YARPP – Yet Another Related Posts Plugin Security Vulnerabilities

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

CVE-2024-36002

In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_pin_on_pin_register() for multiple parent pins In scenario where pin is registered with multiple parent pins via dpll_pin_on_pin_register(..), all belonging to the same dpll device. A second call to...

CVE-2024-35994

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APP_SEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory.....

CVE-2024-35996

In the Linux kernel, the following vulnerability has been resolved: cpu: Re-enable CPU mitigations by default for !X86 architectures Rename x86's to CPU_MITIGATIONS, define it in generic code, and force it on for all architectures exception x86. A recent commit to turn mitigations off by default...

CVE-2024-35979

In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1_write_request() r1_bio->bios[] is used to record new bios that will be issued to underlying disks, however, in raid1_write_request(), r1_bio->bios[] will set to the original...

CVE-2024-35960

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find...

CVE-2024-35968

In the Linux kernel, the following vulnerability has been resolved: pds_core: Fix pdsc_check_pci_health function to use work thread When the driver notices fw_status == 0xff it tries to perform a PCI reset on itself via pci_reset_function() in the context of the driver's health thread. However,...

CVE-2024-35958

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or...

CVE-2024-35957

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probed devices") adds all devices probed by the iommu driver in a rbtree indexed by the source ID of each device. It assumes...

CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low.....

CVE-2024-36007 mlxsw: spectrum_acl_tcam: Fix warning during rehash

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

CVE-2024-36002 dpll: fix dpll_pin_on_pin_register() for multiple parent pins

In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_pin_on_pin_register() for multiple parent pins In scenario where pin is registered with multiple parent pins via dpll_pin_on_pin_register(..), all belonging to the same dpll device. A second call to...

CVE-2024-35996 cpu: Re-enable CPU mitigations by default for !X86 architectures

In the Linux kernel, the following vulnerability has been resolved: cpu: Re-enable CPU mitigations by default for !X86 architectures Rename x86's to CPU_MITIGATIONS, define it in generic code, and force it on for all architectures exception x86. A recent commit to turn mitigations off by default...

CVE-2024-35994 firmware: qcom: uefisecapp: Fix memory related IO errors and crashes

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APP_SEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory.....

CVE-2024-35979 raid1: fix use-after-free for original bio in raid1_write_request()

In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1_write_request() r1_bio->bios[] is used to record new bios that will be issued to underlying disks, however, in raid1_write_request(), r1_bio->bios[] will set to the original...

CVE-2024-35968 pds_core: Fix pdsc_check_pci_health function to use work thread

In the Linux kernel, the following vulnerability has been resolved: pds_core: Fix pdsc_check_pci_health function to use work thread When the driver notices fw_status == 0xff it tries to perform a PCI reset on itself via pci_reset_function() in the context of the driver's health thread. However,...

CVE-2024-35960 net/mlx5: Properly link new fs rules into the tree

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find...

CVE-2024-35958 net: ena: Fix incorrect descriptor free behavior

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or...

CVE-2024-35957 iommu/vt-d: Fix WARN_ON in iommu probe path

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probed devices") adds all devices probed by the iommu driver in a rbtree indexed by the source ID of each device. It assumes...

CVE-2024-35948 bcachefs: Check for journal entries overruning end of sb clean section

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low.....

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: grpcurl, falco, go, hey, k3d, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, restic,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: k3s, datadog-agent, cadvisor, skopeo, kots, skaffold, ingress-nginx-controller, runc, k3d, buildkitd, docker, wolfictl, ctop, newrelic-infrastructure-agent, trivy, kaniko, syft, nvidia-device-plugin, kubescape, kubernetes, telegraf, zarf, k9s, nerdctl, grype,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: tctl, aactl, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, prometheus-stackdriver-exporter, istio-envoy, cue, oauth2-proxy, buildkitd, keda, pulumi, metacontroller, ollama, nginx-mainline, nvidia-device-plugin, prometheus, coredns, hugo, argo-cd,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, hugo-extended, aactl, nri-discovery-kubernetes, terraform, skopeo, memcached-exporter, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, prometheus-stackdriver-exporter, cass-operator, istio-pilot-discovery,....

