Media Library Folder & File Manager Security Vulnerabilities

Updated libtiff packages fix security vulnerability

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash....

Updated tpm2-tools packages fixes security vulnerabilities

A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote (CVE-2024-29038). The pcr selection...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: envoy-ratelimit, kaf, kyverno-policy-reporter, pulumi-kubernetes-operator, flux-helm-controller-0.37, flux-notification-controller-0.37, kube-state-metrics, volume-modifier-for-k8s-fips, influxd, spark-operator, cluster-autoscaler, mc, conftest, eks-distro-coredns,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: aactl, dex, rekor, kots, keda, flux-source-controller, terragrunt, argo-workflows, tekton-chains, traefik, kyverno, gitsign, tkn, spire-server, argo-cd, tekton-pipelines, cilium-envoy, falco, fulcio, flux-kustomize-controller, external-secrets-operator, oauth2-proxy,.....

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: aactl, tekton-chains, k3d, tekton-pipelines, loki, k3s, falco, kpt, bom, chartmuseum, kubescape, slsa-verifier, cert-manager, ctop, prometheus, paranoia, skaffold, scorecard,...

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: envoy-ratelimit, metrics-server-fips, kubescape, keda, k3s, aws-ebs-csi-driver, temporal-fips, kubernetes-csi-external-resizer, cluster-autoscaler-fips, kine, kubernetes, temporal-server-fips, cert-manager, cri-tools, temporal, kubernetes-fips, containerd, argo-cd,...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: smarter-device-manager-fips, metrics-server, configmap-reload-fips, kind,...

CVE-2023-39323 vulnerabilities

Vulnerabilities for packages: smarter-device-manager-fips, metrics-server, configmap-reload-fips, kind,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: kots, flux-source-controller, kubevela, helm, melange, helm-push, grype, newrelic-infrastructure-agent, gitness, k3d, tekton-pipelines, flux-helm-controller, trivy, kubescape, cert-manager, ctop, zot, eksctl, telegraf, cilium-cli, fuse-overlayfs-snapshotter, kaniko,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: trivy, helm-operator, eksctl, chartmuseum, kots, kubescape, flux-source-controller, cert-manager, cilium-cli, istio-operator, k8sgpt, zarf, flux-helm-controller, k9s, up, zot,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: trivy, helm-operator, eksctl, chartmuseum, kots, kubescape, flux-source-controller, cert-manager, cilium-cli, istio-operator, k8sgpt, zarf, flux-helm-controller, k9s, up, zot,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, kube-state-metrics-fips, caddy, protoc-gen-go, kubernetes-csi-external-provisioner, velero, crossplane-provider-azure, consul, cluster-autoscaler, nerdctl, istio-cni-fips, rqlite, kubeflow-katib,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, kubevela, nginx-stable, dgraph, traefik, frp, newrelic-infrastructure-agent, tomcat, pulumi-language-dotnet, pulumi-language-yaml, cilium-envoy, gitlab-pages, spark-operator, terraform-provider-aws, conftest, kubewatch, oauth2-proxy, cue,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: dex-k8s-authenticator, kaf, yq, kube-state-metrics-fips, vertical-pod-autoscaler, caddy, kyverno-policy-reporter, pulumi-kubernetes-operator, kubernetes-csi-external-provisioner, flux-helm-controller-0.37, flux-notification-controller-0.37, kube-state-metrics,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: sonobuoy, sops, newrelic-nri-kube-events, vertical-pod-autoscaler, gobuster, kyverno-policy-reporter, docker-cli, protoc-gen-go-grpc, cluster-autoscaler, gops, smarter-device-manager-fips, mage, seldon-core-operator, kyverno-policy-reporter-kyverno-plugin, dgraph,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, kuberay-operator, dgraph, certificate-transparency, argo-workflows, frp, nerdctl, configmap-reload, litefs, guac, traefik, trust-manager, containerd, newrelic-infrastructure-agent,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: sops, terragrunt, oauth2-proxy, cosign-fips, tekton-chains, aactl, kubescape, cloudflared, keda, vault-fips, istio-pilot-discovery, vault, consul, falco, flux-kustomize-controller, cert-manager, spire-server, flux-source-controller, fulcio, tekton-pipelines,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, kube-state-metrics-fips, caddy, protoc-gen-go, kubernetes-csi-external-provisioner, velero, crossplane-provider-azure, consul, cluster-autoscaler, nerdctl, istio-cni-fips, rqlite, kubeflow-katib,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: sops, step-ca, sigstore-scaffolding-fips, rook, consul, nerdctl, istio-cni-fips, spire-server, flux-source-controller, rekor-fips, grpc-health-probe, tekton-pipelines, consul-fips, dex, guac, kyverno, melange, gitsign, tkn, spire-server-fips, timestamp-authority-fips,....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, kubevela, dgraph, frp, trust-manager, containerd, newrelic-infrastructure-agent, pulumi-language-dotnet, pulumi-language-yaml, vault-k8s, gitlab-pages, thanos-operator, spark-operator, kubewatch, dive, oauth2-proxy, cue,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: dex, prometheus-mysqld-exporter, dgraph, certificate-transparency, argo-workflows, frp, nerdctl, traefik, containerd, kubernetes, vault-k8s, gitlab-pages, spark-operator, ferretdb, terraform-provider-aws, conftest, kubernetes-event-exporter, kubewatch, grafana,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: gitlab-runner, aactl, buildkitd, crane, cri-tools, kots, pulumi, kubevela, argo-workflows, docker-credential-gcr, falcoctl, kyverno, nerdctl, guac, helm, tekton-chains, gitsign, kubeflow-katib, cadvisor, newrelic-infrastructure-agent, tekton-pipelines, traefik, kargo,....

