VGPU Software (Virtual GPU Manager - Citrix Hypervisor, VMware VSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) Security Vulnerabilities

CVE-2024-6264

The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-6264

The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Exploit for CVE-2024-6387

Document Title - Mitigation Guide for CVE-2024-6387 in...

Exploit for CVE-2024-6387

OpenSSH CVE-2024-6387 A vulnerability (CVE-2024-6387) has...

CVE-2024-6264 Post Meta Data Manager <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

How MFA Failures are Fueling a 500% Surge in Ransomware Losses

The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the.....

New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data

Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be exploited to leak sensitive information from the processors. The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: falco, k3d, chartmuseum, tekton-chains, kpt, skaffold, up, loki, scorecard, prometheus, tekton-pipelines, bom, k3s, aactl, slsa-verifier, ctop, goreleaser, paranoia, cert-manager,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, prometheus-stackdriver-exporter, dynamic-localpv-provisioner, trillian, skopeo, chartmuseum, atlantis, eksctl, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter,....

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, helm-push, regclient, dynamic-localpv-provisioner, trillian, yam, chartmuseum, eksctl, oras, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter, mockery, runc,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: k3d, flux, actions-runner-controller, fulcio, opentelemetry-collector-contrib, cosign, skopeo, consul, flux-image-reflector-controller, snyk-cli, tekton-chains, gomplate, gh, terragrunt, timestamp-authority, guac, rook, rabbitmq-messaging-topology-operator,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: prometheus-stackdriver-exporter, dynamic-localpv-provisioner, atlantis, cortex, gobuster, kpt, ingress-nginx-controller, prometheus, spark-operator, hey, kubernetes-csi-livenessprobe, terraform, envoy-ratelimit, coredns, node-problem-detector, aws-efs-csi-driver,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: k3d, datadog-agent, skopeo, runc, zot, nerdctl, skaffold, ingress-nginx-controller, kots, telegraf, syft, newrelic-infrastructure-agent, k3s, nvidia-device-plugin, kaniko, cadvisor, ctop, buildkitd, kubernetes, docker, wolfictl, zarf, k9s, grype, trivy,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: k3d, helm-push, eksctl, helm, melange, zot, kubevela, cilium-cli, skaffold, trivy, up, kots, telegraf, tekton-pipelines, flux-helm-controller, newrelic-infrastructure-agent, kaniko, ctop, flux-source-controller, gitness, neuvector-agent, fuse-overlayfs-snapshotter,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, flux-source-controller, k8sgpt, helm-operator, cilium-cli, chartmuseum, trivy, eksctl, up, istio-operator, zarf, k9s, kots, cert-manager, zot,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, flux-source-controller, k8sgpt, helm-operator, cilium-cli, chartmuseum, trivy, eksctl, up, istio-operator, zarf, k9s, kots, cert-manager, zot,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: falco, traefik, fulcio, cosign, vault, tekton-chains, terragrunt, oauth2-proxy, cilium-envoy, gitsign, kots, tekton-pipelines, cert-manager, cloudflared, external-secrets-operator, sops, keda, aactl, slsa-verifier, argo-workflows, dex, argo-cd, vexctl,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: k3d, helm-push, trillian, chartmuseum, atlantis, eksctl, terragrunt, kpt, docker-credential-gcr, gobump, flannel-cni-plugin, nri-consul, crossplane-provider-azure, loki, prometheus, pombump, spark-operator, influx, terraform, cadvisor, ytt,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, helm-push, prometheus-stackdriver-exporter, regclient, dynamic-localpv-provisioner, trillian, skopeo, chartmuseum, atlantis, eksctl, neuvector-scanner, oras, cortex, overmind, mockery, extism, runc, kpt, docker-credential-gcr,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, helm-push, prometheus-stackdriver-exporter, regclient, dynamic-localpv-provisioner, trillian, skopeo, chartmuseum, atlantis, eksctl, neuvector-scanner, oras, cortex, overmind, mockery, extism, runc, kpt, docker-credential-gcr,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: k3d, helm-push, trillian, chartmuseum, atlantis, terragrunt, extism, kpt, docker-credential-gcr, gobump, flannel-cni-plugin, nri-consul, crossplane-provider-azure, loki, prometheus, pombump, influx, hey, terraform, cadvisor, ctop, ytt, nfs-subdir-external-provisioner,....

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, falco, helm-push, k3d, mage, prometheus-stackdriver-exporter, protoc-gen-go-grpc, metrics-server, oras, dgraph, nats, cortex, amass, configmap-reload, kubernetes-dashboard-metrics-scraper, prometheus-bind-exporter, cilium-envoy, gobuster,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: k3d, prometheus-stackdriver-exporter, actions-runner-controller, helm-push, dynamic-localpv-provisioner, trillian, skopeo, atlantis, eksctl, cortex, kubeflow-pipelines, prometheus-postgres-exporter, terragrunt, istio-cni, gobuster,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: falco, datadog-agent, dagger, traefik, cosign, skopeo, flux-image-reflector-controller, eksctl, tekton-chains, helm, istio-pilot-agent, guac, zot, docker-credential-gcr, kubevela, k8sgpt, helm-operator, nerdctl, gitsign, skaffold, trivy, up, kubeflow-katib, loki,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, prometheus-stackdriver-exporter, dynamic-localpv-provisioner, trillian, skopeo, chartmuseum, atlantis, eksctl, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter,....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, helm-push, regclient, dynamic-localpv-provisioner, trillian, yam, chartmuseum, eksctl, oras, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter, mockery, runc,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, helm-push, regclient, dynamic-localpv-provisioner, trillian, yam, chartmuseum, eksctl, oras, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter, mockery, runc,...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: thanos, gatekeeper, ipfs, kubevela, prometheus-adapter, k3s, calico, up, keda, caddy, prometheus, cert-manager, gitlab-kas,...

