Magento 1& 2 Security Vulnerabilities

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-29402 affecting package golang for versions less than 1.20.7-1

CVE-2023-29402 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...

CVE-2020-4041 affecting package bolt 0.9.2-2

CVE-2020-4041 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2021-27367 affecting package bolt 0.9.2-2

CVE-2021-27367 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2019-15484 affecting package bolt 0.9.2-2

CVE-2019-15484 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2022-31321 affecting package bolt 0.9.2-2

CVE-2022-31321 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1

CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...

CVE-2023-0475 affecting package k3s 1.24.12-2

CVE-2023-0475 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...

CVE-2022-47021 affecting package opusfile 0.12-2

CVE-2022-47021 affecting package opusfile 0.12-2. No patch is available...

CVE-2021-3672 affecting package pgbouncer 1.16.1-1

CVE-2021-3672 affecting package pgbouncer 1.16.1-1. No patch is available...

CVE-2022-38752 affecting package snakeyaml 1.25-2

CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...

CVE-2022-36069 affecting package poetry 1.0.10-2

CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available...

CVE-2022-25857 affecting package snakeyaml 1.25-2

CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...

CVE-2011-1429 affecting package mutt 2.2.12-1

CVE-2011-1429 affecting package mutt 2.2.12-1. No patch is available...

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...

CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1

CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1. A patched version of the package is...

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...

CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2

CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2. This CVE either no longer is or was never...

CVE-2023-45285 affecting package msft-golang for versions less than 1.22.3-1.

CVE-2023-45285 affecting package msft-golang for versions less than 1.22.3-1.. A patched version of the package is...

CVE-2023-45283 affecting package msft-golang for versions less than 1.20.11-1

CVE-2023-45283 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...

CVE-2023-25674 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25674 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25663 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25663 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25673 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25673 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-27579 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-27579 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25666 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25666 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25671 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25671 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25659 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25659 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-39318 affecting package msft-golang for versions less than 1.20.10-1

CVE-2023-39318 affecting package msft-golang for versions less than 1.20.10-1. A patched version of the package is...

CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1

CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-24540 affecting package msft-golang for versions less than 1.20.11-1

CVE-2023-24540 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...

CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1

CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...

CVE-2023-29400 affecting package golang for versions less than 1.20.7-1

CVE-2023-29400 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2022-3294 affecting package k3s 1.24.12-2

CVE-2022-3294 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...

CVE-2019-15483 affecting package bolt 0.9.2-2

CVE-2019-15483 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2019-9185 affecting package bolt 0.9.2-2

CVE-2019-9185 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2015-7309 affecting package bolt 0.9.2-2

CVE-2015-7309 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2020-4040 affecting package bolt 0.9.2-2

CVE-2020-4040 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...