MiracleLinux 9 : nodejs-16.17.1-1.el9 (AXSA:2022-4091:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4091:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

OESA-2025-2070 restic security update

restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: A vulnerability was found in Microsoft Azure Identity Library and Microsoft Authentication Library Cloud Software the affected version unknown. It has been rated as problematic.Using CWE...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: The use of...

CVE-2024-35255 affecting package prometheus for versions less than 2.45.4-11

CVE-2024-35255 affecting package prometheus for versions less than 2.45.4-11. A patched version of the package is available...

CVE-2024-35255 affecting package telegraf for versions less than 1.31.0-1

CVE-2024-35255 affecting package telegraf for versions less than 1.31.0-1. A patched version of the package is available...

openSUSE Security Advisory (SUSE-SU-2025:0750-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-35255 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1

CVE-2024-35255 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1. An upgraded version of the package is available that resolves this issue...

Security Bulletin: Vulnerability in Microsoft Azure Identity Libraries and Microsoft Authentication Library affects watsonx.data

Summary Microsoft Azure Identity Libraries and Microsoft Authentication Library is vulnerable to elevation of privileges attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-35255 DESCRIPTION: Microsoft Azure Identity Libraries and Microsoft Authentication Library could...

Security Bulletin: A vulnerability in Microsoft.BotBuilder affects IBM Robotic Process Automation which may result in elevated privileges (CVE-2024-35255).

Summary A vulnerability in Microsoft.BotBuilder affects IBM Robotic Process Automation which may result in elevated privileges. Microsoft.BotBuilder is used to enable communication between Azure Bot Services and the ChatBot API. This bulletin identifies the security fixes to apply to address the...

Security Bulletin: vulnerability in Microsoft Azure Identity affects IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by a vulnerability in Microsoft Azure Identity that can cause Privilege escalation CVE-2024-35255 Vulnerability Details CVEID:CVE-2024-35255 DESCRIPTION: Microsoft Azure Identity Libraries and Microsoft Authentication Library could allow a local...

CVE-2024-35255 affecting package blobfuse2 for versions less than 2.3.2-1

CVE-2024-35255 affecting package blobfuse2 for versions less than 2.3.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-35255 affecting package keda for versions less than 2.14.1-1

CVE-2024-35255 affecting package keda for versions less than 2.14.1-1. An upgraded version of the package is available that resolves this issue...

python310-azure-identity-1.18.0-1.1 on GA media (moderate)

python310-azure-identity-1.18.0-1.1 on GA media Announcement ID: openSUSE-SU-2024:14362-1 Rating: moderate Cross-References: CVE-2024-35255 CVSS scores: CVE-2024-35255 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-35255 SUSE : 6.8...

openSUSE Security Advisory (SUSE-SU-2024:3345-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python-azure-identity (SUSE-SU-2024:3345-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3345-1 advisory. - CVE-2024-35255: Fixed an Azure identity libraries elevation of privilege vulnerability. bsc1230100 Tenable has extracted the...

SUSE-SU-2024:3345-1 Security update for python-azure-identity

This update for python-azure-identity fixes the following issues: - CVE-2024-35255: Fixed an Azure identity libraries elevation of privilege vulnerability. bsc1230100...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-708)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-708 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to...

Important: amazon-cloudwatch-agent

Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...

Important: amazon-cloudwatch-agent

Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...

Important: amazon-cloudwatch-agent

Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...