23 matches found
Security Bulletin: IBM Cloud Pak for Data is vulnerable to improper verification of cryptographic signature due to elliptic ( CVE-2024-48949 )
Summary Potential vulnerabilities in elliptic module CVE-2024-48949 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-48949 DESCRIPTION: The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits...
Fedora: Security Advisory (FEDORA-2024-362915851c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2024-48949
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits sig.S.gtesig.eddsa.curve.n || sig.S.isNeg validation...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards that use COS S3 storage are vulnerable to denial of service and security restrictions bypass [CVE-2024-48948] [CVE-2024-48949]
Summary Node.js module elliptic is used by IBM App Connect Enterprise Certified Container for signature validation. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to denial of service and security restrictions bypass. This bulletin provide...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release
Red Hat OpenShift Dev Spaces 3.17 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534. Following the Red Hat Product Security standards this update is rated as having a security impact of...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.8 bug fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.8.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.8 bug fixes and container updates
Multicluster Engine for Kubernetes 2.3.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Fedora 41 : yarnpkg (2024-362915851c)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-362915851c advisory. Update bundled ws CVE-2024-37890 ---- Update bundled elliptic to fix CVE-2024-48949. Tenable has extracted the preceding description block directly...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.12.0 security and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.12.0 GA release images are now available, which contain security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
SUSE SLED15: pgadmin4 / pgadmin4-cloud / pgadmin4-desktop / pgadmin4-doc / etc (SUSE-SU-2024:3771-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3771-1 advisory. - CVE-2024-38355: Fixed socket.io: unhandled 'error' event bsc1226967 - CVE-2024-38998: Fixed...
openSUSE Security Advisory (SUSE-SU-2024:3771-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:3771-1 Security update for pgadmin4
This update for pgadmin4 fixes the following issues: - CVE-2024-38355: Fixed socket.io: unhandled 'error' event bsc1226967 - CVE-2024-38998: Fixed requirejs: prototype pollution via function config bsc1227248 - CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts..configur...
RHEL 8 : grafana (RHSA-2024:8507)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8507 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: elliptic: Missing...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.9.5 bug fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.9.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
Fedora: Security Advisory (FEDORA-2024-66b0bdad35)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CBL Mariner 2.0 Security Update: reaper (CVE-2024-48949)
The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-48949 advisory. - The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits...
python310-pytest-html-4.1.1-2.1 on GA media (moderate)
python310-pytest-html-4.1.1-2.1 on GA media Announcement ID: openSUSE-SU-2024:14403-1 Rating: moderate Cross-References: CVE-2024-48949 CVSS scores: CVE-2024-48949 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2024-48949 SUSE : 8.8...
CVE-2024-48949 affecting package reaper for versions less than 3.1.1-13
CVE-2024-48949 affecting package reaper for versions less than 3.1.1-13. A patched version of the package is available...
CVE-2024-48949
creationtimestamp| type| source ---|---|--- 2024-10-10 04:12:14+00:00| seen| https://t.me/cvedetector/7540...
0x-relayer-cat (>=0.0.2 <=0.0.10), 0xauth (>=0.0.2 <=0.0.6) +8838 more potentially affected by CVE-2024-48949 via elliptic (>=0.10.2 <=6.5.5)
elliptic NPM version =0.10.2, =0.0.2, =0.0.2, =1.0.6, =0.0.1-beta.1, =1.0.0, =0.1.0, =0.0.92, =0.1.3, =4.2.1, =6.2.1, =6.2.4 and more Source cves: CVE-2024-48949 Source advisory: OSV:GHSA-434G-2637-QMQR...