Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Red Hat Security Advisory 2023-7342-01

Red Hat Security Advisory 2023-7342-01 - An update for cnf-tests-container, dpdk-base-container and performance-addon-operator-must-gather-rhel8-container is now available for Red Hat OpenShift Container Platform 4.11. Secondary scheduler builds and numaresources-operator are also available for technical preview with this release, however they are not intended for production.

Packet Storm
Open in Source
#vulnerability#red_hat#js#kubernetes
Red Hat Security Advisory 2023-7335-01

Red Hat Security Advisory 2023-7335-01 - An update is now available for Red Hat Process Automation Manager including images for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7334-01

Red Hat Security Advisory 2023-7334-01 - An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6842-01

Red Hat Security Advisory 2023-6842-01 - Red Hat OpenShift Container Platform release 4.12.43 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2023-6841-01

Red Hat Security Advisory 2023-6841-01 - An update is now available for Red Hat OpenShift Container Platform 4.12.

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

CVE-2023-40314: NMS-15790: Transport bootstrap.jsp args in context by fooker · Pull Request #6791 · OpenNMS/opennms

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Moshe Apelbaum for reporting this issue.

CVE-2023-6020: LFI in Ray API - GET /static/ in ray

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

By Waqas Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se. This is a post from HackRead.com Read the original post: New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

CVE-2023-6013: Leaking/modulation Flows/Model data via stored xss in h2o-3

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.