Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details CVEID:CVE-2023-38371 DESCRIPTION: IBM Security Access Manager uses weaker than expected cryptographic algorithms that could...

Automad 2.0.0-alpha.4 Cross Site Scripting

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...

MAL-2024-2956 Malicious code in remove-docker-tag (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in remove-docker-tag (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in browserstack-docker-example (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1842 Malicious code in browserstack-docker-example (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE-SU-2024:2182-1 Security update for python-docker

This update for python-docker fixes the following issues: - CVE-2024-35195: Fixed missing certificate verification bsc1224788...

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence AI infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud...

GHSA-7GJR-HCC3-XFR4 Improper line feed handling in zenml

A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...

Improper line feed handling in zenml

A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...

CVE-2024-4460

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-4460

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-4460

CVE-2024-4460: ZenML prior to v0.57.1 is affected by a DoS due to improper handling of newline characters in component names when adding components via API (api/v1/workspaces/default/components). This can cause uncontrolled resource consumption and prevent adding components or registering stacks;...

CVE-2024-4460

...

CVE-2024-4460

...

Important: docker

Issue Overview: A file permissions vulnerability was found in Moby Docker Engine. Copying files by using into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker acce...

CVE-2020-27352

When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...

CVE-2020-27352

The CVE-2020-27352 issue affects snapd (e.g., the docker snap and similar snaps) where the systemd service units for these snaps are generated without setting Delegate=yes. This omission allows systemd to move processes from containers managed by the snap into the cgroup of the snap’s main daemon...

CVE-2020-27352

When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...