28 matches found
MiracleLinux 9 : pcs-0.11.3-4.el9.3.ML.1 (AXSA:2023-5266:07)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5266:07 advisory. webpack: avoid cross-realm objects CVE-2023-28154 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Not...
EUVD-2023-33823
Malicious code in bioql PyPI...
Security Bulletin: Vulnerabilities in node.js affect Cloud Pak Sytem [CVE-2023-28154, CVE-2022-46175, CVE-2022-3517]
Summary Vulnerabilities in react-scripts node.js modules affect Cloud Pak System. Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the...
Oracle Linux 9 : pcs (ELSA-2023-12595)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12595 advisory. 0.11.4-7 - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices...
Security Bulletin: IBM Watson Assistant for Cloud pak for Data is affected by vulnerabilities in Webpack [CVE-2023-28154]
Summary Potential security bypass vulnerability in Webpack has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. IBM has addressed this vulnerability. Refer to details for additional information. CVE-2023-28154 Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION:...
Security Bulletin: IBM Edge Application Manager has a vulnerability listed in CVE 2023-28154. IBM has addressed this vulnerability.
Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in CVE 2023-28154. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment feature by the...
RLSA-2023:2652 Important: pcs security and bug fix update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: webpack: Regression of CVE-2023-28154 fixes in the Rocky Linux CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of...
Rocky Linux 9 : pcs (RLSA-2023:2652)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2652 advisory. - It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix...
CVE-2023-2319
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 for PCS package, which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. Th...
Code injection
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 for PCS package, which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. Th...
CVE-2023-2319
CVE-2023-28154 (Webpack ImportParserPlugin.js mishandling) is confirmed across multiple IBM and Red Hat related advisories in connected documents. The vulnerability could allow a remote attacker to bypass security restrictions or access the real global object. Concrete affected contexts include I...
AlmaLinux 9 : pcs (ALSA-2023:2652)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2652 advisory. - It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix fo...
RHEL 9 : pcs (RHSA-2023:2652)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2652 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: webpack:...
Security Bulletin: IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment featu...
Fedora 37 : pcs (2023-cb2e422088)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-cb2e422088 advisory. - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was...
Fedora 38 : pcs (2023-4d546e6b4b)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4d546e6b4b advisory. - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was...
Fedora: Security Advisory for pcs (FEDORA-2023-4d546e6b4b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Webpack (CVE-2023-28154)
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Webpack CVE-2023-28154 with details below. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling o...
Rocky Linux 9 : pcs (RLSA-2023:1591)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:1591 advisory. - Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a proper...
Oracle Linux 9 : pcs (ELSA-2023-12235)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12235 advisory. 0.11.3-4.el91.3 - Fixed a vulnerability in pcs-web-ui-node-modules - Resolves: rhbz2179900 Tenable has extracted the preceding description block directly from...