SUSE SLED15 / SLES15 / openSUSE 15 Security Update : build (SUSE-SU-2025:0857-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0857-1 advisory. - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories bnc1230469 Other...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a symlink vulnerability due to Libcontainer and Docker Engine (CVE-2015-3627)

Summary Libcontainer and Docker Engine are used by IBM DataStage on Cloud Pak for Data as part of the container environment. Vulnerability Details CVEID:CVE-2015-3627 DESCRIPTION: A symlink vulnerability in Libcontainer and Docker Engine regarding the file-descriptor being opened prior to...

Security update for build

This update for build fixes the following issues: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories bnc1230469 Other fixes: - Fixed behaviour when using "--shell" aka "osc shell" option in a VM build. Startup is faster and permissions stay intact now. fixes for...

SUSE-SU-2025:0857-1 Security update for build

This update for build fixes the following issues: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories bnc1230469 Other fixes: - Fixed behaviour when using '--shell' aka 'osc shell' option in a VM build. Startup is faster and permissions stay intact now. - fixes fo...

CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4

CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4. A patched version of the package is available...

CVE-2025-22869 affecting package docker-compose for versions less than 2.27.0-4

CVE-2025-22869 affecting package docker-compose for versions less than 2.27.0-4. A patched version of the package is available...

CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4

CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4. A patched version of the package is available...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of...

Docker 4.39.0 (CVE-2025-1696)

The version of Docker installed on the remote host is prior to 4.39.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1696 advisory. - A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive...

CVE-2025-27615

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

Docker Public Registry Detected

This is an informational notice that the scanner was able to detect a public Docker registry instance. No source data...

CVE-2025-27615

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27519

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...

CVE-2025-1696

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an...

CVE-2025-27519

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...

CVE-2025-27519

CVE-2025-27519 concerns Cognita, a TrueFoundry RAG framework. A path traversal flaw exists in the Docker/deployed setup when LocalEnv is true, exploitable via /v1/internal/upload-to-local-directory. An attacker can overwrite /app/backend/init .py, and due to uvicorn with auto-reload in the contai...

CVE-2025-27519 Cognita Arbitrary File Write

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...