ROS-20240815-12

The JSON aeson analysis and encoding library vulnerability is related to the creation of a hash collision in the unordered-containers base library by sending specially crafted JSON data. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial of service...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2024:5258)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5258 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

container-tools:ol8 security update

aardvark-dns buildah 2:1.33.8-4 - rebuild for golang fixes - Related: RHEL-28452 cockpit-podman 84.1-1 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1 - Related: Jira:RHEL-25557 conmon 3:2.1.10-1 - update to https://github.com/containers/conmon/releases/tag/v2.1.10...

runc: Multiple Vulnerabilities

Background runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Description Multiple vulnerabilities have been discovered in runc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF001

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF001 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitra...

GO-2024-3042 Podman vulnerable to memory-based denial of service in github.com/containers/podman

Podman vulnerable to memory-based denial of service in github.com/containers/podman...

(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag within a devcontainer...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-33008

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.24 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

The vulnerability of Eclipse Jetty servlet containers, related to improper handling of citation syntax, allows attackers to execute arbitrary code.

The vulnerability of Eclipse Jetty servlet containers relates to the creation of the command line, which contains multiple tokens instead of just one. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SUSE SLES15 / openSUSE 15 Security Update : cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (SUSE-SU-2024:2638-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2638-1 advisory. Update to version 1.59.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.59.0 - Releas...

SUSE-SU-2024:2669-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: - Updat...

PT-2024-41003 · Kubevirt · Kubevirt

Name of the Vulnerable Software and Affected Versions: kubevirt versions prior to 1.2.2 Description: The issue is related to kubevirt and its associated containers, including virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container,...

The vulnerability of the github.com/containers/image library, related to improper checking of integrity values, allows attackers to trigger service failures, perform path traversal attacks, or carry out other malicious actions.

The vulnerability of the github.com/containers/image library is related to improper checking of integrity values. Exploiting this vulnerability could allow a remote attacker to cause service failures, perform path traversal attacks, or exert other types of influence...

Fedora 40 : kubernetes (2024-30f39c25ae)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-30f39c25ae advisory. Update to v1.29.7 for FC40. Resolves CVE-2024-5321: Incorrect permissions on Windows containers logs. Additional bug and regression fixes from upstream...

Security Bulletin: Security Vulnerability fixed in IBM Security Directory Integrator (CVE-2022-32754, CVE-2024-28722)

Summary The IBM Security Directory Integrator product is vulnerable to cross-site scripting which affects the IBM Security Directory Server Vulnerability Details CVEID:CVE-2022-32754 DESCRIPTION: IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...