AZL-32005 CVE-2023-5528 affecting package kubernetes for versions less than 1.28.4-1

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...

CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks

Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-LengthCL and Transfer-EncodingTE it can lead to incorrect interpretation of two entities that parse the HTTP and we can poiso...

Advanced threat predictions for 2024

Advanced persistent threats APTs are the most dangerous threats, as they employ complex tools and techniques, and often are highly targeted and hard to detect. Amid the global crisis and escalating geopolitical confrontations, these sophisticated cyberattacks are even more dangerous, as there is...

Kubernetes Security Vulnerabilities

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes has a security vulnerability that stems from the fact that users who can create Pods and persistent volumes on Window...

CVE-2023-46743

application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit...

6 Strategies to Combat Advanced Persistent Threats

...

Malicious code in odn-static-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a49d8b382070675781a5628be927a75dfaa48ed927b0dbb4d39f49cde36bbc6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8449 Malicious code in airslate-image-uploader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 108a6e072252da4d719844c42ffb41e5a8fbb92cbfdd9305086a108dfc14233a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross site scripting

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

PT-2023-20649 · Ox Guard · Ox Guard

Name of the Vulnerable Software and Affected Versions: OX Guard affected versions not specified Description: The issue allows users to set an arbitrary "product name" for OX Guard, which was not sufficiently sanitized before processing it at the user interface. This enabled indirect cross-site...

Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.14 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.14 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

CVE-2023-40445

The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock...

CVE-2023-40445

The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock...

CVE-2023-40445

The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.14 security and bug fix update

OpenShift API for Data Protection OADP 1.0.14 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

How to Add a Permanent Search Domain Entry in the Resolv.conf File of a XenServer Host

This article describes how to add a permanent search domain entry in the resolv.conf file of a XenServer Host. When manually editing the resolv.conf file to add search domains, the entries are not persistent after a XenServer Host reboot...

The vulnerability of the “Forgotten Password” function of the Mendix software platform for deploying and testing software applications, which allows a perpetrator to execute a brute-force attack.

The vulnerability of the “Forgotten Password” function in the Mendix software deployment and application testing platform is related to its non-persistent execution time. Exploiting this vulnerability allows a malicious actor to execute an attack using brute-force methods...