Уязвимость инструмента настройки сервисов Consul и Consul Enterprise, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать аварийное завершение работы приложения

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.

Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.

Не показывается splash, если включен вывод на serial console

Не работает plymouth на UEFI с ядром un-def

Уязвимость языка программирования Go, связанная с ошибками при обработке специальных символов "<>" в контексте CSS, позволяющая нарушителю выполнить произвольный код

Уязвимость языка программирования Go, связанная с ошибками при обработке пробельных символов в контексте JavaScript, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость языка программирования Go, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю внедрить произвольные атрибуты в теги HTML

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.