PT-2024-12404 · Qualcomm · 315 5G Iot Modem Firmware +107

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a transient Denial of Service DOS that occurs when processing multiple payload container types with incorrect container lengths...

Security Bulletin: Apache Derby vulnerability addressed in IBM Business Automation Workflow on containers [CVE-2022-46337]

Summary IBM Business Automation Workflow on containers addessed CVE-2022-46337. A copy of derby is included on container images, but never used in a supported scenario. Even in unsupported scenarios, there is no way of letting derby interact with LDAP. Vulnerability Details CVEID:CVE-2022-46337...

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - Oct 2023 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 11 V23.0.1, IBM® Semeru Runtime 17 V23.0.2. Information about security vulnerabilities in these Java runtumes have been published. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An...

Security Bulletin: Information disclosure vulnerability in IBM WebSphere Application Server Liberty affect IBM Business Automation Workflow - CVE-2023-44483

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM Business Automation Workflow for User Management Services and Process Federation Server. IBM WebSphere Applciation Server Liberty is also the basis for containerized IBM Business Automation Workflow. A security...

container-tools:4.0 security update

buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman 2:4.0.2-26 - rebuild with golang 1.20.12 for CVE-2023-39326 python-podman runc 1:1.1.12-1.0.1 - rebuild with golang 1.20.12 for CVE-2023-3932...

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 10.15.0 security update

The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this updat...

The vulnerability of the deployment and management software for Azure Kubernetes Service Confidential Containers relates to deficiencies in access control, allowing attackers to escalate their privileges.

The vulnerability of the Azure Kubernetes Service Confidential Containers’ deployment and management software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

The vulnerability of the Azure Kubernetes Service Confidential Containers’ deployment and management software lies in insufficient validation of input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Azure Kubernetes Service Confidential Containers’ deployment and management software is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

OESA-2024-1198 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP wi...

November 14, 2023—KB5032196 (OS Build 17763.5122) - EXPIRED

November 14, 2023—KB5032196 OS Build 17763.5122 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. 11/17/20 For...

November 14, 2023—KB5032198 (OS Build 20348.2113)

November 14, 2023—KB5032198 OS Build 20348.2113 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out wh...

Important: Red Hat Bug Fix Advisory: OpenShift sandboxed containers 1.5.2 update

OpenShift sandboxed containers 1.5.2 is now available. OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers...

CVE-2024-21376

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability...

PT-2024-1811 · Microsoft · Azure Kubernetes Service Confidential Containers

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Kubernetes Service Confidential Containers affected versions not specified Description: The issue is related to insufficient input validation in the deployment and management software of Azure Kubernetes Service Confidential...

PT-2024-1812 · Microsoft · Azure Kubernetes Service

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Kubernetes Service Confidential Container affected versions not specified Description: The issue is related to insufficient access controls in the deployment and management of confidential containers in Microsoft Azure...

container-tools:rhel8 security update

An update is available for libslirp, module.runc, module.libslirp, runc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The container-tools module contains tool...

GO-2024-2497 Privilege escalation in github.com/moby/buildkit

BuildKit provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special security.insecure entitlement is enabled both by buildkitd...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a denial-of-service issue in the multi-modal call processor when processing UE policy containers...

BuildKit interactive containers API does not validate entitlements check

...

Security Bulletin: Reflected cross-site scripting vulnerability affects IBM Business Automation Workflow - CVE-2023-50947

Summary IBM Business Automation Workflow is vulnerable to a reflected cross-site scripting attack. Vulnerability Details CVEID:CVE-2023-50947 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...