IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.2, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.6, 7.5.0, 7.6.0 Security Vulnerabilities

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: flux-image-automation-controller, datadog-agent, kyverno-policy-reporter, dagger, external-dns, dynamic-localpv-provisioner, tigera-operator, grafana-operator, argo-cd, velero, thanos, kuberay-operator, terraform-provider-azurerm, argo-workflows, helm, kpt, ctop,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: gobump, external-dns, extism, dynamic-localpv-provisioner, libnvidia-container, grafana-operator, dockerize, tigera-operator, thanos, hello-world-golang, helm, docker-credential-acr-env, docker-credential-gcr, kpt, src-fingerprint, ctop, grpcurl, kubebuilder, rclone,.....

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: nri-jmx, gobump, dagger, external-dns, kuberay-operator, neuvector-controller, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached,....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: flux-image-automation-controller, datadog-agent, kyverno-policy-reporter, dagger, external-dns, dynamic-localpv-provisioner, tigera-operator, grafana-operator, argo-cd, velero, thanos, kuberay-operator, terraform-provider-azurerm, argo-workflows, helm, kpt, ctop,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: nri-jmx, gobump, external-dns, kuberay-operator, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, kube-rbac-proxy, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached, kor,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: gobump, external-dns, extism, dynamic-localpv-provisioner, libnvidia-container, grafana-operator, dockerize, tigera-operator, thanos, hello-world-golang, helm, docker-credential-acr-env, docker-credential-gcr, kpt, src-fingerprint, ctop, grpcurl, kubebuilder, rclone,.....

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: gobump, external-dns, extism, dynamic-localpv-provisioner, libnvidia-container, grafana-operator, dockerize, tigera-operator, thanos, hello-world-golang, helm, docker-credential-acr-env, docker-credential-gcr, kpt, src-fingerprint, ctop, grpcurl, kubebuilder, rclone,.....

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: nri-jmx, gobump, external-dns, kuberay-operator, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, kube-rbac-proxy, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached, kor,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: nri-jmx, gobump, dagger, external-dns, kuberay-operator, neuvector-controller, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached,....

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: nerdctl, cloudflared, frp, step-ca, istio-cni, argo-cd, kyverno, gitsign, keda, cert-manager, argo-workflows, rook, falcoctl, policy-controller, istio-pilot-agent, guac, terragrunt, istio-pilot-discovery, melange, wolfictl, grafana, ko, spire-server, goreleaser,...

GHSA-MFG4-W44M-WR4G vulnerabilities

Vulnerabilities for packages:...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: nri-jmx, gobump, dagger, external-dns, kuberay-operator, neuvector-controller, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached,....

CVE-2024-29025 vulnerabilities

Vulnerabilities for packages: cloudwatch-exporter, selenium, management-api-for-apache-cassandra, wavefront-proxy, spark, opensearch, keycloak,...

GHSA-5JPM-X58V-624V vulnerabilities

Vulnerabilities for packages: cloudwatch-exporter, selenium, management-api-for-apache-cassandra, wavefront-proxy, spark, opensearch, keycloak,...

CVE-2021-43618 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: nerdctl, cloudflared, frp, step-ca, istio-cni, argo-cd, kyverno, gitsign, keda, cert-manager, argo-workflows, rook, falcoctl, policy-controller, istio-pilot-agent, guac, terragrunt, istio-pilot-discovery, melange, wolfictl, grafana, ko, spire-server, goreleaser,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: gobump, external-dns, extism, dynamic-localpv-provisioner, libnvidia-container, grafana-operator, dockerize, tigera-operator, thanos, hello-world-golang, helm, docker-credential-acr-env, docker-credential-gcr, kpt, src-fingerprint, ctop, grpcurl, kubebuilder, rclone,.....

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: nri-jmx, gobump, dagger, external-dns, kuberay-operator, neuvector-controller, fuse-overlayfs-snapshotter, direnv, kube-state-metrics, cri-tools, node-feature-discovery, flux-image-reflector-controller, fulcio, cadvisor, prometheus-nats-exporter, shfmt, nri-memcached,....

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...

ruby:3.3 security, bug fix, and enhancement update

An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37697) Security Fix(es): ruby: Buffer overread...

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-35449) Security Fix(es): ruby: Buffer overread...

ruby:3.1 security, bug fix, and enhancement update

An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ipa security update

An update is available for ipa. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized.....

libvirt bug fix update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

Important: ipa security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user...

idm:DL1 security update

An update is available for module.pyusb, module.opendnssec, custodia, module.custodia, pyusb, module.python-kdcproxy, module.slapi-nis, opendnssec, python-yubico, slapi-nis, ipa-healthcheck, softhsm, module.python-qrcode, module.softhsm, module.ipa-healthcheck, python-qrcode, module.python-yubico,....

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available...

fence-agents security and bug fix update

An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....

Moderate: idm:DL1 and idm:client security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): JWCrypto: denail of service Via specifically crafted JWE...

Moderate: idm:DL1 security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of...

Important: idm:DL1 security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to...

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...

pmix security update

An update is available for pmix. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Process Management Interface (PMI) provides process management functions...

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37446) Security Fix(es): ruby: Buffer overread...

idm:DL1 and idm:client security update

An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...

Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

Important: pmix security update

The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): pmix: race condition allows...

smartmontools bug fix and enhancement update

An update is available for smartmontools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36501

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...

CVE-2024-36501

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...