#js

Red Hat Security Advisory 2024-9573-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9572-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9571-03 - Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal. Issues addressed include denial of service and man-in-the-middle vulnerabilities.

Red Hat Security Advisory 2024-9566-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9559-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9554-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-9552-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-9547-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Group-IB has uncovered Lazarus group’s stealthy new trojan and technique of hiding malicious code in extended attributes on…

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM CROSSBOW Vulnerabilities: Heap-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: RUGGEDCOM CROSSBOW Station Access Controller (SAC): Versions prior to 5.6 3.2 Vulnerability Overview 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as cri...