Desktop & Server Management (DSM) Security Vulnerabilities

Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)

IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...

CVE-2021-47590

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. If such call hits mptcp_sockopt_sync_all() then subsequently __mptcp_sockopt_sync() could try to.....

Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024

Highlights Complex Tool Landscape: Explore the wide array of cybersecurity tools used by MSPs, highlighting the common challenge of managing multiple systems that may overlap in functionality but lack integration. Top Cybersecurity Challenges: Discuss the main challenges MSPs face, including...

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal...

Exploit for CVE-2024-36527

CVE-2024-36527 PoC and Bulk Scanner...

CVE-2024-34693

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf...

CVE-2024-34693

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for...

Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to a Denial of Service.

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubescape, minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, skopeo, argo-cd, grafana, rqlite, spicedb, temporal-server, ctop, istio-cni, clusterctl, cri-tools, kor, kubernetes-csi-livenessprobe, trillian,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: telegraf, amass, kube-bench, argo-workflows, ferretdb, kine, kots, caddy, vault, keda, step-ca, trillian, k3s, spicedb, temporal-server,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, pytorch,...

GHSA-M87M-MMVP-V9QM vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pymongo,...

CVE-2024-20994 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21047 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21062 vulnerabilities

Vulnerabilities for packages:...

GHSA-5XQ9-RCPJ-P52V vulnerabilities

Vulnerabilities for packages:...

GHSA-88H4-JW57-85V9 vulnerabilities

Vulnerabilities for packages:...

GHSA-R27R-5FWH-VXQW vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: kubescape, telegraf, loki, conftest, docker-compose, dagger, buildkitd, wolfictl, ctop, up, zot, kaniko, cadvisor, aactl, grype, crossplane, buf, trivy, goreleaser, melange, ko, spire-server, syft, tkn, kargo, prometheus,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: telegraf, amass, kube-bench, argo-workflows, ferretdb, kine, kots, caddy, vault, keda, step-ca, trillian, k3s, spicedb, temporal-server,...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: kubescape, telegraf, loki, conftest, docker-compose, dagger, buildkitd, wolfictl, ctop, up, zot, kaniko, cadvisor, aactl, grype, crossplane, buf, trivy, goreleaser, melange, ko, spire-server, syft, tkn, kargo, prometheus,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: kubescape, kyverno, tekton-pipelines, cosign, slsa-verifier, argo-cd, falco, gitsign, flux-kustomize-controller, cilium-envoy, kots, vault, cert-manager, istio-pilot-discovery, traefik, aactl, sops, tekton-chains, argo-workflows, dex, terragrunt, oauth2-proxy, fulcio,....

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: kubescape, minio, ip-masq-agent, flux-helm-controller, argo-cd, rqlite, kubernetes-csi-livenessprobe, external-dns, aactl, grype, secrets-store-csi-driver-provider-gcp, tomcat, opentofu, cluster-autoscaler, goreleaser, prometheus-bind-exporter,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: kubescape, slsa-verifier, neuvector-sigstore-interface, policy-controller, falco, gitsign, skaffold, wolfictl, falcoctl, zot, aactl, tekton-chains, apko, goreleaser, melange, flux-source-controller, vexctl, ko, spire-server, tkn,...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, falco,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: kubescape, ip-masq-agent, skopeo, dataplaneapi, yam, rqlite, litestream, spicedb, clusterctl, crane, aws-flb-firehose, neuvector-scanner, prometheus-redis-exporter, external-dns, hubble, crossplane-provider-aws, prometheus-postgres-exporter, argo-workflows,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: kubescape, aws-ebs-csi-driver, ip-masq-agent, mkcert, kubernetes-dashboard, skopeo, kubebuilder, litestream, logstash, petname, spicedb, tempo, ctop, harbor-cli, clusterctl, kafka_exporter, cri-tools, crane, kubernetes-csi-livenessprobe, gobump, neuvector-scanner,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: kubescape, aws-ebs-csi-driver, ip-masq-agent, mkcert, kubernetes-dashboard, skopeo, kubebuilder, litestream, logstash, petname, spicedb, tempo, ctop, harbor-cli, clusterctl, kafka_exporter, cri-tools, crane, kubernetes-csi-livenessprobe, gobump, neuvector-scanner,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: kubescape, ip-masq-agent, skopeo, dataplaneapi, yam, litestream, spicedb, ctop, clusterctl, crane, aws-flb-firehose, neuvector-scanner, prometheus-redis-exporter, external-dns, crossplane-provider-aws, grafana-mimir, prometheus-postgres-exporter, argo-workflows,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: kind, cass-operator, go-licenses, ip-masq-agent, slsa-verifier, nats, sonobuoy, grpcurl, cortex, smarter-device-manager, render-template, falco, petname, ctop, cilium-envoy, gke-gcloud-auth-plugin, kubernetes-dashboard-metrics-scraper, vertical-pod-autoscaler, amass,.....

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: kubescape, flux-helm-controller, kubernetes-dashboard, skopeo, argo-cd, grafana, rqlite, temporal-server, istio-cni, trillian, external-dns, k3s, crossplane-provider-aws, aactl, grype, sops, prometheus-postgres-exporter, argo-workflows, src-fingerprint, k3d, buf,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, prometheus-pushgateway, kubernetes-dashboard, argo-cd, rqlite, kubernetes-csi-livenessprobe, trillian, external-dns, k3s, kubernetes-csi-external-snapshotter, crossplane-provider-aws, aactl,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubescape, minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, skopeo, argo-cd, grafana, rqlite, spicedb, temporal-server, ctop, istio-cni, clusterctl, cri-tools, kor, kubernetes-csi-livenessprobe, trillian,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: ksops, kyverno, telegraf, loki, tekton-pipelines, timestamp-authority, cosign, k8sgpt, hugo, thanos, cortex, sigstore-scaffolding, grafana, policy-controller, harbor-registry, tempo, falcoctl, flux-kustomize-controller, rclone, flyte, up, py3-cassandra-medusa,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: ksops, kyverno, telegraf, loki, tekton-pipelines, timestamp-authority, cosign, k8sgpt, hugo, thanos, cortex, sigstore-scaffolding, grafana, policy-controller, harbor-registry, tempo, falcoctl, flux-kustomize-controller, rclone, flyte, up, py3-cassandra-medusa,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: k8s-sidecar, az, py3.10-tensorflow-core, dask-gateway, kubeflow-volumes-web-app, jwt-tool, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-cassandra-medusa, ggshield, kubeflow-pipelines-visualization-server, kubeflow-katib, py3-idna, confluent-docker-utils,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: k8s-sidecar, az, py3.10-tensorflow-core, dask-gateway, kubeflow-volumes-web-app, jwt-tool, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-cassandra-medusa, ggshield, kubeflow-pipelines-visualization-server, kubeflow-katib, py3-idna, confluent-docker-utils,...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: kind, falco,...

CVE-2023-39320 vulnerabilities

Vulnerabilities for packages:...

GHSA-RXV8-V965-V333 vulnerabilities

Vulnerabilities for packages:...