Alaris GS, Alaris GH, Alaris CC, And Alaris TIVA Security Vulnerabilities

Tuesday, July 2, 2024 Security Releases

Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: snyk-cli, opentelemetry-collector-contrib, gitlab-runner, rabbitmq-messaging-topology-operator, tkn, fulcio, gh, cert-manager, guac, kubescape, nuclei, tekton-pipelines, bank-vaults, k3s, tekton-chains, kyverno, vexctl, flux-notification-controller,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kots, gitlab-runner, kubernetes-csi-node-driver-registrar, rabbitmq-messaging-topology-operator, temporal, conftest, cert-manager, grpc-health-probe, kubescape, cert-exporter, prometheus-postgres-exporter, tctl, temporal-ui-server, velero, argo-workflows,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: render-template, cert-exporter, tctl, cluster-api-controller, sonobuoy, mods, delve, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, prometheus-node-exporter, hugo, pulumi-language-dotnet, opentofu, flux-image-automation-controller,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: age, render-template, cert-exporter, libnvidia-container, tctl, cluster-api-controller, sonobuoy, mods, hey, delve, docker, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, opa, prometheus-node-exporter, pulumi-language-dotnet, opentofu,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: snyk-cli, opentelemetry-collector-contrib, gitlab-runner, rabbitmq-messaging-topology-operator, tkn, fulcio, gh, cert-manager, guac, kubescape, nuclei, tekton-pipelines, bank-vaults, k3s, tekton-chains, kyverno, vexctl, flux-notification-controller,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kots, gitlab-runner, kubernetes-csi-node-driver-registrar, rabbitmq-messaging-topology-operator, temporal, conftest, cert-manager, grpc-health-probe, kubescape, cert-exporter, prometheus-postgres-exporter, tctl, temporal-ui-server, velero, argo-workflows,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: render-template, cert-exporter, tctl, cluster-api-controller, sonobuoy, mods, delve, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, prometheus-node-exporter, hugo, pulumi-language-dotnet, opentofu, flux-image-automation-controller,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: age, render-template, cert-exporter, libnvidia-container, tctl, cluster-api-controller, sonobuoy, mods, hey, delve, docker, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, opa, prometheus-node-exporter, pulumi-language-dotnet, opentofu,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: age, render-template, cert-exporter, libnvidia-container, tctl, cluster-api-controller, sonobuoy, mods, hey, delve, docker, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, opa, prometheus-node-exporter, pulumi-language-dotnet, opentofu,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: age, render-template, cert-exporter, libnvidia-container, tctl, cluster-api-controller, sonobuoy, mods, hey, delve, docker, harbor-scanner-trivy, flux-source-controller, newrelic-infra-operator, opa, prometheus-node-exporter, pulumi-language-dotnet, opentofu,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: nri-haproxy, gitlab-runner, kubernetes-csi-node-driver-registrar, temporal, render-template, esbuild, cni-plugins, cert-exporter, kube-rbac-proxy, prometheus-postgres-exporter, tctl, temporal-ui-server, flannel-cni-plugin, velero, mage, cluster-api-controller,...

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...

CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2

CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...

CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2

CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...

CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2

CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2. A patched version of the package is...

kitchenomics.com Cross Site Scripting vulnerability OBB-3939406

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5922 Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5662 Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget

The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to,.....

CVE-2024-5922 Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5662 Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget

The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to,.....

CVE-2024-5424 Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters

The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...

CVE-2024-5925 Theron Lite <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5925 Theron Lite <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5424 Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters

The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...

Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and...

gobiernu.cw Cross Site Scripting vulnerability OBB-3939405

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

BIT-gitlab-2024-1493

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...

BIT-gitlab-2024-1816

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI...

BIT-gitlab-2024-2191

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members...

BIT-gitlab-2024-3115

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo...

BIT-gitlab-2024-3959

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...

BIT-gitlab-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...

BIT-gitlab-2024-4557

Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai...

BIT-gitlab-2024-4901

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...

BIT-gitlab-2024-5430

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via...

BIT-gitlab-2024-5655

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain...

BIT-gitlab-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...

endmemo.com Cross Site Scripting vulnerability OBB-3939404

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....

CVE-2024-6288 Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....