CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

The vulnerability of the ioctl component of the application management tools and Flatpak environments, which allows a hacker to trigger a service failure

The vulnerability of the ioctl device for application and Flatpak environments relates to the copying of text from the virtual console and its insertion into the command buffer, from which commands can be executed after the Flatpak application is closed. Exploiting this vulnerability could allow ...

The vulnerability of the App component of application management tools and Flatpak environments allows attackers to compromise data integrity.

The vulnerability of the App tool component for managing applications and Flatpak environments is related to the elevation and concealment of permissions. Exploiting this vulnerability can allow a remote attacker to compromise data integrity...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section...

From Top Dogs to Unified Pack

Embracing a consolidated security ecosystem Authored by Ralph Wascow Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber...

CVE-2023-49111

CVE-2023-49111 describes an unauthenticated reflected cross-site scripting vulnerability in Kiuwan SAST deployments with SSO enabled. The issue arises because the login page’s JavaScript block directly includes the request parameter “message,” enabling an attacker to inject script via the paramet...

Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)

IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...

CVE-2024-38329

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

CVE-2024-38329 IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

CVE-2024-38329

CVE-2024-38329 affects IBM Storage Protect for Virtual Environments: Data Protection for VMware, versions 8.1.0.0–8.1.22.0. The root cause is improper validation of user permissions, allowing a remote authenticated attacker to bypass restrictions and change settings, trigger or restore backups, a...

CVE-2024-38329 IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...

Fuji Electric Tellus Lite V-Simulator Buffer Overflow Vulnerability

Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments from Fuji Electric Japan. A buffer overflow vulnerability exists in Fuji Electric Tellus Lite V-Simulator, which stems from an out-of-bounds write vulnerability that can be exploited by an attacker t...

PT-2024-27945 · Ibm · Ibm Storage Protect For Virtual Environments

Name of the Vulnerable Software and Affected Versions: IBM Storage Protect for Virtual Environments: Data Protection for VMware versions 8.1.0.0 through 8.1.22.0 Description: The issue is caused by improper validation of user permission, allowing a remote authenticated attacker to bypass security...

VMware vCenter Server Security Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments that automates the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-01792)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-01793)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service full vulnerability that can be exploited by an attacker to cau...

The vulnerability of the JetBrains plugin for GitHub-integrated development environments for software such as JetBrains Aqua, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA, MPS, PhpStorm, PyCharm, Rider, RubyMine, RustRover, and WebStorm allows attackers to escalate their privileges.

The vulnerability of the JetBrains GitHub-integrated development environments for software products such as Aqua, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA, MPS, PhpStorm, PyCharm, Rider, RubyMine, RustRover, and WebStorm is related to insufficient protection of registration data...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...