Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Red Hat Security Advisory 2024-4528-03

Red Hat Security Advisory 2024-4528-03 - An update for less is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#js#sap
Red Hat Security Advisory 2024-4527-03

Red Hat Security Advisory 2024-4527-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-4517-03

Red Hat Security Advisory 2024-4517-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-4508-03

Red Hat Security Advisory 2024-4508-03 - An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Security Advisory 2024-4502-03

Red Hat Security Advisory 2024-4502-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-4501-03

Red Hat Security Advisory 2024-4501-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-4500-03

Red Hat Security Advisory 2024-4500-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-4326-03

Red Hat Security Advisory 2024-4326-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2106-03

Red Hat Security Advisory 2024-2106-03 - An update is now available for Red Hat build of Quarkus.

GHSA-qc6v-5g5m-8cw2: ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http

### Summary Applications using the `zitadel-go` `v3` library (`next` branch) might be impacted by package vulnerabilities. The output of `govulncheck` suggests that only `example` code seems to be impacted, based on 1 of the 3 potential vulnerabilities. This vulnerability is located in the transitive dependency `golang.org/x/net v0.19.0`, [CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288) ### Patches 3.0.0-next versions are fixed on >= [3.0.0-next.3](https://github.com/zitadel/zitadel-go/releases/tag/v3.0.0-next.3) ZITADEL recommends upgrading to the latest versions available in due course. ### Workarounds If updating the zitadel-go library is not an option, updating the affected (transient) dependencies works as a workaround. ### Details #### Direct deps: - [GO-2024-2631](https://pkg.go.dev/vuln/GO-2024-2631) Decompression bomb vulnerability in github.com/go-jose/go-jose - github.com/go-jose/go-jose/v3 Fixed in v3.0.3. This module is necessary because [github....