CVE-2023-45288 affecting package node-problem-detector for versions less than 0.8.17-3

CVE-2023-45288 affecting package node-problem-detector for versions less than 0.8.17-3. A patched version of the package is available...

CBL Mariner 2.0 Security Update: azcopy / blobfuse2 / cert-manager / cf-cli (CVE-2024-24786)

The version of azcopy / blobfuse2 / cert-manager / cf-cli installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24786 advisory. - The protojson.Unmarshal function can enter an infinite loop when...

CVE-2024-24786 affecting package node-problem-detector for versions less than 0.8.17-2

CVE-2024-24786 affecting package node-problem-detector for versions less than 0.8.17-2. A patched version of the package is available...

CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.17-2

CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.17-2. An upgraded version of the package is available that resolves this issue...

AZL-39505 CVE-2023-45288 affecting package node-problem-detector for versions less than 0.8.17-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38575 CVE-2023-45288 affecting package node-problem-detector for versions less than 0.8.15-4

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.15-1

CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.15-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.15-1

CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.15-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.15-1

CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.15-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-29526 affecting package node-problem-detector for versions less than 0.8.15-1

CVE-2022-29526 affecting package node-problem-detector for versions less than 0.8.15-1. An upgraded version of the package is available that resolves this issue...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: cert-exporter, crossplane, kargo, cloudflared, step-ca, restic, velero, flux-kustomize-controller, ollama, crossplane-provider-aws-cloudfront, falcosidekick, grafana-agent-operator, ipfs, metacontroller, terragrunt, crossplane-provider-aws-cloudwatchlogs,...

AZL-35667 CVE-2024-24786 affecting package node-problem-detector for versions less than 0.8.15-2

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: cert-exporter, crossplane, velero, hello-world-golang, q, docker-credential-gcr, dynamic-localpv-provisioner, prometheus-adapter, wire-go, slsa-verifier, hey, yq, cfssl, mockery, kube-rbac-proxy, kube-logging-operator, nodetaint, gh, fuse-overlayfs-snapshotter,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: nodetaint, pulumi, falcoctl, crossplane-provider-aws-lambda, k9s, rclone, buildkitd, prometheus-node-exporter, protoc-gen-go-grpc, secrets-store-csi-driver, ipfs, spark-operator, hugo-extended, cfssl, kyverno-policy-reporter, crossplane-provider-aws-firehose,...

AZL-37119 CVE-2024-24786 affecting package node-problem-detector for versions less than 0.8.17-2

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.10-20

CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.10-20. A patched version of the package is available...

CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.10-19

CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.10-19. A patched version of the package is available...

AZL-35443 CVE-2023-48795 affecting package node-problem-detector for versions less than 0.8.20-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: buildkitd, src, slsa-verifier, kubescape, k3d, cortex, spark-operator, up, dgraph, falco, kubeflow, ipfs, kubevela, prometheus-blackbox-exporter, aactl, terraform-provider-sendgrid, scorecard...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: prometheus-stackdriver-exporter, terraform-provider-sendgrid-fips, dynamic-localpv-provisioner-fips, smarter-device-manager-fips, falcoctl-fips, src, cortex, slsa-verifier, buildkitd, scorecard, falco, cluster-autoscaler-fips, prometheus-adapter-fips, up, aactl,...