Lenovo Ibm Bladecenter Hs22, Hs22v, Hs23, Hs23e, Hx5 Earlier Than 66z Security Vulnerabilities

CVE-2024-38520 SoftEther VPN with L2TP - 2.75x Amplification

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...

CVE-2024-38520 SoftEther VPN with L2TP - 2.75x Amplification

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...

CVE-2024-35545

MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS)...

CVE-2024-35545

MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS)...

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...

CVE-2024-6354

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM...

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

CVE-2024-6354

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and libcurl may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty and libcurl. The flaws can lead to weaker than expected security for outbound TLS connections and bypass of security restrictions, as described in the "Vulnerability...

Security Bulletin: IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component ( CVE-2024-25710,CVE-2024-26308).

Summary IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component. Apache Flink uses Commons Compress for handling compressed files and formats, enabling efficient data processing and storage. Vulnerability Details ** CVEID:...

CVE-2024-6354

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details ** CVEID: CVE-2022-25857 DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

CVE-2023-7008 affecting package systemd for versions less than 123

CVE-2023-7008 affecting package systemd for versions less than 123. A patched version of the package is...

CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18

CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18. A patched version of the package is...

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-29402 affecting package golang for versions less than 1.20.7-1

CVE-2023-29402 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...

CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1

CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...

CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15

CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15. No patch is available...

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is...

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is...

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...

CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1

CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1. A patched version of the package is...

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2024-24787 affecting package msft-golang for versions less than 1.22.3

CVE-2024-24787 affecting package msft-golang for versions less than 1.22.3. A patched version of the package is...

CVE-2023-45283 affecting package golang for versions less than 1.21.6-1

CVE-2023-45283 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...