SAP ABAP Server & ABAP Platform (Translation Tools) Security Vulnerabilities

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and libcurl may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty and libcurl. The flaws can lead to weaker than expected security for outbound TLS connections and bypass of security restrictions, as described in the "Vulnerability...

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details ** CVEID: CVE-2022-25857 DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

Multiple vulnerabilities in TP-Link Omada system could lead to root access

The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN...

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: slsa-verifier, tekton-chains, falcoctl, wolfictl, aactl, policy-controller, ko, neuvector-sigstore-interface, falco, zot, zarf, vexctl, apko, skaffold, spire-server, melange, gitsign, goreleaser, flux-source-controller, tkn,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: wolfictl, aactl, datadog-agent, buildkitd, kargo, syft, telegraf, cadvisor, ko, prometheus, crossplane, loki, zot, conftest, dagger, grype, ctop, docker-compose, spire-server, buf, melange, trivy, kaniko, goreleaser, tkn, up,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, restic, cloudflared, aactl, kubeflow-katib, cilium, secrets-store-csi-driver, haproxy-ingress, opentofu, cri-tools, influxd, prometheus-elasticsearch-exporter,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: nri-nginx, crossplane-provider-azure, cloud-sql-proxy, cni-plugins, docker-cli, prometheus-postgres-exporter, kubeflow-katib, pombump, go-licenses, gops, docker-credential-ecr-login, haproxy-ingress, kind, opentofu, cri-tools, prometheus-elasticsearch-exporter,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, vault, temporal-server, keda, k3s, kube-bench,...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: docker, dagger, grype, kaniko, policy-controller, docker-compose, wolfictl, k3d, prometheus, harbor-scanner-trivy, buf, helm-push, syft, tekton-pipelines, melange, neuvector-scanner,...

CVE-2024-20994 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21047 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21062 vulnerabilities

Vulnerabilities for packages:...

GHSA-5XQ9-RCPJ-P52V vulnerabilities

Vulnerabilities for packages:...

GHSA-88H4-JW57-85V9 vulnerabilities

Vulnerabilities for packages:...

GHSA-R27R-5FWH-VXQW vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, datadog-agent,...

CVE-2024-25710 vulnerabilities

Vulnerabilities for packages: gradle, trino, dependency-track, wavefront-proxy, jenkins, neo4j, spdx-tools-java,...

GHSA-4265-CCF5-PHJ5 vulnerabilities

Vulnerabilities for packages: gradle, trino, dependency-track, wavefront-proxy, jenkins, neo4j, spdx-tools-java,...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, metrics-server,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...

GHSA-M87M-MMVP-V9QM vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, slsa-verifier, tekton-chains, cert-manager, cloudflared, aactl, oauth2-proxy, cosign, keda, cilium-envoy, terragrunt, falco, argo-cd, rekor, dex, vexctl, kyverno, spire-server, tekton-pipelines, gitsign,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, kubeflow-katib, aactl, nghttp2, secrets-store-csi-driver, haproxy-ingress, kind, opentofu, influxd, prometheus-elasticsearch-exporter, dynamic-localpv-provisioner, prometheus, dotnet, kubewatch, dex, mc, grype, atlantis, skaffold, hugo,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, vault, temporal-server, keda, k3s, kube-bench,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: gitlab-kas, crossplane-provider-azure, flux-kustomize-controller, external-dns, slsa-verifier, kubevela, cert-manager, nuclei, falcoctl, guac, aactl, k3d, cosign, flux-notification-controller, gitlab-shell, sigstore-scaffolding, snyk-cli, buildkitd, kargo, keda,...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: wolfictl, aactl, datadog-agent, buildkitd, kargo, syft, telegraf, cadvisor, ko, prometheus, crossplane, loki, zot, conftest, dagger, grype, ctop, docker-compose, spire-server, buf, melange, trivy, kaniko, goreleaser, tkn, up,...

GHSA-HJ3V-M684-V259 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, istio-pilot-agent, istio-operator, minio, falcoctl, kyverno, spire-server, boring-registry, istio-cni, falco, istio-pilot-discovery,...

CVE-2024-32473 vulnerabilities

Vulnerabilities for packages: docker, dagger, grype, kaniko, policy-controller, docker-compose, wolfictl, k3d, prometheus, harbor-scanner-trivy, buf, helm-push, syft, tekton-pipelines, melange, neuvector-scanner,...

CVE-2024-21013 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21060 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21096 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, restic, cloudflared, aactl, kubeflow-katib, cilium, secrets-store-csi-driver, haproxy-ingress, opentofu, cri-tools, influxd, prometheus-elasticsearch-exporter,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: step-issuer, docker-cli, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf, atlantis,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: gitlab-kas, crossplane-provider-azure, flux-kustomize-controller, external-dns, slsa-verifier, kubevela, cert-manager, nuclei, falcoctl, guac, aactl, k3d, cosign, flux-notification-controller, gitlab-shell, sigstore-scaffolding, snyk-cli, buildkitd, kargo, keda,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: petname, cass-operator, gosu, nats, cni-plugins, go-md2man, docker-cli, slsa-verifier, aactl, k3d, go-licenses, gobuster, gops, ip-masq-agent, docker-credential-ecr-login, influx, nsc, kind, prometheus-bind-exporter, render-template, aws-flb-cloudwatch, dgraph,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, kubeflow-katib, aactl, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, prometheus-elasticsearch-exporter, dynamic-localpv-provisioner, kubernetes-dashboard, prometheus,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, cloudflared, aactl, kubeflow-katib, go-licenses, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, nerdctl, dynamic-localpv-provisioner, kubernetes-dashboard,....