PT-2024-40989 · Skopeo · Skopeo

Name of the Vulnerable Software and Affected Versions: skopeo versions 1.13.0 through 1.14.1 Description: This update for skopeo fixes several issues, including updates to various modules and dependencies, such as github.com/containers/common, github.com/containers/image/v5, and golang.org/x/term...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.22 packages and security update

Red Hat OpenShift Container Platform release 4.14.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

CVE-2024-33665

The CVE-2024-33665 entry concerns angular-translate up to version 2.19.1, where a crafted translation key can trigger a cross-site scripting (XSS) attack via the translate directive. The Red Hat/IBMer and OSV/NVD records confirm the same description and scope (Angular-translate 2.19.1 and earlier...

Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).

Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...

Security Bulletin: IBM Event Processing is vulnerable to conduct phishing attacks, caused by an open redirect vulnerability (CVE-2023-26159).

Summary There is a vulnerability in follow-redirects used by IBM Event Processing which is categorized as an Improper Input Validation vulnerability due to the improper handling of URLs by the url.parse function. This vulnerability can be exploited by manipulating the hostname when new URL throws...

Insecure sannav access using undocumented Brocade SANnav user "sannav" (no CVE)

An external researcher made a claim that an undocumented "sannav" user with a default password existed in Brocade SANnav OVA v2.1.1 Brocade Response The "sannav" user is documented in the Brocade® SANnav™ Management Portal Installation and Migration Guide, 2.1.1x...

Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication

Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do n...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-29041]

Summary Node.js module Express.js is used by IBM App Connect Enterprise Certified Container for internal HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

Exploit for Path Traversal in Jetbrains Teamcity

RCity - CVE-2024-27198 RCE & Admin Account Creation & CVE-20...

[SECURITY] Fedora 40 Update: rust-1.77.2-1.fc40

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

CVE-2024-29966

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance...

CVE-2024-29966

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance...

CVE-2024-29966 hard-coded credentials in the documentation that appear as the appliance root password

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance...

CVE-2024-29966 hard-coded credentials in the documentation that appear as the appliance root password

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance...

[SECURITY] Fedora 38 Update: rust-1.77.2-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

CVE-2023-21773

creationtimestamp| type| source ---|---|--- 2024-04-18 16:45:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html...

CVE-2023-35358

creationtimestamp| type| source ---|---|--- 2024-04-18 16:45:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html 2024-12-19 18:03:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html 2025-05-23...

Ubuntu: Security Advisory (USN-6735-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service

!IMPORTANT ONLY applications targeting Xamarin Android and .NET Android MAUI are impacted. All others can safely dismiss this CVE. Impact MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.3 inclusive, except 4.59.1 and 4.60....