vulnerabilities for packages: gomplate, goreleaser, pulumi, nuclei, pulumi-kubernetes-operator, zot, gitsign, apko, kubevela, pulumi-language-dotnet, go-licenses, bom, kots, argo-cd, scorecard, pulumi-language-yaml, src-fingerprint, pulumi-language-java, gitness, tekton-pipelines,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, policy-controller, newrelic-prometheus-configurator, crane, traefik, sonobuoy, telegraf, kubebuilder, kubernetes-dashboard, eksctl, wait-for-port, confluent-common-docker, harbor-cli, docker-credential-acr-env,...

GHSA-W235-7P84-XX57 vulnerabilities

Vulnerabilities for packages: dask-gateway, py3-tornado,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: local-static-provisioner, calico, ip-masq-agent, aws-ebs-csi-driver, kubernetes-csi-driver-hostpath, cluster-autoscaler, kubernetes-dns-node-cache, kubernetes, nodetaint, spark-operator,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: runc, cadvisor, k3s, syft, telegraf, zarf, nerdctl, zot, trivy, k3d, skaffold, ingress-nginx-controller, datadog-agent, grype, docker, kubescape, newrelic-infrastructure-agent, kots, wolfictl, ctop, kubernetes, buildkitd, k9s, kaniko, skopeo,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, py3-urllib3, kube-downscaler, dask-gateway,...

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, py3-urllib3, kube-downscaler, dask-gateway,...

CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-20

CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-20. This CVE either no longer is or was never...

CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-20

CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-20. This CVE either no longer is or was never...

CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15

CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15. A patched version of the package is...

CVE-2024-25943

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...