CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

Security Bulletin: IBM App Connect Enterprise Certified Container operator, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-24783]

Summary Golang Go is used by the operator, and the IntegrationServer and IntegrationRuntime operands in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator, and IntegrationServer and IntegrationRuntime operands are vulnerable to denial of servic...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2024-3772]

Summary Python module Pydantic is used by IBM App Connect Enterprise Certified Container for validating values in the mapping assistant. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to regular expression denial of service. Th...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to privilege elevation due to [CVE-2023-26604]

Summary systemd is not used directly by IBM App Connect Enterprise Certified Container but is in the images as part of the base operating system. IBM App Connect Enterprise Certified Container operands are vulnerable to privilege elevation. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41725]

Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41725 Vulnerability Details CVEID:CVE-2022-41725 DESCRIPTION: Golang Go is...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to [CVE-2022-38900]

Summary Node.js module decode-uri-component is part of the Node.js runtime used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to query parameter smuggling due to [CVE-2022-2880]

Summary Some components of IBM App Connect Enterprise Certified Container operator and operands are implemented in Golang Go. These components may be vulnerable to query parameter smuggling. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-2880...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges due to [CVE-2022-42919]

Summary Python is used by IBM App Connect Enterprise Certified Container for providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0924

Summary LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27774

Summary cURL is used by IBM App Connect Enterprise Certified Container for internal communication and status checking. IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerabili...

CVE-2021-46088

Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution RCE. Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user...