CVE-2024-9486 VM images built with Image Builder and Proxmox provider use default credentials

A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be...

Child nodes from nsDOMAttribute still accessible after removal of nodes — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for remot...