71 matches found
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "org.apache.cxfcxf-core 3.6.7, io.nettynetty-codec-http 4.1.124.Final , github.com/golang-jwt/jwt/v4 v4.5.0" which are vulnerable to "CVE-2025-48913, CVE-2025-58056, CVE-2024-51744". This bulletin contains information regarding the vulnerabilities and how...
TencentOS Server 4: grafana (TSSA-2025:0323)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0323 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Security Bulletin: IBM Storage Ceph is vulnerable to Aymmetric Resource Consumption and Improper Handling of Exceptions in Grafana (CVE-2024-51744 CVE-2025-30204)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-51744 CVE-2025-30204 Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Uncle...
CVE-2024-51744 affecting package moby-engine for versions less than 25.0.3-13
CVE-2024-51744 affecting package moby-engine for versions less than 25.0.3-13. A patched version of the package is available...
CVE-2024-51744 affecting package moby-engine for versions less than 24.0.9-17
CVE-2024-51744 affecting package moby-engine for versions less than 24.0.9-17. A patched version of the package is available...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in github.com/golang-jwt/jwt/v4 v4.4.2
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of github.com/golang-jwt/jwt/v4 v4.4.2 Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to...
Security Bulletin: IBM Storage Protect Server is susceptible to vulnerabilities due to golang-JWT (CVE-2024-51744)
Summary Golang JWT is used by the IBM Storage Protect Server OSSM and Object Agent component. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of th...
CVE-2024-51744 affecting package prometheus for versions less than 2.45.4-12
CVE-2024-51744 affecting package prometheus for versions less than 2.45.4-12. A patched version of the package is available...
CVE-2024-51744 affecting package packer for versions less than 1.9.5-8
CVE-2024-51744 affecting package packer for versions less than 1.9.5-8. A patched version of the package is available...
CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-3
CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-3. A patched version of the package is available...
CVE-2024-51744 affecting package kubernetes for versions less than 1.30.10-5
CVE-2024-51744 affecting package kubernetes for versions less than 1.30.10-5. A patched version of the package is available...
openSUSE Security Advisory (openSUSE-SU-2025:0131-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-4
CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-4. A patched version of the package is available...
CVE-2024-51744 affecting package keda for versions less than 2.14.1-6
CVE-2024-51744 affecting package keda for versions less than 2.14.1-6. A patched version of the package is available...
CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18
CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18. A patched version of the package is available...
CVE-2024-51744 affecting package flannel for versions less than 0.24.2-13
CVE-2024-51744 affecting package flannel for versions less than 0.24.2-13. A patched version of the package is available...
CVE-2024-51744 affecting package coredns for versions less than 1.11.1-18
CVE-2024-51744 affecting package coredns for versions less than 1.11.1-18. A patched version of the package is available...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2025:1333-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1333-1 advisory. - CVE-2024-6104: cosign: hashicorp/go-retryablehttp: Fixed sensitive information disclosure to l...
CVE-2024-51744 affecting package kubernetes for versions less than 1.28.4-17
CVE-2024-51744 affecting package kubernetes for versions less than 1.28.4-17. A patched version of the package is available...
CVE-2024-51744 affecting package kubevirt for versions less than 0.59.0-27
CVE-2024-51744 affecting package kubevirt for versions less than 0.59.0-27. A patched version of the package is available...