Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.12.1 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.12.1 General Availability release images, which provide enhancements, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS ba...

CVE-2024-53908

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

QNAP Notes Station 3 Authentication Missing Vulnerability

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...

QNAP Notes Station 3 Command Injection Vulnerability

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from a command injection vulnerability, which stems from the application faili...

QNAP Notes Station 3 Server-Side Request Forgery Vulnerability

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. A server-side request forgery vulnerability exists in QNAP Notes Station 3. The vulnerability stems from th...

QNAP Notes Station 3 Resource Privilege Assignment Error Vulnerability

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from a Resource Privilege Assignment Error vulnerability that stems from the...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.7 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.7 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

GHSA-4H8F-C635-25P7 ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

ibexa/http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

GHSA-FH7V-Q458-7VMW ibexa/http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern

Impact The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. Patches - See "Patched versions. -...

PT-2024-40372 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: ezplatform-http-cache affected versions not specified Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...

The vulnerability of the Notes Station application for QNAP network storage, related to insufficient validation of incoming requests, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Notes Station application for QNAP network storage devices is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by manipulating requests sent...

CVE-2024-36621

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

CVE-2024-9223

The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpajaxpostitlistcomment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

CVE-2024-9223 WPDash Notes <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpajaxpostitlistcomment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...