VGPU Software (guest Driver - Linux), VGPU Software (Virtual GPU Manager - Citrix Hypervisor, VMware VSphere, Red Hat Enterprise Linux KVM), , NVIDIA Cloud Gaming (guest Driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) Security Vulnerabilities

CVE-2024-6160

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through...

CVE-2024-6160

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through...

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue.....

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...

CVE-2024-6160 SQL Injection in MegaBIP

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through...

CVE-2024-5683

Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before...

CVE-2024-4754

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Stored XSS.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before...

CVE-2024-4754

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Stored XSS.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before...

CVE-2024-5683

Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before...

CVE-2024-36495

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

CVE-2024-36497

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...

CVE-2024-36495

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

CVE-2024-36496

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kubernetes, kubernetes-dns-node-cache, local-static-provisioner, nodetaint, spark-operator, ip-masq-agent, cluster-autoscaler, node-feature-discovery, calico,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: node-problem-detector, gobuster, gitlab-shell, gitlab-runner, kaf, coredns, prometheus-blackbox-exporter, hugo, scorecard, gke-gcloud-auth-plugin, terraform-provider-azurerm, grype, kubescape, newrelic-infrastructure-agent, dgraph, prometheus-stackdriver-exporter,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: rekor, tekton-pipelines, vault, dex, cert-manager, cilium-envoy, tekton-chains, terragrunt, falco, spire-server, kubescape, keda, slsa-verifier, kots, flux-kustomize-controller, vexctl, external-secrets-operator, aactl, argo-workflows, cloudflared, cosign, tkn,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: tekton-pipelines, scorecard, goreleaser, cert-manager, paranoia, tekton-chains, falco, kubescape, slsa-verifier, bom, chartmuseum, k3d, ctop, skaffold, aactl, prometheus, kpt, up, k3s,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...

CVE-2023-3955 vulnerabilities

Vulnerabilities for packages: calico, argo-cd, cluster-autoscaler,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: trivy, chartmuseum, k8sgpt, helm-push, eksctl, k9s, flux-helm-controller, istio-operator, cilium-cli, kubescape, up, zarf, zot, helm-operator, cert-manager, flux-source-controller,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: helm-push, tekton-pipelines, melange, kubevela, zot, kaniko, cert-manager, trivy, gitness, flux-helm-controller, cilium-cli, grype, kubescape, newrelic-infrastructure-agent, kots, fuse-overlayfs-snapshotter, k3d, ctop, skaffold, eksctl, neuvector-agent,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: trivy, chartmuseum, k8sgpt, helm-push, eksctl, k9s, flux-helm-controller, istio-operator, cilium-cli, kubescape, up, zarf, zot, helm-operator, cert-manager, flux-source-controller,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: skopeo, docker, cadvisor, nerdctl, zot, kaniko, trivy, runc, grype, kubescape, nvidia-device-plugin, newrelic-infrastructure-agent, kots, k3d, ctop, skaffold, syft, ingress-nginx-controller, datadog-agent, zarf, buildkitd, kubernetes, k9s, telegraf, k3s,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: bank-vaults, node-problem-detector, istio-pilot-agent, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, rabbitmq-messaging-topology-operator, containerd, hugo, scorecard, kubernetes-dashboard-metrics-scraper, runc,...

GHSA-Q78C-GWQW-JCMC vulnerabilities

Vulnerabilities for packages: calico, argo-cd, cluster-autoscaler,...

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: caddy, kubernetes, gitlab-kas, thanos, gatekeeper, kubevela, k3s, prometheus-adapter, prometheus, up, keda, ipfs, cert-manager,...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: caddy, kubernetes, gitlab-kas, thanos, gatekeeper, kubevela, k3s, prometheus-adapter, prometheus, up, keda, ipfs, cert-manager,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, rabbitmq-messaging-topology-operator, coredns, hugo, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph, cert-manager-webhook-pdns,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: bank-vaults, croc, secrets-store-csi-driver-provider-azure, spqr, snyk-cli, gitlab-runner, kaf, regclient, coredns, containerd, scorecard, jitsucom-bulker, kubernetes-dashboard-metrics-scraper, flyte, paranoia, runc, gke-gcloud-auth-plugin, tempo,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: bank-vaults, croc, secrets-store-csi-driver-provider-azure, spqr, snyk-cli, gitlab-runner, kaf, regclient, coredns, containerd, scorecard, jitsucom-bulker, kubernetes-dashboard-metrics-scraper, flyte, paranoia, runc, gke-gcloud-auth-plugin, tempo,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, snyk-cli, rabbitmq-messaging-topology-operator, coredns, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: nuclei, bank-vaults, k8sgpt, rekor, cortex, timestamp-authority, tekton-pipelines, secrets-store-csi-driver-provider-azure, chezmoi, teleport, velero, gitlab-runner, py3-cassandra-medusa, restic, step, pulumi, airflow, hugo, goreleaser, zot, cert-manager, flux, trivy,....