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: thanos, gatekeeper, ipfs, kubevela, prometheus-adapter, k3s, calico, up, keda, caddy, prometheus, cert-manager, gitlab-kas,...

CVE-2022-3162 affecting package kube-vip-cloud-provider 0.0.2-17

CVE-2022-3162 affecting package kube-vip-cloud-provider 0.0.2-17. No patch is available...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: traefik, flux, opentelemetry-collector-contrib, fulcio, cosign, fluent-bit-plugin-loki, py3-cassandra-medusa, teleport, py3-azure-identity, flux-image-reflector-controller, hugo, tekton-chains, cortex, grafana, terragrunt, timestamp-authority, guac, airflow, rook,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: k3d, flux, actions-runner-controller, fulcio, opentelemetry-collector-contrib, cosign, skopeo, consul, flux-image-reflector-controller, snyk-cli, tekton-chains, gomplate, gh, terragrunt, timestamp-authority, guac, rook, rabbitmq-messaging-topology-operator,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: traefik, flux, opentelemetry-collector-contrib, fulcio, cosign, fluent-bit-plugin-loki, py3-cassandra-medusa, teleport, py3-azure-identity, flux-image-reflector-controller, hugo, tekton-chains, cortex, grafana, terragrunt, timestamp-authority, guac, airflow, rook,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: k3d, prometheus-stackdriver-exporter, dynamic-localpv-provisioner, trillian, chartmuseum, prometheus-postgres-exporter, runc, gobuster, kpt, kubernetes-csi-external-provisioner, crossplane-provider-azure, prometheus, kube-fluentd-operator, spark-operator,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: k3d, helm-push, trillian, chartmuseum, atlantis, eksctl, terragrunt, kpt, docker-credential-gcr, gobump, flannel-cni-plugin, nri-consul, crossplane-provider-azure, loki, prometheus, pombump, spark-operator, influx, terraform, cadvisor, ytt,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: k3d, helm-push, trillian, chartmuseum, atlantis, terragrunt, extism, kpt, docker-credential-gcr, gobump, flannel-cni-plugin, nri-consul, crossplane-provider-azure, loki, prometheus, pombump, influx, hey, terraform, cadvisor, ctop, ytt, nfs-subdir-external-provisioner,....

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: falco, containerd, cilium, fulcio, grpc-health-probe, cosign, vault, skopeo, tekton-chains, dgraph, gomplate, istio-operator, melange, grafana, istio-pilot-agent, terragrunt, guac, oauth2-proxy, timestamp-authority, istio-cni, rook,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, helm-push, regclient, dynamic-localpv-provisioner, trillian, yam, chartmuseum, eksctl, oras, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter, mockery, runc,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, helm-push, regclient, dynamic-localpv-provisioner, trillian, yam, chartmuseum, eksctl, oras, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter, mockery, runc,...

GHSA-8PGV-569H-W5RW vulnerabilities

Vulnerabilities for packages: kubernetes, containerd, kubernetes-csi-external-resizer, kubevela, docker-compose, k3s, kyverno, temporal-server, temporal, kine, envoy-ratelimit, keda, cert-manager, cri-tools, argo-cd, aws-ebs-csi-driver,...

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: kubernetes, containerd, kubernetes-csi-external-resizer, kubevela, docker-compose, k3s, kyverno, temporal-server, temporal, kine, envoy-ratelimit, keda, cert-manager, cri-tools, argo-cd, aws-ebs-csi-driver,...

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, flux-source-controller, k8sgpt, helm-operator, cilium-cli, chartmuseum, trivy, eksctl, up, istio-operator, zarf, k9s, kots, cert-manager, zot,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, helm-push, prometheus-stackdriver-exporter, regclient, dynamic-localpv-provisioner, trillian, skopeo, chartmuseum, atlantis, eksctl, neuvector-scanner, oras, cortex, overmind, mockery, extism, runc, kpt, docker-credential-gcr,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, helm-push, regclient, dynamic-localpv-provisioner, trillian, yam, chartmuseum, eksctl, oras, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter, mockery, runc,...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, prometheus-stackdriver-exporter, dynamic-localpv-provisioner, trillian, chartmuseum, atlantis, prometheus-postgres-exporter, runc, istio-cni, gobuster, kpt, kubernetes-csi-external-provisioner, crossplane-provider-azure, prometheus,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: k3d, helm-push, trillian, chartmuseum, atlantis, terragrunt, extism, kpt, docker-credential-gcr, gobump, flannel-cni-plugin, nri-consul, crossplane-provider-azure, loki, prometheus, pombump, influx, hey, terraform, cadvisor, ctop, ytt, nfs-subdir-external-provisioner,....

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, falco, helm-push, k3d, mage, prometheus-stackdriver-exporter, protoc-gen-go-grpc, metrics-server, oras, dgraph, nats, cortex, amass, configmap-reload, kubernetes-dashboard-metrics-scraper, prometheus-bind-exporter, cilium-envoy, gobuster,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, falco, helm-push, k3d, mage, prometheus-stackdriver-exporter, protoc-gen-go-grpc, metrics-server, oras, dgraph, nats, cortex, amass, configmap-reload, kubernetes-dashboard-metrics-scraper, prometheus-bind-exporter, cilium-envoy, gobuster,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: aws-flb-firehose, falco, helm-push, k3d, mage, prometheus-stackdriver-exporter, protoc-gen-go-grpc, metrics-server, oras, dgraph, nats, cortex, amass, configmap-reload, kubernetes-dashboard-metrics-scraper, prometheus-bind-exporter, cilium-envoy, gobuster,...