Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

Goodbye, dark Telegram: Blocks are pushing the underground out

Telegram has won over users worldwide, and cybercriminals are no exception. While the average user chooses a messaging app based on convenience, user experience and stability and perhaps, cool stickers, cybercriminals evaluate platforms through a different lens. When it comes to anonymity, privac...

Ransomware gang claims Conduent breach: what you should watch for next [updated]

Update – October 30, 2025: New information confirms that Conduent’s 2024 breach has impacted over 10.5 million people, based on notifications filed with multiple state attorneys general. The largest disclosure came from the Oregon government, which reported a total of 10.5 million affected US...

EUVD-2025-5288

Malicious code in bioql PyPI...

Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024

A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 CVSS score: 7.8, a local privileg...

Solaris 10 (sparc): 120272-42

SunOS 5.10: SunOS 5.10: SMA patch. Date this patch was last updated by Sun : Oct/14/24 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255265; scriptversion"1.1";...

CyberPanel < 2.3.8 RCE Direct Check (CVE-2024-51378)

The CyberPanel installed on the remote host is affected by a remote code execution vulnerability. getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or...

Oracle Java SE Multiple Vulnerabilities (October 2024)

Oracle Java SE Multiple Vulnerabilities October 2024 CVE-2024-36138 CVSS 3.1 Base Score 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Brocade SANnav not affected: VEX Justification: Vulnerablecodecannotbecontolledbyadversary CVE-2023-42950 CVSS 3.1 Base Score 7.5 CVSS Vector:...

CVE-2024-9513

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in October 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21235...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

Linux Distros Unpatched Vulnerability : CVE-2024-46756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 2024-10-24: CVE-2024-46828 was added to this advisory. 2024-10-24: CVE-2024-46840 was added to this advisory. 2024-10-24: CVE-2024-46822 was added to this...

E-Kent Pallium Vehicle Tracking 安全漏洞

E-Kent Pallium Vehicle Tracking is a vehicle tracking system from E-Kent. A security vulnerability exists in E-Kent Pallium Vehicle Tracking prior to version 17.10.2024, which stems from improperly stored hard-coded credentials and sensitive data, which could lead to authentication bypass...

CVE-2024-50693

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the userService API model...

CVE-2024-50687

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the devService API model...

CVE-2024-50686

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the commonService API model...

CVE-2024-50687

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the devService API model...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917 are affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their October 2024 Critical Patch Update, plus CVE-2024-10917. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2024. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability ...

Security Bulletin: Vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - October 2024 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...