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: nuclei, bank-vaults, k8sgpt, rekor, cortex, timestamp-authority, tekton-pipelines, secrets-store-csi-driver-provider-azure, chezmoi, teleport, velero, gitlab-runner, py3-cassandra-medusa, restic, step, pulumi, airflow, hugo, goreleaser, zot, cert-manager, flux, trivy,....

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, gobuster, metrics-server, cortex, helm-push, aws-flb-kinesis, configmap-reload, vertical-pod-autoscaler, grpcurl, sonobuoy, goreleaser, scorecard, cilium-envoy, kubernetes-dashboard-metrics-scraper, kind, falco, gke-gcloud-auth-plugin,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: bank-vaults, node-problem-detector, gobuster, gitlab-runner, kaf, coredns, prometheus-blackbox-exporter, containerd, hugo, kubernetes-dashboard-metrics-scraper, runc, gke-gcloud-auth-plugin, newrelic-infrastructure-agent, dgraph, prometheus-stackdriver-exporter,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, skopeo, istio-pilot-agent, crane, k8sgpt, tekton-pipelines, dagger, kubevela, gitlab-runner, cadvisor, nerdctl, pulumi, zot, goreleaser, scorecard, cert-manager, trivy, tekton-chains, docker-credential-gcr, flux-image-reflector-controller, falco,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: bank-vaults, node-problem-detector, istio-pilot-agent, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, rabbitmq-messaging-topology-operator, containerd, hugo, scorecard, kubernetes-dashboard-metrics-scraper, runc,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: bank-vaults, node-problem-detector, gobuster, istio-pilot-agent, gitlab-shell, secrets-store-csi-driver-provider-azure, gitlab-runner, kaf, coredns, prometheus-blackbox-exporter, containerd, hugo, scorecard, gitlab-kas, terraform-provider-azurerm,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, rabbitmq-messaging-topology-operator, coredns, hugo, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph, cert-manager-webhook-pdns,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: bank-vaults, croc, secrets-store-csi-driver-provider-azure, spqr, snyk-cli, gitlab-runner, kaf, regclient, coredns, containerd, scorecard, jitsucom-bulker, kubernetes-dashboard-metrics-scraper, flyte, paranoia, runc, gke-gcloud-auth-plugin, tempo,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: bank-vaults, node-problem-detector, gobuster, istio-pilot-agent, gitlab-shell, gitlab-runner, kaf, coredns, prometheus-blackbox-exporter, containerd, hugo, kubernetes-dashboard-metrics-scraper, runc, gke-gcloud-auth-plugin, kubescape, newrelic-infrastructure-agent,...

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: skopeo, cilium, apko, istio-pilot-agent, rekor, timestamp-authority, tekton-pipelines, melange, weaviate, vault, nerdctl, rabbitmq-messaging-topology-operator, containerd, goreleaser, dex, cert-manager, istio-cni, tekton-chains, minio, terragrunt, falco, ko, rook,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...

CVE-2023-2878 vulnerabilities

Vulnerabilities for packages: vault-csi-provider,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...

GHSA-8PGV-569H-W5RW vulnerabilities

Vulnerabilities for packages: kubernetes, kyverno, kine, argo-cd, temporal, temporal-server, kubernetes-csi-external-resizer, k3s, kubescape, kubevela, envoy-ratelimit, cri-tools, keda, docker-compose, containerd, cert-manager,...

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: kubernetes, kyverno, kine, argo-cd, temporal, temporal-server, kubernetes-csi-external-resizer, k3s, kubescape, kubevela, envoy-ratelimit, cri-tools, keda, docker-compose, containerd, cert-manager,...