#js

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. Successfully tested against VSCode 1.70.2 on Windows 10.

Ubuntu Security Notice 6822-1 - It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.

Red Hat Security Advisory 2024-3790-03 - OpenShift API for Data Protection 1.3.2 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3784-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3783-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3781-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, buffer overflow, code execution, cross site scripting, denial of service, memory exhaustion, null pointer, and password leak vulnerabilities.

Red Hat Security Advisory 2024-3775-03 - An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-3763-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-3762-03 - Red Hat AMQ Broker 7.11.7 is now available from the Red Hat Customer Portal.

Red Hat Security Advisory 2024-3761-03 - An update for ipa is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.