Fedora: Security Advisory for golang-k8s-sample-apiserver (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-k8s-apiextensions-apiserver-1.22.0-7.fc36

API server for API extensions like CustomResourceDefinitions...

CVE-2022-2107

CVE-2022-2107: MiCODUS MV720 GPS tracker API server uses a hard-coded master password, enabling unauthenticated login and direct SMS-command control of trackers (impersonating owners, accessing/modifying data, and potentially steering vehicles). Device IDs are sequential, aiding targeting. Public...

CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...

MiCODUS MV720 GPS 信任管理问题漏洞

The MiCODUS MV720 GPS is a GPS tracker from MiCODUS USA. The MiCODUS MV720 GPS tracker suffers from a trust management issue vulnerability that stems from the API server having an authentication mechanism that allows the device to use a hard-coded master password. This could allow an attacker to...

Fedora: Security Advisory for golang-k8s-apiextensions-apiserver (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-k8s-sample-apiserver (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-k8s-apiextensions-apiserver-1.22.0-6.fc35

API server for API extensions like CustomResourceDefinitions...

Cross site scripting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...

CVE-2022-31102 Cross-site Scripting for Argo CD single sign on users

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...

Fedora: Security Advisory for golang-k8s-apiextensions-apiserver (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-k8s-sample-apiserver (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Blink1 Blink1Control2

blink1-pass-decrypt ⭐ poc and simple script designed for rever...

[SECURITY] Fedora 36 Update: golang-k8s-sample-apiserver-1.22.0-5.fc36

Demonstration of how to use the k8s.io/apiserver library to build a functional API server...

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

MAL-2022-4794 Malicious code in near-api-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5022dae4cee1c14fcd76abdf355182766dc6ab123bfef3c7bca7ab1457aac81c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in near-api-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5022dae4cee1c14fcd76abdf355182766dc6ab123bfef3c7bca7ab1457aac81c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-6PQ6-CRW9-522H Cezerin Unauthorized Acces

Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order e.g., its payment status or shipping fee by adding additional...

Popcorn Time Cross-Site Scripting Vulnerability

Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Servers field's lack of data validation filtering for user-supplied data and output. An attacker could exploit the...