Xm^online 2 - Common Utils And Endpoints Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

CVE-2024-5349 LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

CVE-2024-5349 LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

CVE-2024-5419

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

CVE-2024-5419

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

Summary of Vulnerabilities, Actors & Attacks: June 2024

...

CVE-2024-5419 Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-cassandra-medusa, kubeflow-katib, py3-idna, ggshield, confluent-docker-utils, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, kubeflow-pipelines-visualization-server,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, dask-gateway, reflex, confluent-docker-utils, superset, kubeflow-volumes-web-app,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: bank-vaults, boring-registry, buf, kubevela, configmap-reload, nri-prometheus, tkn, flux-notification-controller, litefs, shfmt, nuclei, php-fpm_exporter, lazygit, tempo, vexctl, nri-couchbase, kpt, gobuster, kuberay-operator, argo-workflows, prometheus-nats-exporter,....

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: bank-vaults, kaf, kubernetes-csi-external-snapshotter, vault-k8s, boring-registry, fuse-overlayfs-snapshotter, gitness, docker-credential-acr-env, go-bindata, k9s, tekton-chains, wait-for-port, trillian, karpenter, go, smarter-device-manager, dockerize,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: bank-vaults, kaf, kubernetes-csi-external-snapshotter, vault-k8s, boring-registry, fuse-overlayfs-snapshotter, gitness, docker-credential-acr-env, go-bindata, k9s, tekton-chains, wait-for-port, trillian, karpenter, go, smarter-device-manager, dockerize,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: bank-vaults, boring-registry, helm-docs, buf, kubevela, configmap-reload, nri-prometheus, tkn, libnvidia-container, flux-notification-controller, gops, litefs, shfmt, php-fpm_exporter, nerdctl, lazygit, tempo, vexctl, nri-couchbase, kpt, docker, gobuster,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-cassandra-medusa, kubeflow-katib, py3-idna, ggshield, confluent-docker-utils, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, kubeflow-pipelines-visualization-server,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: bank-vaults, boring-registry, buf, kubevela, configmap-reload, nri-prometheus, tkn, flux-notification-controller, litefs, shfmt, nuclei, php-fpm_exporter, lazygit, tempo, vexctl, nri-couchbase, kpt, gobuster, kuberay-operator, argo-workflows, prometheus-nats-exporter,....

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: bank-vaults, kaf, kubernetes-csi-external-snapshotter, vault-k8s, boring-registry, fuse-overlayfs-snapshotter, gitness, docker-credential-acr-env, go-bindata, k9s, tekton-chains, wait-for-port, trillian, karpenter, go, smarter-device-manager, dockerize,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: bank-vaults, boring-registry, helm-docs, buf, kubevela, configmap-reload, nri-prometheus, tkn, libnvidia-container, flux-notification-controller, gops, litefs, shfmt, php-fpm_exporter, nerdctl, lazygit, tempo, vexctl, nri-couchbase, kpt, docker, gobuster,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, dask-gateway, reflex, confluent-docker-utils, superset, kubeflow-volumes-web-app,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: bank-vaults, boring-registry, helm-docs, buf, kubevela, configmap-reload, nri-prometheus, tkn, libnvidia-container, flux-notification-controller, gops, litefs, shfmt, php-fpm_exporter, nerdctl, lazygit, tempo, vexctl, nri-couchbase, kpt, docker, gobuster,...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, mlflow, patroni, py3-cassandra-medusa, kubeflow-katib, reflex, ggshield, datadog-agent, confluent-docker-utils, airflow, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, superset, k8s-sidecar,...

CVE-2024-37891 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, mlflow, py3-cassandra-medusa, kubeflow-katib, reflex, py3-urllib3, ggshield, confluent-docker-utils, airflow, superset, kubeflow-volumes-web-app, kubeflow-pipelines, k8s-sidecar,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: bank-vaults, kaf, kubernetes-csi-external-snapshotter, vault-k8s, boring-registry, fuse-overlayfs-snapshotter, gitness, docker-credential-acr-env, go-bindata, k9s, tekton-chains, wait-for-port, trillian, karpenter, go, smarter-device-manager, dockerize,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: bank-vaults, boring-registry, helm-docs, buf, kubevela, configmap-reload, nri-prometheus, tkn, libnvidia-container, flux-notification-controller, gops, litefs, shfmt, php-fpm_exporter, nerdctl, lazygit, tempo, vexctl, nri-couchbase, kpt, docker, gobuster,...

CVE-2024-35195 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, mlflow, patroni, py3-cassandra-medusa, kubeflow-katib, reflex, ggshield, datadog-agent, confluent-docker-utils, airflow, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, superset, k8s-sidecar,...

GHSA-34JH-P97F-MPXF vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, mlflow, py3-cassandra-medusa, kubeflow-katib, reflex, py3-urllib3, ggshield, confluent-docker-utils, airflow, superset, kubeflow-volumes-web-app, kubeflow-pipelines, k8s-sidecar,...

CVE-2020-27748 affecting package xdg-utils 1.1.3-7

CVE-2020-27748 affecting package xdg-utils 1.1.3-7. No patch is available...

CVE-2021-3634 affecting package libssh 0.9.5-2

CVE-2021-3634 affecting package libssh 0.9.5-2. This CVE either no longer is or was never...

CVE-2011-4966 affecting package freeradius 3.2.3-2

CVE-2011-4966 affecting package freeradius 3.2.3-2. No patch is available...

CVE-2002-0318 affecting package freeradius 3.2.3-2

CVE-2002-0318 affecting package freeradius 3.2.3-2. No patch is available...

CVE-2017-18640 affecting package snakeyaml 1.25-2

CVE-2017-18640 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...

CVE-2020-4041 affecting package bolt 0.9.2-2

CVE-2020-4041 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2019-15484 affecting package bolt 0.9.2-2

CVE-2019-15484 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2021-27367 affecting package bolt 0.9.2-2

CVE-2021-27367 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2022-31321 affecting package bolt 0.9.2-2

CVE-2022-31321 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2023-0475 affecting package k3s 1.24.12-2

CVE-2023-0475 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...

CVE-2022-47021 affecting package opusfile 0.12-2

CVE-2022-47021 affecting package opusfile 0.12-2. No patch is available...

CVE-2022-4055 affecting package xdg-utils 1.1.3-7

CVE-2022-4055 affecting package xdg-utils 1.1.3-7. No patch is available...

CVE-2022-38752 affecting package snakeyaml 1.25-2

CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...

CVE-2022-36069 affecting package poetry 1.0.10-2

CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available...

CVE-2022-25857 affecting package snakeyaml 1.25-2

CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...

CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2

CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2. This CVE either no longer is or was never...

CVE-2022-3294 affecting package k3s 1.24.12-2

CVE-2022-3294 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...

CVE-2019-9185 affecting package bolt 0.9.2-2

CVE-2019-9185 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2019-15483 affecting package bolt 0.9.2-2

CVE-2019-15483 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2015-7309 affecting package bolt 0.9.2-2

CVE-2015-7309 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2020-4040 affecting package bolt 0.9.2-2

CVE-2020-4040 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...