NVIDIA Cloud Gaming (guest Driver), NVIDIA Cloud Gaming (Virtual GPU Manager) Security Vulnerabilities

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, kubescape, pulumi-language-yaml, stakater-reloader, ip-masq-agent, keda, pulumi, kubernetes-csi-node-driver-registrar, kubernetes-csi-external-attacher, cluster-autoscaler, frp, flux-notification-controller, hugo, cert-manager,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: oauth2-proxy, grpc-health-probe, ko, slsa-verifier, step, minio, skopeo, gitsign, flux-source-controller, cilium, goreleaser, external-secrets-operator, step-ca, vexctl, argo-cd, keda, flux-kustomize-controller, rook, istio-cni, istio-operator, spire-server, grafana,.....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: kots, kubescape, external-secrets-operator, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, keda, pulumi, prometheus-statsd-exporter, kubernetes-csi-node-driver-registrar, kubernetes-csi-external-attacher, cluster-autoscaler, frp, k8sgpt,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, kubescape, external-secrets-operator, flux-image-automation-controller, pulumi, kube-rbac-proxy, prometheus-statsd-exporter, cilium-cli, spire-server, terraform-docs, cluster-autoscaler, crossplane, frp, grafana, melange, zot, hugo,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: kots, external-secrets-operator, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, keda, pulumi, prometheus-statsd-exporter, kubernetes-csi-node-driver-registrar, kubernetes-csi-external-attacher, cluster-autoscaler, frp, k8sgpt, zot,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: pombump, conftest, traefik, configmap-reload, direnv, jaeger-agent, shfmt, kube-bench, kubescape, paranoia, kyverno-policy-reporter-kyverno-plugin, external-secrets-operator, pulumi-language-yaml, helm-operator, ip-masq-agent, clusterctl, cilium-cli,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, direnv, jaeger-agent, shfmt, ip-masq-agent, keda, controller-gen, cilium-cli, stern, cluster-autoscaler, frp, grafana, kubecolor, node-feature-discovery, php-fpm_exporter, actions-runner-controller, prometheus-stackdriver-exporter, falcoctl,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: kots, k9s, slsa-verifier, traefik, skopeo, kubevela, kubescape, falco, goreleaser, helm, gitlab-runner, vexctl, helm-operator, pulumi, datadog-agent, cadvisor, buildkitd, k8sgpt, dagger, zot, crane, flux-image-reflector-controller, zarf, newrelic-infrastructure-agent,....

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: nodetaint, spark-operator, cluster-autoscaler, local-static-provisioner, aws-ebs-csi-driver, kubernetes-csi-driver-hostpath, kubernetes, node-feature-discovery, ip-masq-agent, kubernetes-dns-node-cache,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: kots, k9s, skopeo, kubescape, ingress-nginx-controller, docker, datadog-agent, cadvisor, buildkitd, zot, grype, zarf, newrelic-infrastructure-agent, syft, runc, ctop, nvidia-device-plugin, kubernetes, skaffold, trivy, wolfictl, k3s, telegraf, k3d, kaniko,...

CVE-2022-3162 affecting package kube-vip-cloud-provider 0.0.2-16

CVE-2022-3162 affecting package kube-vip-cloud-provider 0.0.2-16. No patch is available...

CVE-2023-44487 affecting package csi-driver-lvm for versions less than 0.4.1-13

CVE-2023-44487 affecting package csi-driver-lvm for versions less than 0.4.1-13. A patched version of the package is...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-0215 affecting package cloud-hypervisor 22.0-2

CVE-2023-0215 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

CVE-2023-0286 affecting package cloud-hypervisor 22.0-2

CVE-2023-0286 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

CVE-2022-4304 affecting package cloud-hypervisor 22.0-2

CVE-2022-4304 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

CVE-2022-4450 affecting package cloud-hypervisor 22.0-2

CVE-2022-4450 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12. A patched version of the package is...

CVE-2023-44487 affecting package csi-driver-lvm for versions less than 0.4.1-13

CVE-2023-44487 affecting package csi-driver-lvm for versions less than 0.4.1-13. This CVE either no longer is or was never...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2

CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2. A patched version of the package is...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to a code execution vulnerability in Node.js ( CVE-2024-27980)

Summary Potential code execution vulnerability in Node.js ( CVE-2024-27980) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2024-27980 ...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote authenticated attacker (CVE-2024-30260, CVE-2024-30261)

Summary There are vulnerabilities in Node.js undici module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-30261 DESCRIPTION: **Node.js undici module...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243)

Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)

Summary Potential Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)

Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283)

Summary Potential Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)

Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch denial of service vulnerabilitiy.(CVE-2023-31418)

Summary Potential Elastic Elasticsearch denial of service vulnerabilitiy.(CVE-2023-31418) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-31418 ...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go arbitrary code execution vulnerabilitiy.( CVE-2023-39323)

Summary Potential Golang Go arbitrary code execution vulnerabilitiy.( CVE-2023-39323) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39323 DESCRIPTION:...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to a code execution vulnerability in Apache Commons Configuration ( CVE-2024-29131)

Summary Potentialcode execution vulnerability in Apache Commons Configuration ( CVE-2024-29131) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Node.js ( CVE-2023-44487, CVE-2023-45143 )

Summary Potential vulnerabilities in Node.js related to the VM component ( CVE-2023-44487, CVE-2023-45143 ) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details.....

CVE-2024-38388

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty shipped with with IBM CICS TX Advanced

Summary Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issue. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...

Security Bulletin: Multiple Linux Kernel vulnerabilities affect IBM Storage Scale System.

Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a local authenticated attacker to gain elevated privileges on the system. Fixes for these vulnerabilities are available. CVE-2023-51043, CVE-2024-1086, CVE-2024-0646, CVE-2023-6932,.....

Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks

In today's cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses. The discussion highlighted the dual role of AI in...

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...

CVE-2024-38633

In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after insmod — rmmod —...

CVE-2024-38633

In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after insmod — rmmod —...

CVE-2024-38629

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to.....

CVE-2024-38629

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to.....

CVE-2024-38388

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original...

CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->...

CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->...