Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access OpenID Connect Provider (CVE-2024-22338)

Summary The IBM Security Verify Access OpenID Connect Provider could disclose sensitive information to a local user. This has been addressed in the OIDC Provider 23.12. Vulnerability Details CVEID:CVE-2024-22338 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose sensitive...

Security Bulletin: IBM Security Verify Access is vulnerable to a specially crafted HTTP request

Summary IBM Security Verify Access Appliance/Container and IBM Application Gateway are vulnerable to information disclosure or denial of service due to a specially crafted HTTP request. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

FreeBSD : gitea -- Prevent anonymous container access (bd7592a1-cbfd-11ee-a42a-5404a6f3ca32)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd7592a1-cbfd-11ee-a42a-5404a6f3ca32 advisory. - Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

gitea -- Prevent anonymous container access

Problem Description: Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

PT-2023-23589

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...

docker-engine docker-engine-selinux security and bugfix update

1.12.6-1.0.1 - Enable configuration of Docker daemon via sysconfig orabug 21804877 - Require UEK4 for docker 1.9 orabug 22235639 22235645 - Add docker.conf for prelink orabug 25147708 1.12.6 - the systemd unit file /usr/lib/systemd/system/docker.service contains local changes, or - a systemd...