Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a local authenticated attacker (CVE-2023-5752)

Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority...

BIT-PARSE-2021-39187 Crash server with query parameter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

BIT-DRUPAL-2022-39261 Twig may load a template outside a configured directory when using the filesystem loader

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...

openSUSE Security Advisory (SUSE-SU-2024:0288-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Stored XSS executing on RPE report widget when run from within ETM

Summary Stored XSS issue on the RPE report widget has been addressed in RPE and no more seen in IBM Engineering Test Management Vulnerability Details CVEID:CVE-2023-43054 DESCRIPTION: IBM Engineering Test Management is vulnerable to stored cross-site scripting. This vulnerability allows users to...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. IBM Planning Analytics Workspace 2.0 Release 93 has addressed the applicable CVEs by upgrading or removing the vulnerable libraries. Please refer to the table in the...

CVE-2024-26138 License information is public, exposing instance id and license holder details

The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...

CVE-2024-1580

CVE-2024-1580: an integer overflow in the dav1d AV1 decoder can cause memory corruption when decoding large-frame videos. Upgrading past 1.4.0 is recommended. Debian reports fixes in bullseye 0.7.1-3+deb11u1 and bookworm 1.0.0-2+deb12u1. Apple advisories link CVE-2024-1580 to out-of-bounds write ...

Security Bulletin: IBM Event Streams is affected by an unauthenticated access (CVE-2023-22045 and CVE-2023-22049).

Summary This security vulnerability in Java SE related to the VM component and Libraries component could allow a remote attacker to cause low confidentiality and integrity impacts. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM...

Security Bulletin: IBM Event Streams is affected by a remote code execution vulnerability (CVE-2023-26136).

Summary A Remote Code Execution RCE vulnerability in Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Vulnerability Detai...

Information disclosure

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.49 bug fix update and security update

Red Hat OpenShift Container Platform release 4.12.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.31 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JSON-java [CVE-2023-5072]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JSON-java caused by a bug in the parser CVE-2023-5072. JSON-java is used as a component of our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for...

Double free

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation instead of the next generation before...

CVE-2024-1085 Use-after-free in Linux kernel's netfilter: nf_tables component

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation instead of the next generation before...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.57 packages and security update

Red Hat OpenShift Container Platform release 4.11.57 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Security Bulletin: Vulnerabilities in dependent node js modules affect IBM Voice Gateway

Summary Security Vulnerabilities in dependent node js modules affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

CVE-2016-15037

A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0...

Security Bulletin: Vulnerability in ZooKeeper affects IBM Process Mining CVE-2023-44981

Summary There is a vulnerability in ZooKeeper that could allow an attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44981...