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, kubernetes-csi-livenessprobe, prometheus-stackdriver-exporter, direnv, nri-nagios, pulumi, prometheus-pushgateway, k8sgpt, terragrunt, trivy, flyte, nri-mongodb, hello-world-golang,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: crossplane, kubernetes-csi-external-resizer, aactl, skopeo, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, wave, kyverno-policy-reporter-kyverno-plugin, guac, rekor, cue, harbor-scanner-trivy, oauth2-proxy, rclone, spegel, direnv, buildkitd,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: crossplane, kubernetes-csi-external-resizer, aactl, skopeo, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, wave, kyverno-policy-reporter-kyverno-plugin, guac, rekor, cue, harbor-scanner-trivy, oauth2-proxy, rclone, spegel, direnv, buildkitd,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: grpcurl, nsc, oras, hey, wait-for-port, aactl, nri-discovery-kubernetes, metrics-server, sonobuoy, dgraph, docker-cli, prometheus-stackdriver-exporter, cass-operator, kind, go-licenses, gops, cilium-envoy, gosu, protoc-gen-go-grpc, amass, k3d, cni-plugins,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: tctl, kubernetes-csi-external-resizer, aactl, terraform, memcached-exporter, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, prometheus-stackdriver-exporter, cue, oauth2-proxy, buildkitd, keda, pulumi, prometheus-alertmanager, prometheus-pushgateway,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, hugo-extended, aactl, nri-discovery-kubernetes, terraform, skopeo, memcached-exporter, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, prometheus-stackdriver-exporter, cass-operator, istio-pilot-discovery,....

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: grpcurl, falco, go, hey, k3d, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, restic,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, kubernetes-csi-livenessprobe, prometheus-stackdriver-exporter, direnv, nri-nagios, pulumi, prometheus-pushgateway, k8sgpt, terragrunt, trivy, flyte, nri-mongodb, hello-world-golang,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: tctl, kubernetes-csi-external-resizer, aactl, terraform, memcached-exporter, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, prometheus-stackdriver-exporter, istio-pilot-discovery, cue, oauth2-proxy, istio-cni, buildkitd, keda, pulumi,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: crossplane, kubernetes-csi-external-resizer, aactl, skopeo, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, wave, kyverno-policy-reporter-kyverno-plugin, guac, rekor, cue, harbor-scanner-trivy, oauth2-proxy, rclone, spegel, direnv, buildkitd,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: grpcurl, nsc, oras, hey, wait-for-port, aactl, nri-discovery-kubernetes, metrics-server, sonobuoy, dgraph, docker-cli, prometheus-stackdriver-exporter, cass-operator, kind, go-licenses, gops, cilium-envoy, gosu, protoc-gen-go-grpc, amass, k3d, cni-plugins,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: grpcurl, nsc, oras, hey, wait-for-port, aactl, nri-discovery-kubernetes, metrics-server, sonobuoy, dgraph, docker-cli, prometheus-stackdriver-exporter, cass-operator, kind, go-licenses, gops, cilium-envoy, gosu, protoc-gen-go-grpc, amass, k3d, cni-plugins,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: grpcurl, nsc, oras, hey, wait-for-port, aactl, nri-discovery-kubernetes, metrics-server, sonobuoy, dgraph, docker-cli, prometheus-stackdriver-exporter, cass-operator, kind, go-licenses, gops, cilium-envoy, gosu, protoc-gen-go-grpc, amass, k3d, cni-plugins,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: tctl, kubernetes-csi-external-resizer, aactl, terraform, memcached-exporter, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, prometheus-stackdriver-exporter, istio-pilot-discovery, cue, oauth2-proxy, istio-cni, buildkitd, keda, pulumi,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: tctl, kubernetes-csi-external-resizer, aactl, terraform, memcached-exporter, kubernetes-csi-livenessprobe, crossplane-provider-aws, src, prometheus-stackdriver-exporter, cue, oauth2-proxy, buildkitd, keda, pulumi, prometheus-alertmanager, prometheus-pushgateway,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: tctl, aactl, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, prometheus-stackdriver-exporter, istio-envoy, cue, oauth2-proxy, buildkitd, keda, pulumi, metacontroller, ollama, nginx-mainline, nvidia-device-plugin, prometheus, coredns, hugo, argo-cd,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: prometheus-blackbox-exporter, pulumi-language-dotnet, tctl, aactl, terraform, flux-kustomize-controller, metrics-server, kubeflow-katib, kubernetes-csi-livenessprobe, dgraph, kots, src, prometheus-stackdriver-exporter, node-problem-detector, cosign,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: tctl, crossplane, kubernetes-csi-external-resizer, esbuild, nri-discovery-kubernetes, terraform, memcached-exporter, kubernetes-csi-livenessprobe, src, cass-operator, kyverno-policy-reporter-kyverno-plugin, cue, protoc-gen-go-grpc, supercronic, direnv, buildkitd,...