Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in...

Moderate: cyrus-imapd security update

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command CVE-2024-34055 For more details about the security issues, including the impact, a CVSS...

Low: nano security update

GNU nano is a small and friendly text editor. Security Fixes: nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742 For more details about the security issues, including the impact, a CVSS scor...

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow...

Low: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: heap-based buffer overflow vulnerability CVE-2021-3903 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.40 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

RHEL 8 : RHV Manager (ovirt-engine) 4.4 (RHSA-2020:3247)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3247 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to...

XSS (Cross Site Scripting) DOMPurify Dependency in Jira Core Data Center and Server

|Please see our updated fixed version guidance for this CVE, as the fix issued in our November 2024 Security Bulletin was incomplete. This vulnerability has now been mitigated in Jira Software and the correct fixed versions have been added to this ticket. We apologize for any inconvenience our...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.12.0 security and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.12.0 GA release images are now available, which contain security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Fedora: Security Advisory (FEDORA-2024-4d24786142)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and Server

This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 6.5 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 9.2.1, 9.6.0, and 10.0.0-rc3 of Bamboo Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.37 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Important: python3.11-setuptools

Issue Overview: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptibl...

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.19 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.3 security update

Red Hat OpenShift Container Platform release 4.17.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.18 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...