#nodejs

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 20 and Jan. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Red Hat Security Advisory 2023-0471-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1). Issues addressed include a denial of service vulnerability.

A security update for Fuse 7.11.1 is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-36437: hazelcast: Hazelcast connection caching * CVE-2022-46363: Apache CXF: directory listing / code exfiltration * CVE-2022-46364: Apache CXF: SSRF Vulnerability

Submariner 0.12.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

By Deeba Ahmed Dubbed PY#RATION by researchers; the new Python malware is equipped with RAT behaviour and info-stealing capabilities. This is a post from HackRead.com Read the original post: New Python Malware Targeting Windows Devices

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab tr...

An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.0 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2850: 389-ds-base: SIGSEGV in sync_repl