Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to Insertion of Sensitive Information into Log File vulnerability (CVE-2025-1998)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD stores potentially sensitive authentication token information in log files that could be read by a local user. Vulnerability Details CVEID:CVE-2025-1998 DESCRIPTION: IBM UrbanCode Deploy UCD stores potentially sensitive authentication token...

MAL-2025-2726 Malicious code in zimu-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22290f844fd48d3682b9fff232fa6d8150d38d19a8553cafb8c7ed003ee0da4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in zimu-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22290f844fd48d3682b9fff232fa6d8150d38d19a8553cafb8c7ed003ee0da4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Kyverno ignores subjectRegExp and IssuerRegExp

Summary Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Details Kyverno checks only subject and issuer fields when verifying an...

CVE-2025-0255

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements...

CVE-2025-0255

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements...

CVE-2025-0255 HCL DevOps Deploy / HCL Launch is susceptible to command injection vulnerability

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements...

CVE-2025-0255 HCL DevOps Deploy / HCL Launch is susceptible to command injection vulnerability

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements...

CVE-2025-0255

CVE-2025-0255 affects HCL DevOps Deploy / HCL Launch. The vulnerability is a command-injection flaw where a remote, authenticated attacker could execute arbitrary commands by sending specially crafted input containing special elements. Evidence from multiple sources confirms the core vulnerabilit...

CVE-2025-0256

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function...

CVE-2025-0256

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function...

CVE-2025-0256 HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function...

CVE-2025-0256 HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function...

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

eisen (=0.1.9), eisen-deploy (>=0.0.1 <=0.0.2) potentially affected by CVE-2024-6577 via torchserve (=0.0.1b20200409)

torchserve PYPI version =0.0.1b20200409 is affected by a known vulnerability. The following packages have a transitive dependency on torchserve and may be impacted: - eisen =0.1.9 - eisen-deploy =0.0.1, =0.0.2 Source cves: CVE-2024-6577 Source advisory: OSV:GHSA-XX7C-J7H3-VJCQ...

GHSA-W6FV-6GCC-X825 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Impact Zincati ships a polkit rule which allows the zincati system user to use the following actions: - org.projectatomic.rpmostree1.deploy: used to deploy updates to the system - org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati...

MAL-2025-2348 Malicious code in k8s-deploy-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84c86c15f129692c3b73b16951c9f12754789e3a5ea36e3e5d517e05c7e0231b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to an attacker with deploy privilege [CVE-2025-0799]

Summary IBM App Connect Enterprise Certified Container is vulnerable to an attacker with deploy privilege. Malicious bar files could allow an attacker with deploy privilege to write arbitrary files in the container for a running IBM App Connect Enterprise Certified Container IntegrationRuntime or...

CVE-2025-2040

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack ca...