Kaspersky Security Center & Kaspersky Security Center Web Console Security Vulnerabilities

Tuesday, July 2, 2024 Security Releases

Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...

GHSA-84PR-M4JR-85G5 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: py3-jinja2, confluent-docker-utils, kubeflow-jupyter-web-app, reflex, superset, dask-gateway, pytorch,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: py3-tensorflow-serving-api, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: py3-jinja2, confluent-docker-utils, kubeflow-jupyter-web-app, reflex, superset, dask-gateway, pytorch,...

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: py3-tensorflow-serving-api, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool,...

CVE-2024-1681 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: airflow, datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, reflex, ggshield, superset, py3.10-tensorflow-core, patroni, py3-cassandra-medusa, az, jwt-tool, kubeflow-volumes-web-app,...

CVE-2024-37891 vulnerabilities

Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...

CVE-2023-46136 vulnerabilities

Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug,...

CVE-2024-35195 vulnerabilities

Vulnerabilities for packages: airflow, datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, reflex, ggshield, superset, py3.10-tensorflow-core, patroni, py3-cassandra-medusa, az, jwt-tool, kubeflow-volumes-web-app,...

GHSA-HRFV-MQP8-Q5RW vulnerabilities

Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug,...

GHSA-34JH-P97F-MPXF vulnerabilities

Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...

CVE-2024-6387

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

vrecenze.cz Cross Site Scripting vulnerability OBB-3939808

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

directory-online.biz Cross Site Scripting vulnerability OBB-3939807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Automation Decision Services for May 2024 - Multiple CVEs addressed

Summary "IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed." Vulnerability Details ** CVEID:...

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH's...

A week in security (June 24 – June 30)

Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data...

blitzwolfeurope.com Cross Site Scripting vulnerability OBB-3939804

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Juniper Networks Releases Critical Security Update for Routers

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Using....

londonwarmemorial.co.uk Cross Site Scripting vulnerability OBB-3939803

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

au-magasin-de-velo.fr Cross Site Scripting vulnerability OBB-3939802

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: User configuration failures in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-50312)

Summary IBM Storage Protect Operations Center may be affected by user configuration failures in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...

Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-27270)

Summary IBM Storage Protect Operations Center may be affected by cross-site scripting vulnerability due to servlet-6.0 feature enabled in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3...

Security Bulletin: Server-side request forgery vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-22329)

Summary IBM Storage Protect Operations Center may be affected by server-side request forgery vulnerability in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...

Security Bulletin: Denial of service caused by jose4j in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by jose4j in IBM WebSphere Application Server Liberty. CVE-2023-51775. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by improper input...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-45285, CVE-2023-39326, CVE-2023-45283...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-45283, CVE-2023-45284)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity of host system, caused by failure related with filepath and safefilepath packages. This bulletin identifies the steps to address the vulnerabilities....

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2024-24785, CVE-2023-45289, CVE-2024-24783, CVE-2023-45290, CVE-2024-24784)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to denial of service, loss of confidentiality, integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Storage Protect Server may be vlunerable to machine-in-the-middle attack due to Golang Go (CVE-2023-48795)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to denial of service, loss of confidentiality and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-39318, CVE-2023-39321, CVE-2023-39319,...

Security Bulletin: IBM Storage Protect Server may be susceptible to loss of confidentiality vulnerability due to Golang Go (CVE-2023-45287)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality caused by timing-side channel attack in RSA based key exchange methods used in crypto/tls. Vulnerability Details ** CVEID: CVE-2023-45287 DESCRIPTION: **Golang Go could...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to execution of arbitrary code caused by improper enforvement of line directive restrictions, and denial of service caused by an uncontrolled resource consumption flaw in the net/http and...

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server ( CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296)

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, loss of confidentiality, integrity or availability. CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296. This bulletin...

Security Bulletin: Denial of service vulnerability in Amazon Ion may affect IBM Storage Protect Server

Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-21634 DESCRIPTION: **Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...

CVE-2024-20081

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID:...

CVE-2024-20077

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID:...

CVE-2024-20079

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID:...

CVE-2024-20081

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID:...

CVE-2024-20080

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID:...

CVE-2024-20078

In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID:...