PT-2023-19941 · Wings · Wings

Name of the Vulnerable Software and Affected Versions: Wings versions prior to v1.11.3 Wings versions prior to v1.7.3 Description: The vulnerability in Wings allows attackers to create new files and directory structures on the host system, potentially enabling them to change resource allocations,...

Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow - CVE-2022-25887

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2022-25887 DESCRIPTION: Node.js sanitize-html module is vulnerable to a denial of service, caused by insecure global regular expression replacement logic of HTML comment removal. ...

The vulnerability of Eclipse Jetty servlet containers arises from insufficient validation of input data, allowing attackers to cause failures in the proxy script.

The vulnerability of Eclipse Jetty servlet containers exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause failures in the proxy scenarios...

Moderate: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 7.0.0 [security update]

The components for Red Hat OpenShift support for Windows Container 7.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has...

SUSE: Security Advisory (SUSE-SU-2023:0187-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2023:0187-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0187-1 advisory. - Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remot...

Spring Security < 5.5.7 / 5.6.x < 5.6.4 Authorization Bypass

The remote host contains a Spring Security version that is prior to 5.5.7 or 5.6.x prior to 5.6.4. It is, therefore, affected by an authorization bypass vulnerability. - In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to ...

podman bug fix and enhancement update

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

container-tools:rhel8 bug fix and enhancement update

An update is available for runc, aardvark-dns, podman, oci-seccomp-bpf-hook, buildah, toolbox, slirp4netns, criu, cockpit-podman, fuse-overlayfs, container-selinux, conmon, libslirp, containernetworking-plugins, udica, containers-common, netavark, skopeo, crun, python-podman. This update affects...

OESA-2023-1020 kubernetes security update

Container cluster management. Security Fixes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.CVE-2021-25743...

Important: Red Hat Bug Fix Advisory: updated RHEL-8 based Middleware Containers container images

Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2022:9058 see References Users of RHEL-8 based Middleware Containers container images are advise...

DEBIAN-CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

SUSE: Security Advisory (SUSE-SU-2022:4607-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:4606-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2022-38065

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges...

OpenStack 代码问题漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. OpenStack suffers from a security vulnerability that stems from an elevation of privileges vulnerability in the sudo function, where a misconfiguration in /etc/sudoers within a container...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SUSE: Security Advisory (SUSE-SU-2022:4409-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Path Traversal

github.com/containers/podman is vulnerable to path traversal. The vulnerability exists in the multiple parameters in build.go because incorrect absolute path traversal which allows an attacker to create files outside the designated target directory using malicious file names...

SUSE: Security Advisory (SUSE-SU-2022:4349-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...