Windows Server, Version 20H2 (Server Core Installation) Security Vulnerabilities

CVE-2024-38379

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...

CVE-2024-38379

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...

CVE-2024-38379 Apache Allura: Stored authenticated XSS

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: spire-server, prometheus, goreleaser, grype, wolfictl, dagger, tkn, ctop, telegraf, up, conftest, crossplane, kubescape, buf, kaniko, zot, syft, docker-compose, kargo, cadvisor, buildkitd, ko, trivy, datadog-agent, aactl, loki,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: goreleaser, traefik, grype, minio, gke-gcloud-auth-plugin, hey, terraform-provider-azurerm, skaffold, telegraf, cue, coredns, dex, cilium-envoy, kubewatch, flux-notification-controller, pulumi-language-java, slsa-verifier, flux-helm-controller,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: argo-workflows, spire-server, keda, vault, external-secrets-operator, tekton-chains, traefik, tkn, cloudflared, argo-cd, oauth2-proxy, flux-source-controller, gitsign, kyverno, vexctl, dex, cilium-envoy, kubescape, fulcio, kots, terragrunt, slsa-verifier,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: spire-server, prometheus, goreleaser, grype, wolfictl, dagger, tkn, ctop, telegraf, up, conftest, crossplane, kubescape, buf, kaniko, zot, syft, docker-compose, kargo, cadvisor, buildkitd, ko, trivy, datadog-agent, aactl, loki,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: argo-workflows, vault, goreleaser, traefik, consul, cilium, grype, eksctl, rook, guac, terraform-docs, php-fpm_exporter, minio, terraform-provider-azurerm, runc, grpc-health-probe, skaffold, telegraf, gitsign, vault-k8s, temporal-ui-server, supercronic, grafana, dex,.....

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: spire-server, zarf, goreleaser, tekton-chains, neuvector-sigstore-interface, wolfictl, tkn, skaffold, apko, flux-source-controller, gitsign, vexctl, falcoctl, kubescape, policy-controller, zot, slsa-verifier, ko, falco, aactl,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: argo-workflows, keda, step-ca, kots, vault, kube-bench, telegraf, ferretdb, amass, kine, trillian, spicedb, temporal-server, caddy, k3s,...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, datadog-agent,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: py3.10-tensorflow-core, py3-werkzeug, kubeflow-volumes-web-app, superset,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...

GHSA-M87M-MMVP-V9QM vulnerabilities

Vulnerabilities for packages:...

CVE-2024-20994 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21047 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21062 vulnerabilities

Vulnerabilities for packages:...

GHSA-5XQ9-RCPJ-P52V vulnerabilities

Vulnerabilities for packages:...

GHSA-88H4-JW57-85V9 vulnerabilities

Vulnerabilities for packages:...

GHSA-R27R-5FWH-VXQW vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, falco,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: py3.10-tensorflow-core, py3-werkzeug, kubeflow-volumes-web-app, superset,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: argo-workflows, keda, step-ca, kots, vault, kube-bench, telegraf, ferretdb, amass, kine, trillian, spicedb, temporal-server, caddy, k3s,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: argo-workflows, spire-server, keda, prometheus, step-ca, velero, zarf, goreleaser, external-secrets-operator, tekton-chains, traefik, filebeat, boring-registry, rook, ksops, chezmoi, flux-image-reflector-controller, guac, pulumi, step, teleport, tkn,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: argo-workflows, spire-server, keda, prometheus, step-ca, velero, zarf, goreleaser, external-secrets-operator, tekton-chains, traefik, filebeat, boring-registry, rook, ksops, chezmoi, flux-image-reflector-controller, guac, pulumi, step, teleport, tkn,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: kubeflow-katib, kubeflow-pipelines-visualization-server, ggshield, confluent-docker-utils, az, jwt-tool, py3.10-tensorflow-core, kubeflow-volumes-web-app, dask-gateway, kubeflow-pipelines, py3-idna, datadog-agent, k8s-sidecar, kubeflow-jupyter-web-app,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, kubeflow-pipelines-visualization-server, ggshield, confluent-docker-utils, az, jwt-tool, py3.10-tensorflow-core, kubeflow-volumes-web-app, dask-gateway, kubeflow-pipelines, py3-idna, datadog-agent, k8s-sidecar, kubeflow-jupyter-web-app,...

GHSA-HJ3V-M684-V259 vulnerabilities

Vulnerabilities for packages: spire-server, istio-cni, external-secrets-operator, istio-operator, falco, istio-pilot-discovery, kyverno, boring-registry, falcoctl, minio, mc,...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: kind, falco,...

GHSA-PCJV-393Q-RQF2 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31081 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31082 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: argo-workflows, vault, goreleaser, traefik, consul, grype, eksctl, terraform-docs, terraform-provider-azurerm, grpc-health-probe, telegraf, gitsign, vault-k8s, temporal-ui-server, coredns, dex, crossplane, grafana, nri-mssql, kubewatch, terragrunt, slsa-verifier,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: argo-workflows, vault, goreleaser, traefik, consul, cilium, grype, eksctl, rook, guac, terraform-docs, php-fpm_exporter, minio, terraform-provider-azurerm, runc, grpc-health-probe, skaffold, telegraf, gitsign, vault-k8s, temporal-ui-server, supercronic, grafana, dex,.....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...

CVE-2023-39320 vulnerabilities

Vulnerabilities for packages:...

GHSA-RXV8-V965-V333 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21013 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21060 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21096 vulnerabilities

Vulnerabilities for packages:...

GHSA-8CPF-FXR6-4WPQ vulnerabilities

Vulnerabilities for packages:...

GHSA-GJ63-QCJC-2FCW vulnerabilities

Vulnerabilities for packages:...

GHSA-WH99-P93P-G825 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-35178 vulnerabilities

Vulnerabilities for packages:...