2nd Gen AMD Ryzen™ Threadripper™ Processor Security Vulnerabilities

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, kor, kubernetes-csi-external-resizer, kubernetes-csi-external-attacher-fips, grafana, certificate-transparency-fips, kubernetes-csi-external-snapshotter, istio-cni, kube-fluentd-operator, actions-runner-controller,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: dagger, loki, weaviate, skopeo, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, prometheus-nats-exporter, argo-cd, newrelic-infrastructure-agent, helm-operator, gitsign, secrets-store-csi-driver, timoni,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, metrics-server, local-path-provisioner, gobuster, kubernetes-csi-external-resizer, smarter-device-manager, configmap-reload, aws-flb-cloudwatch, prometheus-bind-exporter, aws-load-balancer-controller, cass-operator,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: metrics-server, step-fips, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, grafana, certificate-transparency-fips, kubernetes-csi-external-snapshotter, istio-cni, cue, direnv, nri-apache,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, amass, protoc-gen-go-grpc, aactl, smarter-device-manager, aws-flb-cloudwatch, gke-gcloud-auth-plugin, nsc, aws-flb-firehose, nats, nri-discovery-kubernetes, cilium-envoy, vertical-pod-autoscaler, kind, local-path-provisioner,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, metrics-server, local-path-provisioner, gobuster, kubernetes-csi-external-resizer, smarter-device-manager, configmap-reload, aws-flb-cloudwatch, prometheus-bind-exporter, aws-load-balancer-controller, cass-operator,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: dagger, loki, weaviate, skopeo, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, prometheus-nats-exporter, argo-cd, newrelic-infrastructure-agent, helm-operator, gitsign, secrets-store-csi-driver, timoni,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, kor, kubernetes-csi-external-resizer, kubernetes-csi-external-attacher-fips, grafana, certificate-transparency-fips, kubernetes-csi-external-snapshotter, istio-cni, kube-fluentd-operator, actions-runner-controller,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-kyverno-plugin, spark-operator, bazelisk, containerd, go, prometheus-statsd-exporter, calico, secrets-store-csi-driver-provider-azure, wait-for-port, prometheus-node-exporter, nri-consul, kubewatch, mkcert, istio-pilot-agent, docker-compose,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: metrics-server, step-fips, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, grafana, certificate-transparency-fips, kubernetes-csi-external-snapshotter, istio-cni, cue, direnv, nri-apache,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, metrics-server, local-path-provisioner, gobuster, kubernetes-csi-external-resizer, smarter-device-manager, configmap-reload, aws-flb-cloudwatch, prometheus-bind-exporter, aws-load-balancer-controller, cass-operator,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-kyverno-plugin, spark-operator, bazelisk, containerd, go, prometheus-statsd-exporter, calico, secrets-store-csi-driver-provider-azure, wait-for-port, prometheus-node-exporter, nri-consul, kubewatch, mkcert, istio-pilot-agent, docker-compose,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, amass, protoc-gen-go-grpc, aactl, smarter-device-manager, aws-flb-cloudwatch, gke-gcloud-auth-plugin, nsc, aws-flb-firehose, nats, nri-discovery-kubernetes, cilium-envoy, vertical-pod-autoscaler, kind, local-path-provisioner,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, amass, protoc-gen-go-grpc, aactl, smarter-device-manager, aws-flb-cloudwatch, gke-gcloud-auth-plugin, nsc, aws-flb-firehose, nats, nri-discovery-kubernetes, cilium-envoy, vertical-pod-autoscaler, kind, local-path-provisioner,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, amass, protoc-gen-go-grpc, aactl, smarter-device-manager, aws-flb-cloudwatch, gke-gcloud-auth-plugin, nsc, aws-flb-firehose, nats, nri-discovery-kubernetes, cilium-envoy, vertical-pod-autoscaler, kind, local-path-provisioner,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: metrics-server, local-path-provisioner, nri-mssql, kor, kubernetes-csi-external-resizer, nri-nginx, kubernetes-csi-external-attacher-fips, kubernetes-csi-external-snapshotter, cue, direnv, nri-apache, rabbitmq-cluster-operator, actions-runner-controller,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, metrics-server, local-path-provisioner, gobuster, kubernetes-csi-external-resizer, smarter-device-manager, configmap-reload, aws-flb-cloudwatch, prometheus-bind-exporter, aws-load-balancer-controller, cass-operator,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: dagger, loki, amass, kyverno-policy-reporter-kyverno-plugin, prometheus-mysqld-exporter, spark-operator, up, argo-cd, bazelisk, helm-operator, newrelic-infrastructure-agent, speedtest-go, aws-flb-cloudwatch, nri-couchbase, timoni, s5cmd, aws-flb-firehose, nri-mongodb,....

JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post Exploitation Implant To Monitor Users As They Use The Targeted Application

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...

[SECURITY] Fedora 38 Update: stalld-1.19.2-1.fc38

The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHED_DEADLINE policy. The default is to allow 10 microseconds....

[SECURITY] Fedora 39 Update: stalld-1.19.2-1.fc39

The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHED_DEADLINE policy. The default is to allow 10 microseconds....

[SECURITY] Fedora 40 Update: stalld-1.19.2-1.fc40

The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHED_DEADLINE policy. The default is to allow 10 microseconds....

CVE-2022-48698

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. Fix this up by properly calling...

CVE-2022-48698

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. Fix this up by properly calling...

CVE-2023-6363

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...

CVE-2024-1067

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...

CVE-2024-1395

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This.....

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus.

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023 Critical....

Qualys Launches MSSP Portal to Empower Managed Security Service Providers

In the words of Sun Tzu, 'In the midst of chaos, there is also opportunity.' This aptly captures the essence of today's cybersecurity landscape. Managed Security Service Providers (MSSPs) stand at the forefront, turning chaos into opportunity by securing digital assets across the entire...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2023 Critical Patch.....

CVE-2024-26948

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How] Check wheather state is NULL before releasing...