Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid scheduling in rtasosterm. It is unsafe to use rtasbusydelay to handle a busy status from the IBM,os-term RTAS function in rtasosterm: Kernel Panic – Not Syncing: Attempted to kill init! Exitcode = 0x0000000b...

EUVD-2023-34859

Malicious code in bioql PyPI...

Security Bulletin: Multiple vulnerabilities in multiple dependencies affect IBM MessageGateway/ MessageSight

Summary There are multiple vulnerabilities in Liberty, IBM Runtime Environment Java Version 8.0, Dojo and OpenSSL used by IBM MessageGateway/ MessageSight Vulnerability Details CVEID:CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could allow a...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

Security Bulletin: A Security Vulnerability was discovered in IBM Runtime Environment, Java Technology Edition provided with IBM Security Directory Suite (CVE-2023-33850)

Summary A Security Vulnerability was addressed in IBM Semeru Runtime Certified Edition provided with IBM Security Verify Directory and IBM Runtime Environment, Java Technology Edition provided with IBM Security Directory Suite. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM...

CentOS 7 : java-1.8.0-ibm (RHSA-2022:6756)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6756 advisory. - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unspecified vulnerabilities and sensitive information exposure due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by unspecified vulnerabilities and sensitive information exposure due to IBM Java 8. IBM Sterling Connect:Direct for UNI...

CVE-2024-29032

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...

CVE-2024-29032 `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...

CVE-2024-29032

Qiskit IBM Runtime is affected by a vulnerability in the JSON deserialization path of qiskit_ibm_runtime.RuntimeDecoder. In versions starting from 0.1.0 up to but before 0.21.2, deserializing a specially crafted JSON string can lead to arbitrary code execution. The issue is fixed in version 0.21....

bosonic-qiskit (>=0.0.0 <=12.2.6), iqm-benchmarks (>=1.3.0 <=1.6.0) +5 more potentially affected by CVE-2024-29032 via qiskit-ibm-runtime (=0.20.0)

qiskit-ibm-runtime PYPI version =0.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on qiskit-ibm-runtime and may be impacted: - bosonic-qiskit =0.0.0, =1.3.0, =0.34.1, =0.3.0, =0.14.0, =0.1.6, =0.1.10 Source cves: CVE-2024-29032 Source advisory:...

`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code

Summary deserializing json data using qiskitibmruntime.RuntimeDecoder can be made to execute arbitrary code given a correctly formatted input string Details RuntimeDecoder is supposed to be able to deserialize JSON strings containing various special types encoded via RuntimeEncoder. However, one...

CVE-2024-29032

creationtimestamp| type| source ---|---|--- 2024-03-19 19:48:53+00:00| published-proof-of-concept| https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition

Summary IBM Sterling Connect:Direct for Microsoft Windows uses IBM Runtime Environment Java Technology Edition Version 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition

Summary IBM Sterling Connect:Direct File Agent uses IBM Runtime Environment Java Technology Edition, Version 7 and 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related ...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote attack and denial of service due to IBM Runtime Environment Java Technology Edition (CVE-2023-22081, CVE-2023-5676)

Summary IBM Sterling Connect:Direct File Agent uses IBM Runtime Environment Java Technology Edition, Version 7 and 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related ...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM MQ which is shipped with IBM Intelligent Operations Center.

Summary Multiple security vulnerabilities have been identified in IBM MQ which shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM MQ has been published in a security bulletin CVE-2023-5072, CVE-2023-22081, CVE-2023-5676 Vulnerability Details...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no...