Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training Security Vulnerabilities

Updated tpm2-tools packages fixes security vulnerabilities

A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote (CVE-2024-29038). The pcr selection...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, kube-state-metrics-fips, caddy, protoc-gen-go, kubernetes-csi-external-provisioner, velero, crossplane-provider-azure, consul, cluster-autoscaler, nerdctl, istio-cni-fips, rqlite, kubeflow-katib,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, kuberay-operator, dgraph, certificate-transparency, argo-workflows, frp, nerdctl, configmap-reload, litefs, guac, traefik, trust-manager, containerd, newrelic-infrastructure-agent,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: dex-k8s-authenticator, kaf, yq, kube-state-metrics-fips, vertical-pod-autoscaler, caddy, kyverno-policy-reporter, pulumi-kubernetes-operator, kubernetes-csi-external-provisioner, flux-helm-controller-0.37, flux-notification-controller-0.37, kube-state-metrics,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: envoy-ratelimit, kaf, kyverno-policy-reporter, pulumi-kubernetes-operator, flux-helm-controller-0.37, flux-notification-controller-0.37, kube-state-metrics, volume-modifier-for-k8s-fips, influxd, spark-operator, cluster-autoscaler, mc, conftest, eks-distro-coredns,...

GHSA-HQXW-F8MX-CPMW vulnerabilities

Vulnerabilities for packages: prometheus, flux-image-reflector-controller, bom, kpt, flux-helm-controller-0.37, aactl, kubernetes-dashboard, traefik,...

CVE-2023-28840 vulnerabilities

Vulnerabilities for packages: ko, bom, flux-image-reflector-controller, flux-helm-controller-0.37, melange, apko, up, ctop,...

GHSA-33PG-M6JH-5237 vulnerabilities

Vulnerabilities for packages: ko, bom, flux-image-reflector-controller, flux-helm-controller-0.37, melange, apko, up, ctop,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, kube-state-metrics-fips, caddy, protoc-gen-go, kubernetes-csi-external-provisioner, velero, crossplane-provider-azure, consul, cluster-autoscaler, nerdctl, istio-cni-fips, rqlite, kubeflow-katib,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kaniko, chezmoi, protoc-gen-go, gitlab-kas, kubernetes-csi-external-provisioner, tailscale, velero, harbor-cli, spqr, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, kubevela, dgraph, frp, trust-manager, containerd, newrelic-infrastructure-agent, pulumi-language-dotnet, pulumi-language-yaml, vault-k8s, gitlab-pages, thanos-operator, spark-operator, kubewatch, dive, oauth2-proxy, cue,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: dex, prometheus-mysqld-exporter, dgraph, certificate-transparency, argo-workflows, frp, nerdctl, traefik, containerd, kubernetes, vault-k8s, gitlab-pages, spark-operator, ferretdb, terraform-provider-aws, conftest, kubernetes-event-exporter, kubewatch, grafana,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: gitlab-runner, aactl, buildkitd, crane, cri-tools, kots, pulumi, kubevela, argo-workflows, docker-credential-gcr, falcoctl, kyverno, nerdctl, guac, helm, tekton-chains, gitsign, kubeflow-katib, cadvisor, newrelic-infrastructure-agent, tekton-pipelines, traefik, kargo,....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, kuberay-operator, dgraph, certificate-transparency, argo-workflows, frp, nerdctl, configmap-reload, litefs, guac, traefik, trust-manager, containerd, newrelic-infrastructure-agent,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

