GHSA-7MQJ-XGF8-P59V Apache NiFi Cross-site Scripting vulnerability

Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, whic...

[SECURITY] Fedora 39 Update: glibc-2.38-19.fc39

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

RHEL 8 / 9 : OpenShift Container Platform 4.14.39 (RHSA-2024:8238)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8238 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server.

Summary IBM Storage Protect Server may be impacted by multiple vulnerabilities CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267 in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of confidentiality,...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.1 packages and security update

Red Hat OpenShift Container Platform release 4.17.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

CVE-2024-47877 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...

CVE-2024-47867 Lack of integrity check on the downloaded FRP client in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

CVE-2024-47869

Summary (CVE-2024-47869): Gradio (Python) contains a timing-attack vulnerability in the analytics_dashboard hash comparison that is not performed in constant time. An attacker could infer the correct hash byte-by-byte by measuring response times, potentially gaining unauthorized access to the ana...

AZL-50067 CVE-2024-47764 affecting package nodejs-nodemon 2.0.3-5

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.38 security update

Red Hat OpenShift Container Platform release 4.14.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

CVE-2023-27584 Dragonfly2 vulnerable to hard coded cyptographic key

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.32 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.32 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.12 security update

Red Hat OpenShift Container Platform release 4.16.12 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

CVE-2024-46982

CVE-2024-46982 affects Next.js pages router SSR caching: crafted requests can poison non-dynamic SSR routes (e.g., pages/dashboard.tsx) and lead to caching of sensitive responses with Cache-Control: s-maxage=1, stale-while-revalidate, potentially spreading via upstream CDNs. Affected versions are...

Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js and package affects IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get process...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.36 security update

Red Hat OpenShift Container Platform release 4.14.36 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

[R1] Nessus Version 10.7.6 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.7.6 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 09/11/2024 - 12:57 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, expat were found to contain vulnerabilities, and updated versions have been...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in April 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21094...

RHEL 8 / 9 : OpenShift Container Platform 4.14.36 (RHSA-2024:6412)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6412 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...