CVE-2024-54462

CVE-2024-54462 concerns the Flutter image_picker_android component. The issue arises from unsanitized filenames created by image_picker, which can be exploited by a malicious document provider to have a user select an image file from that provider and potentially override internal files in the ap...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-52798]

Summary node.js module path-to-regexp is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in node.js module...

virtio_net: Add hash_key_length check

...

PT-2025-2802 · Unknown · Celk Saude

Name of the Vulnerable Software and Affected Versions: Celk Saude version 3.1.252.1 Description: The issue arises from improper validation or sanitization of the erro parameter, which is returned as a response when incorrect credentials are entered during login. This makes the component susceptib...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages bsc1235147 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2024-38808)

Summary A vulnerability in VMware Tanzu Spring Framework that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes ingress-nginx (CVE-2024-7646)

Summary A vulnerability in Kubernetes ingress-nginx that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7646 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an...

Security Bulletin: Vulnerability in GNU glibc affects IBM Integrated Analytics System [CVE-2024-33599]

Summary Redhat provided GNU glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-33599 Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds...

Security Bulletin: Vulnerability in GNU glibc affects IBM Integrated Analytics System [CVE-2024-33601]

Summary Redhat provided GNU glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-33601 Vulnerability Details CVEID:CVE-2024-33601 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in expressjs body-parser (CVE-2024-45590)

Summary A vulnerability in expressjs body-parser that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially...

Security Bulletin: Vulnerability in GNU glibc affects IBM Integrated Analytics System [CVE-2024-2961]

Summary Redhat provided GNU glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-2961 Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Vulnerability in Apache ZooKeeper ( CVE-2024-51504) affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential security bypass vulnerability CVE-2024-51504 has been identified related to Apache ZooKeeper that affects IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to OpenSSH vulnerability CVE-2024-6387

Summary IBM Db2 Big SQL on Cloud Pak for Data embeds a variant of the IBM Db2 database server that runs in MPP mode. For MPP functionality such as scale-out, internally the server uses the secure shell SSH protocol for inter-pod communication. SSH protocol is not exposed to external users or...

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2024-1975]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-1975 Vulnerability Details CVEID:CVE-2024-1975 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error if a server hosts a zone...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to information disclosure (CVE-2024-40706)

Summary An information disclosure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-40706 DESCRIPTION: IBM InfoSphere Information Server could allow a remote user to obtain sensitive version information that could aid in further attacks against the...

GHSA-WWX5-GPGR-VXR7 ismp-grandpa crate accepted incorrect signatures

A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. Description The vulnerability manifests as a verifer that only accepts incorrect signatures of Grandpa precommits and was introduce...

CVE-2025-0290

Removed by vendor...

CVE-2024-53068 affecting package kernel for versions less than 6.6.64.2-1

CVE-2024-53068 affecting package kernel for versions less than 6.6.64.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-50245 affecting package kernel for versions less than 6.6.64.2-1

CVE-2024-50245 affecting package kernel for versions less than 6.6.64.2-1. An upgraded version of the package is available that resolves this issue...

SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP4) (SUSE-SU-2025:0248-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0248-1 advisory. This update for the Linux Kernel 5.14.21-15040024116 fixes several issues. The following security issues were fixed: - CVE-2024-36971: Fixed...