ABAP Platform & Server (KERNEL) Security Vulnerabilities

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and libcurl may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty and libcurl. The flaws can lead to weaker than expected security for outbound TLS connections and bypass of security restrictions, as described in the "Vulnerability...

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details ** CVEID: CVE-2022-25857 DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

Multiple vulnerabilities in TP-Link Omada system could lead to root access

The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN...

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

CVE-2022-3114 affecting package kernel 5.15.158.2-1

CVE-2022-3114 affecting package kernel 5.15.158.2-1. No patch is available...

CVE-2022-45885 affecting package kernel 5.15.158.2-1

CVE-2022-45885 affecting package kernel 5.15.158.2-1. No patch is available...

CVE-2022-40133 affecting package kernel 5.15.158.2-1

CVE-2022-40133 affecting package kernel 5.15.158.2-1. No patch is available...

CVE-2022-2961 affecting package kernel 5.15.158.2-1

CVE-2022-2961 affecting package kernel 5.15.158.2-1. No patch is available...

CVE-2021-3847 affecting package kernel 5.15.158.2-1

CVE-2021-3847 affecting package kernel 5.15.158.2-1. No patch is available...

CVE-2022-4543 affecting package kernel 5.15.158.2-1

CVE-2022-4543 affecting package kernel 5.15.158.2-1. No patch is available...

CVE-2022-38457 affecting package kernel 5.15.158.2-1

CVE-2022-38457 affecting package kernel 5.15.158.2-1. No patch is available...

CVE-2023-23039 affecting package kernel 5.10.189.1-1

CVE-2023-23039 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-3114 affecting package kernel 5.10.189.1-1

CVE-2022-3114 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-3108 affecting package kernel 5.10.189.1-1

CVE-2022-3108 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-45885 affecting package kernel 5.10.189.1-1

CVE-2022-45885 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-3344 affecting package kernel 5.10.189.1-1

CVE-2022-3344 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-38457 affecting package kernel 5.10.189.1-1

CVE-2022-38457 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-2961 affecting package kernel 5.10.189.1-1

CVE-2022-2961 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2021-3669 affecting package kernel 5.10.189.1-1

CVE-2021-3669 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-38096 affecting package kernel 5.10.189.1-1

CVE-2022-38096 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-0480 affecting package kernel 5.10.189.1-1

CVE-2022-0480 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-40133 affecting package kernel 5.10.189.1-1

CVE-2022-40133 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2023-26242 affecting package kernel 5.10.189.1-1

CVE-2023-26242 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2023-0468 affecting package kernel 5.10.189.1-1

CVE-2023-0468 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-4543 affecting package kernel 5.10.189.1-1

CVE-2022-4543 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2021-3773 affecting package kernel 5.10.189.1-1

CVE-2021-3773 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2021-3847 affecting package kernel 5.10.189.1-1

CVE-2021-3847 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, slsa-verifier, tekton-chains, cert-manager, cloudflared, aactl, oauth2-proxy, cosign, keda, cilium-envoy, terragrunt, falco, argo-cd, rekor, dex, vexctl, kyverno, spire-server, tekton-pipelines, gitsign,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, kubeflow-katib, aactl, nghttp2, secrets-store-csi-driver, haproxy-ingress, kind, opentofu, influxd, prometheus-elasticsearch-exporter, dynamic-localpv-provisioner, prometheus, dotnet, kubewatch, dex, mc, grype, atlantis, skaffold, hugo,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, vault, temporal-server, keda, k3s, kube-bench,...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: wolfictl, aactl, datadog-agent, buildkitd, kargo, syft, telegraf, cadvisor, ko, prometheus, crossplane, loki, zot, conftest, dagger, grype, ctop, docker-compose, spire-server, buf, melange, trivy, kaniko, goreleaser, tkn, up,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: slsa-verifier, tekton-chains, falcoctl, wolfictl, aactl, policy-controller, ko, neuvector-sigstore-interface, falco, zot, zarf, vexctl, apko, skaffold, spire-server, melange, gitsign, goreleaser, flux-source-controller, tkn,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: wolfictl, aactl, datadog-agent, buildkitd, kargo, syft, telegraf, cadvisor, ko, prometheus, crossplane, loki, zot, conftest, dagger, grype, ctop, docker-compose, spire-server, buf, melange, trivy, kaniko, goreleaser, tkn, up,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: nri-nginx, crossplane-provider-azure, cloud-sql-proxy, cni-plugins, docker-cli, prometheus-postgres-exporter, kubeflow-katib, pombump, go-licenses, gops, docker-credential-ecr-login, haproxy-ingress, kind, opentofu, cri-tools, prometheus-elasticsearch-exporter,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, vault, temporal-server, keda, k3s, kube-bench,...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, datadog-agent,...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, metrics-server,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...

GHSA-M87M-MMVP-V9QM vulnerabilities

Vulnerabilities for packages:...

CVE-2024-20994 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21047 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21062 vulnerabilities

Vulnerabilities for packages:...