CA Technologies, A Broadcom Company Security Vulnerabilities

Security Bulletin: IBM MQ is affected by a password disclosure vulnerability (CVE-2024-35156)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ REST API. Vulnerability Details CVEID: CVE-2024-35156 DESCRIPTION: IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the Go package has been addressed. Vulnerability Details ** CVEID: CVE-2023-24532 DESCRIPTION: **An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector....

Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the containerd package has been addressed. Vulnerability Details ** CVEID: CVE-2022-23471 DESCRIPTION: **containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request, a remote authenticated attacker...

CVE-2022-38710

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

Impact We have identified a Cross-Site Scripting (XSS) vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

AIX is affected by a denial of service due to Python (CVE-2024-0450)

IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:07:51 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory10.asc Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)...

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

CVE-2024-37732

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf...

Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version >= v0.17.0 to be protected. References Detailed blog post:...

Security Bulletin: InfoSphere Data Replication is affected by a guava package vulnerbility (CVE-2023-2976)

Summary InfoSphere Data Replication uses the guava package. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-2976 DESCRIPTION: **Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a...

Exploit for CVE-2023-44976

BadRentdrv2 A vulnerable driver exploited by me (BYOVD) that...

K000139553: VPN TunnelVision vulnerability CVE-2024-3661

Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See: ...

Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)

Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID: CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request,.....

Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version >= v0.17.0 to be protected. References Detailed blog post:...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic Authority cryptography.....

Plone allows a user to masquerade as a group

Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a...

Jira outputs a stack trace to the screen when an error is encountered

{panel} h3. Problem When users are greeted by the error 500 page, they can click on the {{Request assistance}} link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To.....

Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server

Mattermost leaks details of AD/LDAP groups of a teams in...

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-35155)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID: CVE-2024-35155 DESCRIPTION: IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)

Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID: CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...

App can set Scan Mode of device' s Bluetooth without showing system dialog to user.

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

App can set discoverable timeout of device' s Bluetooth without showing system dialog to user.

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

[Multiple users can share WI-FI and change WI-FI network]

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

[Out of Bounds Read in phNciNfc_RecvMfResp Function in phNxpExtns_MifareStd.cpp in nfc]

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)

Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31880 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2...

Security Bulletin: A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-21319)

Summary A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the....

Backup Failing With `Too many snapshots` When Using Longhorn as a Storage Provisioner

Veeam Support Knowledge Base answer to: Backup Failing With Too many snapshots When Using Longhorn as a Storage...

Stakater Forecastle has a directory traversal vulnerability in github.com/stakater/Forecastle

Stakater Forecastle has a directory traversal vulnerability in...

1Panel's password verification is suspected to have a timing attack vulnerability

Summary 源码中密码校验处使用 != 符号，而不是hmac.Equal，这可能导致产生计时攻击漏洞，从而爆破密码。 建议使用 hmac.Equal 比对密码。 Details https://github.com/1Panel-dev/1Panel/blob/dev/backend/app/service/auth.go#L81C5-L81C26 PoC Impact...

How to Configure Veeam Kasten for Kubernetes Dashboard to Use a New Certificate

This article documents how to troubleshoot and replace the certificate used by the Veeam Kasten for Kubernetes...

Security Bulletin: A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-0056)

Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address.....

CVE-2013-10020

A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3...

How to Add a Blueprint Target Using Execution Hooks From the Policy API

This article explains how to set resources other than namespaces as the hooks for blueprint...

Disable TelecomManager#getCallCapablePhoneAccounts(true) permanently by registering many call capable phone accounts

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

C2FuzzerAacDec: Tag-mismatch in FDK_QmfDomain_InitFilterBank

In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

Linux kernel vulnerability advisory

In composite_setup of composite.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when connecting a malicious USB device with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in nfa_dm_check_set_config Function in nfa_dm_main.cc in nfc]

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Linux kernel vulnerability advisory

In cgroup1_parse_param of cgroup-v1.c, there is a possible container breakout due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this causes....

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2023-46589)

Summary IBM Security SOAR uses an older version of ElasticSearch that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.2.1 or later of IBM Security SOAR. Vulnerability Details ** CVEID: CVE-2024-23450 ...

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. (CVE-2024-27268)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in tqdm (CVE-2024-34062)

Summary A vulnerability in tqdm used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-34062 DESCRIPTION: **tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in XNIO (CVE-2023-5685)

Summary A vulnerability in XNIO used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-5685 DESCRIPTION: **XNIO is vulnerable to a denial of service, caused by a stack overflow exception when the chain of notifier states becomes problematically large. By...

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)

Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. (CVE-2023-29267)

Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details ** CVEID: CVE-2023-29267 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as a trap...