Microsoft Windows 1607, 1703, And Windows Server 2016. Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

cfla-acfl.ca Cross Site Scripting vulnerability OBB-3932507

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-52882

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other.....

CVE-2024-36881

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....

CVE-2024-36880

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced...

CVE-2024-36883

In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array,....

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: step-ca, kube-bench, caddy, src, amass, temporal-server, spicedb, telegraf, kine, ferretdb, vault, k3s, keda, trillian, kots,...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: gitsign, goreleaser, melange, falco, neuvector-sigstore-interface, falcoctl, apko, wolfictl, skaffold, kubescape, slsa-verifier, vexctl, tekton-chains, tkn, ko, zarf, zot, flux-source-controller, aactl, policy-controller,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: istio-pilot-discovery, terragrunt, flux-kustomize-controller, sops, dex, oauth2-proxy, gitsign, cloudflared, rekor, tekton-pipelines, argo-workflows, falco, traefik, cert-manager, cosign, kots, kubescape, slsa-verifier, fulcio, external-secrets-operator, vexctl,...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: kargo, goreleaser, dagger, buildkitd, docker-compose, melange, up, trivy, telegraf, prometheus, buf, conftest, wolfictl, kubescape, cadvisor, kaniko, loki, tkn, ctop, ko, crossplane, zot, aactl, datadog-agent, spire-server, syft,...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: falco, kind,...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: flux-kustomize-controller, oauth2-proxy, goreleaser, atlantis, ollama, nats, up, gobuster, prometheus-bind-exporter, telegraf, cue, opentofu, nodetaint, conftest, gke-gcloud-auth-plugin, thanos, grpcurl, kyverno, coredns, kind, keda, ko, haproxy-ingress,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, terragrunt, sops, oauth2-proxy, goreleaser, kyverno-policy-reporter, atlantis, ollama, cloudflared, kubernetes-csi-external-resizer, osv-scanner, actions-runner-controller, crossplane-provider-aws, prometheus-operator, nats, istio-cni, rekor,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: step-ca, kube-bench, caddy, src, amass, temporal-server, spicedb, telegraf, kine, ferretdb, vault, k3s, keda, trillian, kots,...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: py3-pymongo, kubeflow-pipelines-visualization-server,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: kargo, goreleaser, dagger, buildkitd, docker-compose, melange, up, trivy, telegraf, prometheus, buf, conftest, wolfictl, kubescape, cadvisor, kaniko, loki, tkn, ctop, ko, crossplane, zot, aactl, datadog-agent, spire-server, syft,...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

GHSA-HJ3V-M684-V259 vulnerabilities

Vulnerabilities for packages: falco, istio-pilot-agent, istio-pilot-discovery, falcoctl, mc, external-secrets-operator, kyverno, minio, spire-server, istio-operator, boring-registry,...

GHSA-RXV8-V965-V333 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: dask-gateway, kubecolor, aws-ebs-csi-driver, flux-kustomize-controller, sops, oauth2-proxy, atlantis, lazygit, cloudflared, kubernetes-csi-external-resizer, multus-cni, osv-scanner, crossplane-provider-aws, nats-server, redka, rekor, s5cmd, tekton-pipelines, go-fips,.....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, terragrunt, sops, oauth2-proxy, goreleaser, kyverno-policy-reporter, atlantis, ollama, cloudflared, kubernetes-csi-external-resizer, osv-scanner, actions-runner-controller, crossplane-provider-aws, prometheus-operator, nats, istio-cni, rekor,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: dask-gateway, prometheus-operator, nri-nginx, nri-mssql, up, nri-nagios, delve, supercronic, crane, cue, esbuild, opentofu, step, task, prometheus-beat-exporter, tigera-operator, keda, ko, cilium, aws-network-policy-agent, containerd, hcloud, gitsign,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-pipelines, kubeflow-katib, datadog-agent, kubeflow-jupyter-web-app, ggshield, jwt-tool, az, py3-idna, py3.10-tensorflow-core, kubeflow-pipelines-visualization-server, k8s-sidecar,...

