Security Advisory

Overview An update has been made available to fix vulnerabilities in Apache Pulsar. Users of affected versions are advised to update to the latest version.  Affected Products Apache Pulsar 2.versions earlier than 11.3 3.versions above 0.0 and below 3.0.2 3.versions 1.0 and higher but lower than 3.1.1   Resolved Vulnerabilities

Overview An update has been made available to fix vulnerabilities in JetBrains TeamCity. Users of affected versions are advised to update to the latest version.  Affected Products JetBrains TeamCity versions from 2017.1 through 2023.11.2   Resolved Vulnerabilities Authentication bypass vulnerability leading to remote code execution in JetBrains TeamCity (CVE-2024-23917)  

Overview An update has been made available to fix vulnerabilities in BuildKit. Users of affected versions are advised to update to the latest version.  Affected Products All versions of BuildKit 0.12.4 and earlier   Resolved Vulnerabilities Out-of-container file removal vulnerability in the BuildKit frontend (CVE-2024-23652)Improper authorization validation vulnerability in BuildKit’s

Overview An update has been made available to fix vulnerabilities in BuildKit. Users of affected versions are advised to update to the latest version.  Affected Products All versions of BuildKit 0.12.4 and earlier   Resolved Vulnerabilities A race condition vulnerability due to a time-of-check/time-of-use (TOCTOU) issue while mounting cache volumes

Overview An update has been made available to fix vulnerabilities in Mastodon. Users of affected versions are advised to update to the latest version.  Affected Products Mastodon 3.all versions prior to 5.17 4.0.x versions prior to 4.0.13 4.any 1.x version prior to 4.1.13 4.any 2.x version prior to 4.2.5  

Overview An update has been made available to fix vulnerabilities in iVanti’s products. Users of affected versions are advised to update to the latest version.  Affected Products CVE-2024-21888, CVE-2024-21893 Ivanti Connect Secure 9.x, 22.x versions Ivanti Policy Secure 9.x, 22.x versions   Resolved Vulnerabilities Privilege escalation vulnerability in Ivanti Connect

Overview An update has been made available to fix vulnerabilities in the Runc package. Users of affected versions are advised to update to the latest version.  Affected Products All versions of Runc 1.1.11 and earlier   Resolved Vulnerabilities Container escape vulnerability due to file descriptor leak in the runc package

Overview An update has been made available to fix vulnerabilities in the GNU glibc library. Users of affected versions are advised to update to the latest version.  Affected Products Versions of the GNU glibc library from 2.36 to less than 2.39   Resolved Vulnerabilities Heap buffer overflow vulnerability in the

Overview An update has been made available to fix vulnerabilities in ModSecurity / libModSecurity. Users of affected versions are advised to update to the latest version.  Affected Products ModSecurity / libModSecurity v3.0.0 through v3.0.11 and earlier   Resolved Vulnerabilities Web application firewall (WAF) bypass vulnerability due to a crafted request

Overview An update has been made available to fix vulnerabilities in FFmpeg(https://ffmpeg.org/). Users of affected versions are advised to update to the latest version.   Affected Products All versions of FFmpeg below n6.1   Resolved Vulnerabilities CVE-2024-22860, CVE-2024-22861, CVE-2024-22862 Integer overflow vulnerability in FFmpeg   Vulnerability Patches Vulnerability patches were