Mobile, Desktop, Server, Workstation, And Embedded Processors Based On Intel Core And Atom Processors Using An Affected Driver. Security Vulnerabilities

BIT-cilium-proxy-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

BIT-bpftool-2021-45941

libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and...

stuco.com Cross Site Scripting vulnerability OBB-3939819

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Model Extraction from Neural Networks

A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it's a...

duplo-frank.de Cross Site Scripting vulnerability OBB-3939818

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stuco.ch Cross Site Scripting vulnerability OBB-3939816

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH...

Exploit for CVE-2024-6387

cve-2024-6387-poc a signal handler race condition in...

Exploit for CVE-2024-37765

Description MachForm up to version 19 is affected by an...

BIT-python-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to...

Exploit for Improper Input Validation in Microsoft

CVE-2024-20666 Vulnerability Patch Guide Welcome to the...

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, calico, spark-operator, cluster-autoscaler, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, node-feature-discovery, nodetaint, local-static-provisioner,...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: metrics-server, kind,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: dex, vault, aactl, cosign, keda, istio-pilot-discovery, kots, traefik, sops, cilium-envoy, fulcio, external-secrets-operator, terragrunt, tkn, cert-manager, flux-kustomize-controller, falco, kubescape, argo-workflows, flux-source-controller, slsa-verifier,...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: datadog-agent, py3-pymongo,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: src, vault, amass, ferretdb, keda, caddy, temporal-server, trillian, kots, argo-workflows, kine, kube-bench, spicedb, step-ca, telegraf,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: src, vault, amass, ferretdb, keda, caddy, temporal-server, trillian, kots, argo-workflows, kine, kube-bench, spicedb, step-ca, telegraf,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: bank-vaults, aactl, flux-helm-controller, cosign, keda, pulumi, rook, k3d, flux-image-reflector-controller, glab, sops, falcoctl, pulumi-kubernetes-operator, flux, flux-notification-controller, fulcio, k3s, actions-runner-controller, influxd, kargo, kubevela, nuclei,.....

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: pytorch, py3-pillow,...

GHSA-M87M-MMVP-V9QM vulnerabilities

Vulnerabilities for packages:...

CVE-2023-3955 vulnerabilities

Vulnerabilities for packages: argo-cd, calico, aws-efs-csi-driver,...

CVE-2024-21047 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21062 vulnerabilities

Vulnerabilities for packages:...

GHSA-5XQ9-RCPJ-P52V vulnerabilities

Vulnerabilities for packages:...

GHSA-88H4-JW57-85V9 vulnerabilities

Vulnerabilities for packages:...

GHSA-R27R-5FWH-VXQW vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: docker-compose, aactl, syft, grype, cadvisor, ctop, dagger, conftest, kargo, ko, goreleaser, tkn, trivy, melange, kubescape, zot, telegraf, datadog-agent, kaniko, up, spire-server, buildkitd, loki, buf, wolfictl, prometheus,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: docker-compose, aactl, syft, grype, cadvisor, ctop, dagger, conftest, kargo, ko, goreleaser, tkn, trivy, melange, kubescape, zot, telegraf, datadog-agent, kaniko, up, spire-server, buildkitd, loki, buf, wolfictl, prometheus,...

CVE-2024-20994 vulnerabilities

Vulnerabilities for packages:...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: aactl, falcoctl, ko, goreleaser, tkn, zarf, melange, falco, kubescape, slsa-verifier, flux-source-controller, policy-controller, neuvector-sigstore-interface, zot, gitsign, tekton-chains, wolfictl, skaffold, apko, spire-server,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, cosign, keda, syft, velero, cilium-cli, prometheus-beat-exporter, kots, restic, rook, rqlite, falcoctl, spicedb, vertical-pod-autoscaler, flux, configmap-reload, flux-notification-controller, fulcio, prometheus-stackdriver-exporter, dagger,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, istio-envoy, flux-notification-controller, prometheus-stackdriver-exporter, dgraph, nri-prometheus, ip-masq-agent, nginx-stable, goreleaser, minio, cert-manager, sigstore-scaffolding, envoy-ratelimit,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: bank-vaults, aactl, flux-helm-controller, cosign, keda, pulumi, rook, k3d, flux-image-reflector-controller, glab, sops, falcoctl, pulumi-kubernetes-operator, flux, flux-notification-controller, fulcio, k3s, actions-runner-controller, influxd, kargo, kubevela, nuclei,.....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, falcoctl, vertical-pod-autoscaler, flux, flux-notification-controller, prometheus-stackdriver-exporter, yq, dgraph, nri-prometheus, prometheus-pushgateway, trillian, goreleaser, prometheus-postgres-exporter,....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, cosign, keda, syft, velero, cilium-cli, prometheus-beat-exporter, kots, restic, rook, rqlite, falcoctl, spicedb, vertical-pod-autoscaler, flux, configmap-reload, flux-notification-controller, fulcio, prometheus-stackdriver-exporter, dagger,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: bank-vaults, cosign, keda, harbor-registry, pulumi, fluent-bit-plugin-loki, teleport, velero, restic, rook, flux-image-reflector-controller, step, sops, falcoctl, traefik, flux, fulcio, sqlpad, external-secrets-operator, k8sgpt, chezmoi, goreleaser, rclone,...

GHSA-Q78C-GWQW-JCMC vulnerabilities

Vulnerabilities for packages: argo-cd, calico, aws-efs-csi-driver,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...