Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.4 bsc1229013 CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 CVE-2024-4317: Restrict visibility of pgstatsext and pgstatsextexprs entries to the table owner. See the release note...

AZL-50858 CVE-2024-49861 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map like in case of .rodata, it was still possible to write into it from a BPF program side through specific helpers having...

Oracle Linux 8 / 9 : java-1.8.0-openjdk (ELSA-2024-8117)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8117 advisory. 1.8.0.432.b06-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.432.b06-1 - Update to shenandoah-jdk8u432-b06 GA - Update release notes fo...

DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Jira Service Management Data Center and Server

This High severity com.nimbusds:nimbus-jose-jwt Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, 5.12.0, 5.13.0 and 5.14.0 of Jira Service Management Data Center and Server. This com.nimbusds:nimbus-jose-jwt...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.17 security update

Red Hat OpenShift Container Platform release 4.16.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

PT-2024-41393 · Opensuse +1 · Pdsh +6

This update for slurm and pdsh fixes the following issues: slurm was updated to version 24.11.1 using package slurm 24 11: - Security issues fixed: CVE-2024-48936: Fixed authentication handling in stepmgr that could permit an attacker to execute processes under other users' jobs bsc1236722...

PT-2026-3848

Name of the Vulnerable Software and Affected Versions Python versions affected versions not specified Description The b64decode, standard b64decode, and urlsafe b64decode functions within the "base64" module incorrectly accept characters "+/" regardless of the altchars parameter. This behavior...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.3 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.11.3 General Availability release images, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Stored XSS in Confluence Data Center and Server

This High severity Stored XSS vulnerability was introduced in version 3.0 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.16 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

PT-2024-10173 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 Description: The issue is related to insufficient authorization procedures in the Public Project Handler component o...

Bundled JRE Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.9.0, 8.19.0, and 9.2.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to expose assets in your environment susceptible...

CVE-2024-47610

The CVE-2024-47610 issue affects InvenTree before 0.16.5, where a registered user can store JavaScript in Markdown notes fields that are rendered for other logged-in users, enabling stored cross-site scripting (XSS). Root cause: lack of input sanitization in the Markdown rendering path and storag...

Moderate: Red Hat Security Advisory: systemd security update

An update for systemd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2024-32671

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.16.5 Description The issue allows a registered user to store JavaScript in markdown notes fields, which are then displayed to other logged-in users who visit the same page and executed. The estimated number of...

InvenTree 跨站脚本漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking. A cross-site scripting vulnerability exists in InvenTree versions prior to 0.16.5, which originated by allowing a registered user to store JavaScri...

Important: Red Hat Security Advisory: cups-filters security update

An update for cups-filters is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.35 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.15 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.15 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

RHEL 7 : cups-filters (RHSA-2024:7553)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7553 advisory. The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System CUPS...