Azure Automation State Configuration, DSC Extension Security Vulnerabilities

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: aactl, gitlab-kas, buildkitd, gitsign, spire-server, actions-runner-controller, gh, zot, k3d, skopeo, terraform, bank-vaults, loki, tekton-chains, rekor, flux-kustomize-controller, keda, influxd, policy-controller, ksops, external-dns, k3s, terragrunt, falcoctl,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: gitlab-pages, prometheus-operator, actions-runner-controller, kube-bench, runc, aws-flb-kinesis, bank-vaults, crossplane-provider-gcp, tekton-chains, vertical-pod-autoscaler, kubernetes-dns-node-cache, cass-operator, hugo, kubewatch, chartmuseum, kargo, nats,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, tigera-operator, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, paranoia, k8ssandra-operator, fq,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, kube-bench, runc, hey, vertical-pod-autoscaler, bank-vaults, crossplane-provider-gcp, tekton-chains, kubernetes-dns-node-cache, docker-credential-acr-env, gobump, kubewatch, go-fips, stern, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, ipfs,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, kube-bench, runc, hey, vertical-pod-autoscaler, bank-vaults, crossplane-provider-gcp, tekton-chains, kubernetes-dns-node-cache, docker-credential-acr-env, gobump, kubewatch, go-fips, stern, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, ipfs,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler, dynamic-localpv-provisioner, apko,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, actions-runner-controller, bank-vaults, tekton-chains, docker-credential-acr-env, hugo, kubewatch, nats, wireguard-go, cluster-autoscaler, dynamic-localpv-provisioner, apko, tigera-operator, tekton-pipelines, prometheus-mysqld-exporter, cilium-cli,.....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: gitlab-pages, prometheus-operator, actions-runner-controller, kube-bench, runc, aws-flb-kinesis, bank-vaults, crossplane-provider-gcp, tekton-chains, vertical-pod-autoscaler, kubernetes-dns-node-cache, cass-operator, hugo, kubewatch, chartmuseum, kargo, nats,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: aactl, gitlab-kas, buildkitd, gitsign, spire-server, actions-runner-controller, gh, zot, k3d, skopeo, terraform, bank-vaults, loki, tekton-chains, rekor, flux-kustomize-controller, keda, influxd, policy-controller, ksops, external-dns, k3s, terragrunt, falcoctl,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, tigera-operator, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, paranoia, k8ssandra-operator, fq,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, kube-bench, runc, hey, vertical-pod-autoscaler, bank-vaults, crossplane-provider-gcp, tekton-chains, kubernetes-dns-node-cache, docker-credential-acr-env, gobump, kubewatch, stern, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, ipfs,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, tekton-chains, kubernetes-dns-node-cache, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, nats, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: aactl, gitsign, spire-server, actions-runner-controller, zot, melange, tekton-chains, flux-kustomize-controller, crossplane, keda, policy-controller, terragrunt, pulumi-language-dotnet, crossplane-provider-aws, grafana, falco, apko, pulumi-language-yaml,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, actions-runner-controller, bank-vaults, tekton-chains, docker-credential-acr-env, hugo, kubewatch, nats, wireguard-go, cluster-autoscaler, dynamic-localpv-provisioner, apko, tigera-operator, tekton-pipelines, prometheus-mysqld-exporter, cilium-cli,.....

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler, dynamic-localpv-provisioner, apko,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, tekton-chains, kubernetes-dns-node-cache, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, nats, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, kube-bench, runc, hey, vertical-pod-autoscaler, bank-vaults, crossplane-provider-gcp, tekton-chains, kubernetes-dns-node-cache, docker-credential-acr-env, gobump, kubewatch, stern, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, ipfs,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details ** CVEID: CVE-2024-27268 DESCRIPTION: **IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...

CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...

CVE-2024-38528 Unlimited number of NTS-KE connections can crash ntpd-rs server

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

Code Execution on Git update in github.com/hashicorp/go-getter

A crafted request can execute Git update on an existing maliciously modified Git Configuration. This can potentially lead to arbitrary code execution. When performing a Git operation, the library will try to clone the given repository to a specified destination. Cloning initializes a git config in....

CVE-2024-35116 IBM MQ denial of service

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data

The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...

CVE-2024-35137

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: ...

CVE-2024-35137

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: ...