#js

Red Hat Security Advisory 2024-0625-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-0619-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-0618-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-0617-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-0489-03 - Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-0485-03 - Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.

Recently, Red Hat announced the technical preview of Red Hat Trusted Artifact Signer which is a production-ready deployment of the Sigstore project for enterprise use. In this article, we will learn how to use Trusted Artifact Signer when signing, attesting and verifying a container image with cosign and Enterprise Contract (EC).Before starting, we must deploy Trusted Artifact Signer on our Red Hat OpenShift cluster by following Chapter 1 of the Deployment Guide. Be sure to also run the source ./tas-env-variables.sh script to set up the shell variables (URLs) to the Sigstore services endpoint

### Description: When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). ### Proof-of-Concept: Let’s suppose that application has been deployed with following command: ```sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat``` Due to the utilization of the `ACCESS_CODE`, access to the chat is possible only after entering the password:  However, it is possible to interact with chat plugins without entering the `ACCESS_CODE`. Example HTTP request: ``` POST /api/plugin/gateway HTTP/1.1 Host: localhost:3210 Content-Length: 1276 {"apiName":"checkWeatherUsingGET","arguments":"{\n \"location\": \"London\"\n}","identifier":"WeatherGPT","type":"default","manifest":{"api":[{"description":"Get current weather information","name"...

TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.

Debian Linux Security Advisory 5611-1 - The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service.