Azure Linux 3.0 Security Update: kernel (CVE-2024-41002)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41002 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak...

EUVD-2024-19895

Malicious code in bioql PyPI...

EUVD-2024-21055

Malicious code in bioql PyPI...

CVE-2024-22334

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-54271

creationtimestamp| type| source ---|---|--- 2024-12-13 23:59:52+00:00| seen| https://infosec.exchange/users/cve/statuses/113648231497720047...

CVE-2024-23560

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

CVE-2024-23560

The CVE-2024-23560 issue affects HCL DevOps Deploy / HCL Launch, arising from incomplete revocation of permissions when deleting a custom security resource type. Public details indicate potential integrity impact (I=HIGH) with no confidentiality/availability impact; CVSS base scores are MEDIUM. N...

CVE-2024-22334 IBM UrbanCode Deploy improper privilege control

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-22334

Summary : CVE-2024-22334 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with an incomplete revocation of permissions when deleting a custom security resource type. The issue can cause associated permissions of objects using that type to remain or be misreported, leading to inaccurate p...

CVE-2024-22334 IBM UrbanCode Deploy improper privilege control

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2022-33163

IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571...

Qualcomm 芯片代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and are from time to time fabricated on the surface of semiconductor wafers. A code issue vulnerability exists in various Qualcomm products that...

多款Qualcomm产品配置错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. Qualcomm A misconfiguration vulnerability exists in multiple products,...

CVE-2018-2024

IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 155350...

PT-2019-10033 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.2 through 7.3 Description: The issue allows a security-critical resource to be read or modified by unintended actors due to improper permission specifications. Recommendations: For IBM QRadar SIEM versions 7.2 throu...

Unikrn: Full Path Disclosure

HI security team! we can see path on your resource. https://crm.unikrn.com/app/bundles/CampaignBundle/EventListener/LeadSubscriber.php You must create a ban on viewing the script from the outside using .htaccess Impact Full Path Disclosure https://www.owasp.org/index.php/FullPathDisclosure...

CVE-2018-1370

IBM Security Guardium Big Data Intelligence SonarG 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769...

CVE-2016-9722

IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737...

Creaking Patch Tuesday's Viability Rests with Quality, Speed

Today is Patch Tuesday, the 11-year-old procession of security bulletins from Microsoft streamed out automatically to consumers of Windows Update, and pulled en masse by enterprise admins worldwide needing to test each for compatibility. This is how it’s been done since shortly after Bill Gates’...