Important: Red Hat Security Advisory: VolSync 0.11.1 for RHEL 9

VolSync v0.11.1 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.13 Bug Fix Update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.13 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

Malicious code in juytjwfgtrhefregfef (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfb95249bd02721a1d338dc567e4158eff44610fba37a99a76e65e0744d3dc6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-13280

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0. before 2.2.2...

CVE-2024-13280

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0. before 2.2.2...

CVE-2024-13280 Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0. before 2.2.2...

CVE-2024-13280

The CVE concerns the Drupal Persistent Login module and an insufficient session expiration vulnerability that allows forceful browsing (access bypass). Affected versions are 0.0.0–before 1.8.0 and 2.0.* before 2.2.2. The root cause, as described in linked advisories, is improper session/cookie ha...

CVE-2024-13280 Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0. before 2.2.2...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Persistent Login prior to version 1.8.0, versions 2.0. through 2.2.2, which stems from the inclusion of a session expiration insufficiency issue...

GHSA-95M2-CHM4-MQ7M PHP-Textile has persistent XSS vulnerability in image link handling

Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input such as user comments to be parsed and handled safely by the...

Malicious code in maplibre (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 812bdb7f3cb3a09a616e906c456e223c0069b42451a78c0df8d032054ec3f6a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in my-app-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3b688286528def3945fc6d678e314a2678fdddd35def920c64e4c311a29d416 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in supply-chain-planner (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e04d233f8a8aea9243490197311b90d7313bce41848541de6447f1c8538b4448 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in 32red-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ed89d9090f04408f9fe5a5788a75ae961c0e656eafa0ea294b9974471655b3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50184

...

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air...

Malicious code in peritter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e928152262a15c3663758b7d61ee855e89db1870d95ba6587ad86d367841c476 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-36555 · Unknown · Mailcleaner

Name of the Vulnerable Software and Affected Versions: MailCleaner versions before 28d913e Description: The issue concerns default values of ssh host dsa key, ssh host rsa key, and ssh host ed25519 key that persist after installation. Recommendations: For versions before 28d913e, update to a...

CVE-2024-54001

CVE-2024-54001 affects Kanboard: HTML can be injected via settings fields application_language, application_date_format, application_timezone, and application_time_format, reflected to users and potentially executed as XSS if input contains JavaScript that bypasses CSP. Root cause is unescaped us...

Malicious code in codat-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15d6ef87bdf4981301dbd1430d57248ad6a9606733d297f570edc7d22cf495c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...