GHSA-6WRF-MXFJ-PF5P vulnerabilities

Vulnerabilities for packages: ko, bom, flux-image-reflector-controller, flux-helm-controller-0.37, melange, apko, up, ctop,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: velero-plugin-for-csi, harbor, go-fips, vault-k8s, thanos-operator, go-bindata, oauth2-proxy, crossplane-provider-azure, caddy, kubernetes-csi-driver-hostpath, istio-pilot-agent, doppler-kubernetes-operator, cass-operator, ip-masq-agent, gomplate,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kaniko, chezmoi, protoc-gen-go, gitlab-kas, kubernetes-csi-external-provisioner, tailscale, velero, harbor-cli, spqr, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: velero-plugin-for-csi, harbor, go-fips, vault-k8s, thanos-operator, go-bindata, oauth2-proxy, crossplane-provider-azure, caddy, kubernetes-csi-driver-hostpath, istio-pilot-agent, doppler-kubernetes-operator, cass-operator, ip-masq-agent, gomplate,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, kubevela, dgraph, frp, trust-manager, containerd, newrelic-infrastructure-agent, pulumi-language-dotnet, pulumi-language-yaml, vault-k8s, gitlab-pages, thanos-operator, spark-operator, dive, kubewatch, oauth2-proxy, cue,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: aactl, actions-runner-controller, crossplane, keda, flux-source-controller, kubevela, pulumi, flux-image-automation-controller, terragrunt, apko, tekton-chains, melange, gitsign, tkn, gitness, spire-server, pulumi-language-dotnet, argo-cd, pulumi-kubernetes-operator,.....

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

CVE-2023-28842 vulnerabilities

Vulnerabilities for packages: ko, bom, flux-image-reflector-controller, flux-helm-controller-0.37, melange, apko, up, ctop,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: dex-k8s-authenticator, sops, step-ca, trillian-fips, flux-helm-controller-2.0, kaf, kube-state-metrics-fips, sigstore-scaffolding-fips, caddy, crossplane, vault-fips, kyverno-policy-reporter, fq, gitlab-kas, flux-helm-controller-0.37,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: falcoctl, istio-operator-fips, helm-fips, prometheus, scorecard, filebeat-fips, datadog-agent, loki, zarf, cosign-fips, gitsign, tekton-chains, aactl, kubescape, timoni, k9s, k3s, ctop, pulumi, dagger, helm, kargo, istio-pilot-discovery, traefik-fips,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: dex-k8s-authenticator, kaf, yq, kube-state-metrics-fips, vertical-pod-autoscaler, caddy, kyverno-policy-reporter, pulumi-kubernetes-operator, kubernetes-csi-external-provisioner, flux-helm-controller-0.37, flux-notification-controller-0.37, kube-state-metrics,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: dex-k8s-authenticator, sops, step-ca, trillian-fips, flux-helm-controller-2.0, kaf, kube-state-metrics-fips, sigstore-scaffolding-fips, caddy, crossplane, vault-fips, kyverno-policy-reporter, fq, gitlab-kas, flux-helm-controller-0.37,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: dex-k8s-authenticator, kaf, yq, kube-state-metrics-fips, vertical-pod-autoscaler, kyverno-policy-reporter, pulumi-kubernetes-operator, kubernetes-csi-external-provisioner, flux-helm-controller-0.37, flux-notification-controller-0.37, kube-state-metrics,...

CVE-2023-28841 vulnerabilities

Vulnerabilities for packages: ko, bom, flux-image-reflector-controller, flux-helm-controller-0.37, melange, apko, up, ctop,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, kubevela, dgraph, frp, trust-manager, containerd, newrelic-infrastructure-agent, pulumi-language-dotnet, pulumi-language-yaml, vault-k8s, gitlab-pages, thanos-operator, spark-operator, dive, kubewatch, oauth2-proxy, cue,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, kubevela, dgraph, frp, trust-manager, containerd, newrelic-infrastructure-agent, pulumi-language-dotnet, pulumi-language-yaml, vault-k8s, gitlab-pages, thanos-operator, spark-operator, kubewatch, dive, oauth2-proxy, cue,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: dex, prometheus-mysqld-exporter, dgraph, certificate-transparency, argo-workflows, frp, nerdctl, traefik, containerd, kubernetes, vault-k8s, gitlab-pages, spark-operator, ferretdb, terraform-provider-aws, conftest, kubernetes-event-exporter, kubewatch, grafana,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: prometheus, scorecard, loki, tekton-chains, aactl, kubescape, skaffold, k3s, paranoia, chartmuseum, kpt, telegraf, falco, prometheus-fips, cert-manager, tekton-pipelines, falcoctl-fips, slsa-verifier, flux-image-reflector-controller, bom, flux-source-controller-2.0,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...