CVE-2024-31081 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31082 vulnerabilities

Vulnerabilities for packages:...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: dask-gateway, kubecolor, aws-ebs-csi-driver, flux-kustomize-controller, sops, oauth2-proxy, atlantis, lazygit, cloudflared, kubernetes-csi-external-resizer, multus-cni, osv-scanner, crossplane-provider-aws, nats-server, redka, rekor, s5cmd, tekton-pipelines, go-fips,.....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, flux-kustomize-controller, oauth2-proxy, goreleaser, prometheus-operator, ollama, kubernetes-csi-external-resizer, crossplane-provider-aws, gobuster, prometheus-bind-exporter, flux-image-automation-controller, prometheus-statsd-exporter, telegraf,.....

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-pipelines, kubeflow-katib, datadog-agent, kubeflow-jupyter-web-app, ggshield, jwt-tool, az, py3-idna, py3.10-tensorflow-core, kubeflow-pipelines-visualization-server, k8s-sidecar,...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: falco, kind,...

GHSA-PCJV-393Q-RQF2 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-39320 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: go-bindata, go-md2man, helm-push, wait-for-port, sops, goreleaser, nsc, nats, aws-flb-cloudwatch, kubernetes-dashboard-metrics-scraper, gitlab-logger, influx, cortex, gobuster, configmap-reload, falco, ip-masq-agent, local-path-provisioner, oras,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: terragrunt, flux-kustomize-controller, sops, oauth2-proxy, goreleaser, kyverno-policy-reporter, atlantis, ollama, cloudflared, rekor, actions-runner-controller, crossplane-provider-aws, nats-server, nats, istio-cni, kube-rbac-proxy, nri-mssql, tekton-pipelines, up,...

GHSA-88JX-383Q-W4QC vulnerabilities

Vulnerabilities for packages: gitsign, goreleaser, melange, falco, neuvector-sigstore-interface, falcoctl, apko, wolfictl, skaffold, kubescape, slsa-verifier, vexctl, tekton-chains, tkn, ko, zarf, zot, flux-source-controller, aactl, policy-controller,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: dask-gateway, prometheus-operator, nri-nginx, nri-mssql, up, nri-nagios, delve, supercronic, crane, cue, esbuild, opentofu, step, task, prometheus-beat-exporter, tigera-operator, keda, ko, cilium, aws-network-policy-agent, containerd, hcloud, gitsign,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: dask-gateway, kubecolor, aws-ebs-csi-driver, flux-kustomize-controller, sops, oauth2-proxy, atlantis, lazygit, cloudflared, kubernetes-csi-external-resizer, multus-cni, osv-scanner, crossplane-provider-aws, nats-server, redka, rekor, s5cmd, tekton-pipelines,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: terragrunt, flux-kustomize-controller, sops, gitsign, goreleaser, gitness, actions-runner-controller, crossplane-provider-aws, melange, falco, pulumi-language-dotnet, rclone, pulumi-language-yaml, flux-image-automation-controller, pulumi-language-java, grafana, apko,.....

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: timestamp-authority, containerd, istio-pilot-discovery, terragrunt, flux-kustomize-controller, kargo, dex, oauth2-proxy, gitsign, goreleaser, skopeo, cloudflared, rekor, istio-cni, melange, tekton-pipelines, argo-workflows, frp, falco, step-ca, nerdctl, falcoctl,...

GHSA-VFP6-JRW2-99G9 vulnerabilities

Vulnerabilities for packages: falco, skaffold, kubescape, slsa-verifier, aactl, policy-controller, melange, goreleaser, spire-server, tekton-chains, tkn, apko, cosign,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....

CVE-2023-46737 vulnerabilities

Vulnerabilities for packages: falco, skaffold, kubescape, slsa-verifier, aactl, policy-controller, melange, goreleaser, spire-server, tekton-chains, tkn, apko, cosign,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, flux-kustomize-controller, oauth2-proxy, goreleaser, prometheus-operator, atlantis, ollama, kubernetes-csi-external-resizer, crossplane-provider-aws, nats, istio-cni, up, gobuster, prometheus-bind-exporter, flux-image-automation-controller,...