Moderate: Red Hat Security Advisory: rhc-worker-script security and enhancement update

An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

CVE-2024-29952 Clear text storage of sensistive information by manipulating command variables

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables...

CVE-2024-29952 Clear text storage of sensistive information by manipulating command variables

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables...

An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

...

IBM Security verify Access Appliance Denial of Service Vulnerability

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

MinIO vulnerability exploit CVE-2023-28432 Description T...

CVE-2024-32003

wn-dusk-plugin Dusk plugin is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment such as headless Chrome to act as a user in the Backend or User plugin without having ...

Code Injection

org.apache.zeppelin/zeppelin is vulnerable to Code Injection. The vulnerability is due to improper handling of configuration overrides such as ZEPPELININTPCLASSPATHOVERRIDES, allowing attackers to execute shell scripts or inject malicious code though environment variables...

OESA-2024-1406 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A...

Advisory ROSA-SA-2024-2396

Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional...

GHSA-HJQ6-52GW-2G7P yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, alo...

Security Bulletin: Multiple Security Vulnerabilities were found in Open Source libraries used to deploy IBM Security Verify Access Appliances (CVE-2024-31871, CVE-2024-31872, CVE-2024-31873, CVE-2024-31874)

Summary An Open Source repository of python deployment scripts for ISVA Appliance is published on GitHub at https://github.com/IBM-Security/ibmsecurity. Vulnerabilities reported in the public repository have been addressed. Vulnerability Details CVEID:CVE-2024-31872 DESCRIPTION: IBM Security Veri...

CVE-2024-31874

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318...

CVE-2024-31874

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318...

CVE-2024-31874 IBM Security Verify Access Appliance denial of service

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318...

CVE-2024-31874 IBM Security Verify Access Appliance denial of service

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318...

CVE-2024-31874

CVE-2024-31874 affects IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7. The root cause is uninitialized variables during deployment, which could allow a local user to cause a denial of service. Impact is local, with availability degraded (DoS) as described in multiple sources....

IBM Security Verify Access 安全漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...

PT-2024-24262 · Ibm · Ibm Security Verify Access Appliance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 Description: The issue is related to the use of uninitialized variables when deploying, which could allow a local user to cause a denial of service. Recommendations: For IBM...

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...