Security
Headlines
HeadlinesLatestCVEs

Latest News

Red Hat Security Advisory 2024-8849-03

Red Hat Security Advisory 2024-8849-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.

Packet Storm
#vulnerability#linux#red_hat#js
Red Hat Security Advisory 2024-8847-03

Red Hat Security Advisory 2024-8847-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-8846-03

Red Hat Security Advisory 2024-8846-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-8843-03

Red Hat Security Advisory 2024-8843-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-8842-03

Red Hat Security Advisory 2024-8842-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote shell upload vulnerability.

Red Hat Security Advisory 2024-8838-03

Red Hat Security Advisory 2024-8838-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-8836-03

Red Hat Security Advisory 2024-8836-03 - An update for python3.12 is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-8834-03

Red Hat Security Advisory 2024-8834-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.

GHSA-wvv7-wm5v-w2gv: Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

### Summary XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. ### Details When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template. ``` <p align="center"> <a href="https://www.osmedeus.org"><img alt="Osmedeus" src="https://raw.githubusercontent.com/osmedeus/assets/main/logo-transparent.png" height="140" /></a> <br /> <br /> <strong>Execute Summary Generated by Osmedeus {{Version}} at <em>{{CurrentDay}}</em></strong> <p align="center"> <a href="https://docs.osmedeus.org/"><img src="https://img.shields.io/badge/Documentation-0078D4?style=for-the-badge&logo=GitBook&logoColor=39ff14&labelColor=black&color=black"></a> <a href="https://docs.osmedeus.org/donation/"><img src="https://img.shields.io/badge/Donation-0078D4?style=for-the-badge&logo=GitHub-Sponsors&logoColor=39ff14&labelColor=...

GHSA-cc6x-8cc7-9953: OctoPrint has API key access in settings without reauthentication

### Impact OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. ### Patches The vulnerability will be patched in version 1.10.3. ### Credits This vulnerability was discovered and responsibly disclosed to OctoPrint by Jacopo Tediosi.