Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Red Hat Security Advisory 2024-3989-03

Red Hat Security Advisory 2024-3989-03 - Migration Toolkit for Applications 6.2.3 release. Issues addressed include denial of service, memory leak, and password leak vulnerabilities.

Packet Storm
Open in Source
#vulnerability#web#ios#red_hat#dos#js#ssl
Red Hat Security Advisory 2024-3918-03

Red Hat Security Advisory 2024-3918-03 - Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-3881-03

Red Hat Security Advisory 2024-3881-03 - Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA dropper, VBA downloader, link downloader, and executable downloader -- with some of them using a

GHSA-25hc-qcg6-38wj: socket.io has an unhandled 'error' event

### Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. ``` node:events:502 throw err; // Unhandled 'error' event ^ Error [ERR_UNHANDLED_ERROR]: Unhandled error. (undefined) at new NodeError (node:internal/errors:405:5) at Socket.emit (node:events:500:17) at /myapp/node_modules/socket.io/lib/socket.js:531:14 at process.processTicksAndRejections (node:internal/process/task_queues:77:11) { code: 'ERR_UNHANDLED_ERROR', context: undefined } ``` ### Affected versions | Version range | Needs minor update? | |------------------|------------------------------------------------| | `4.6.2...latest` | Nothing to do | | `3.0.0...4.6.1` | Please upgrade to `socket.io@4.6.2` (at least) | | `2.3.0...2.5.0` | Please upgrade to `socket.io@2.5.1` | ### Patches This issue is fixed by https://github.com/socketio/socket.io/commit/15...

Debian Security Advisory 5715-1

Debian Linux Security Advisory 5715-1 - Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories.

Bagisto 2.1.2 Client-Side Template Injection

Bagisto version 2.1.2 suffers from a client-side template injection vulnerability.

Debian Security Advisory 5714-1

CrowdStrike discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks.

Red Hat Security Advisory 2024-3980-03

Red Hat Security Advisory 2024-3980-03 - An update for flatpak is now available for Red Hat Enterprise Linux 7.

Red Hat Security Advisory 2024-3979-03

Red Hat Security Advisory 2024-3979-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.