Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP55 and Version 8 SR6-FP0 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in Oct2019. Vulnerability Details...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2022-4470:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4470:01 advisory. podman: possible information disclosure and modification CVE-2022-2989 buildah: possible information disclosure and modification CVE-2022-2990 Tenab...

MiracleLinux 9 : container-tools, python-podman-4.2.0-1.el9, toolbox-0.0.99.3-5.el9 (AXSA:2023-5056:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5056:01 advisory. golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28851 golang.org/x/text: Panic in...

EUVD-2026-2989

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...

MiracleLinux 7 : java-11-openjdk-11.0.5.10-0.el7 (AXSA:2019-4349:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4349:04 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...

GHSA-4CJ3-9M97-2989 vulnerabilities

Vulnerabilities for packages: gitlab-operator-fips...

Amazon Linux 2 : cairo, --advisory ALAS2-2025-2989 (ALAS-2025-2989)

The version of cairo installed on the remote host is prior to 1.15.12-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2989 advisory. An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program...

CVE-2019-2989 vulnerabilities

Vulnerabilities for packages: openjdk...

TencentOS Server 3: container-tools (TSSA-2023:0109)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0109 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-2989

creationtimestamp| type| source ---|---|--- 2025-03-31 10:30:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9629 2025-03-31 13:20:14+00:00| seen| https://t.me/cvedetector/21568...

Linux Distros Unpatched Vulnerability : CVE-2022-2989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modificatio...

CVE-2022-2989 affecting package podman 4.1.1-5

CVE-2022-2989 affecting package podman 4.1.1-5. This CVE either no longer is or was never applicable...

CentOS 7 : lasso (RHSA-2021:2989)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2989 advisory. - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. CVE-2021-28091 Note that Nessus has not tested for this issue but ha...

SUSE: Security Advisory (SUSE-SU-2024:2989-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for conmon (SUSE-SU-2023:2989-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-2989

creationtimestamp| type| source ---|---|--- 2024-01-09 18:46:51+00:00| seen| https://t.me/ctinow/165209 2024-01-09 20:16:15+00:00| seen| https://t.me/ctinow/165315...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2022:7822)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7822 advisory. - An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data...

Ubuntu 22.04 LTS : Podman vulnerability (USN-6295-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6295-1 advisory. It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execu...

SUSE SLES15 / openSUSE 15 Security Update : conmon (SUSE-SU-2023:2989-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2989-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Mageia: Security Advisory (MGASA-2023-0213)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...