Security
Headlines
HeadlinesLatestCVEs

Tag

#java

RHSA-2023:3918: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.5 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in H...

Red Hat Security Data
Open in Source
#vulnerability#web#microsoft#linux#red_hat#dos#nodejs#js#java#kubernetes#perl#aws
CVE-2023-33661: XSS exists in the group report page · Issue #6474 · ChurchCRM/CRM

Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.

GHSA-q97c-2mh3-pgw9: Shopware dependency configuration exposed

### Impact Due to a wrong configuration in the `.htaccess` file, the configuration file of Javascript dependencies could be read in production environments (`themes/package-lock.json`). With this information, the used Shopware version might be determined by an attacker, which could be used for further attacks. ### Patches We recommend updating to the current version 5.7.18. You can get the update to 5.7.18 regularly via the Auto-Updater or directly via the release page. https://github.com/shopware5/shopware/releases/tag/v5.7.18 For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html ### References https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023

Npm Plagued With 'Manifest Confusion' Malware-Hiding Weakness

The popular package manager for software developers has been vulnerable to this attack vector for a while, and negligent in fixing the problem, according to a former employee.

CVE-2023-33592: CVE/CVE-2023-33592 at main · DARSHANAGUPTA10/CVE

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.

CVE-2023-21237: Pixel Update Bulletin—June 2023

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912