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: sonobuoy, sops, newrelic-nri-kube-events, vertical-pod-autoscaler, gobuster, kyverno-policy-reporter, docker-cli, protoc-gen-go-grpc, cluster-autoscaler, gops, smarter-device-manager-fips, mage, seldon-core-operator, kyverno-policy-reporter-kyverno-plugin, dgraph,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, kuberay-operator, dgraph, certificate-transparency, argo-workflows, frp, nerdctl, configmap-reload, litefs, guac, traefik, trust-manager, containerd, newrelic-infrastructure-agent,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: istio-operator-fips, helm-push, zarf, cilium-cli, kubescape, k9s, chartmuseum, helm-operator, istio-operator, cert-manager-fips, flux-helm-controller, cert-manager, trivy, flux-source-controller, kots, eksctl, istio-fips, zot, up,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: istio-operator-fips, helm-push, zarf, cilium-cli, kubescape, k9s, chartmuseum, helm-operator, istio-operator, cert-manager-fips, flux-helm-controller, cert-manager, trivy, flux-source-controller, kots, eksctl, istio-fips, zot, up,...

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: istio-operator-fips, helm-push, zarf, cilium-cli, kubescape, k9s, chartmuseum, helm-operator, istio-operator, cert-manager-fips, flux-helm-controller, cert-manager, trivy, flux-source-controller, kots, eksctl, istio-fips, zot, up,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: dex, nodetaint, prometheus-mysqld-exporter, nri-discovery-kubernetes, kubevela, kor, nri-memcached, kuberay-operator, dgraph, docker-credential-gcr, nerdctl, configmap-reload, litefs, gobuster, protoc-gen-go-grpc, amass, newrelic-infrastructure-agent, kubernetes,...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: kubernetes, prometheus, gitlab-kas, metrics-server-fips, cert-manager, up, kube-oidc-proxy, cluster-autoscaler-fips, caddy, gatekeeper, calico, keda, k3s, kubevela, prometheus-adapter, kubernetes-fips, ipfs,...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: kubernetes, keda, kubevela, cert-manager, gitlab-kas, k3s, caddy, thanos, gatekeeper, ipfs, prometheus, prometheus-adapter, calico,...

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: kubernetes, keda, kubevela, cert-manager, gitlab-kas, k3s, caddy, thanos, gatekeeper, ipfs, prometheus, prometheus-adapter, calico,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kaniko, chezmoi, protoc-gen-go, gitlab-kas, kubernetes-csi-external-provisioner, tailscale, velero, harbor-cli, spqr, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: velero-plugin-for-csi, harbor, go-fips, vault-k8s, thanos-operator, go-bindata, oauth2-proxy, crossplane-provider-azure, caddy, kubernetes-csi-driver-hostpath, istio-pilot-agent, doppler-kubernetes-operator, cass-operator, ip-masq-agent, gomplate,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aactl, wait-for-port, kind, nri-discovery-kubernetes, sonobuoy, dgraph, prometheus-bind-exporter, mage, vertical-pod-autoscaler, gops, metrics-server, configmap-reload, protoc-gen-go-grpc, gobuster, amass, helm-push, k3d, aws-flb-firehose, hey, cilium-envoy, falco,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kaniko, chezmoi, protoc-gen-go, gitlab-kas, kubernetes-csi-external-provisioner, tailscale, velero, harbor-cli, spqr, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: velero-plugin-for-csi, harbor, go-fips, vault-k8s, thanos-operator, go-bindata, oauth2-proxy, crossplane-provider-azure, caddy, kubernetes-csi-driver-hostpath, istio-pilot-agent, doppler-kubernetes-operator, cass-operator, ip-masq-agent, gomplate,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: hubble-ui-backend-fips, newrelic-nri-kube-events, yq, kube-state-metrics-fips, caddy, kubernetes-csi-external-provisioner, tailscale, velero, nri-mongodb, crossplane-provider-azure, protoc-gen-go-grpc, consul, cluster-autoscaler, nerdctl, rqlite, kubeflow-katib,...