Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.42 security update

Red Hat OpenShift Container Platform release 4.6.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.23 security update

Red Hat OpenShift Container Platform release 4.7.23 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.23 packages update

Red Hat OpenShift Container Platform release 4.7.23 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.4 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

PT-2021-3810 · Microsoft · Azure Cyclecloud

Name of the Vulnerable Software and Affected Versions: Azure CycleCloud affected versions not specified Description: The issue is related to insufficient access control in Azure CycleCloud, a tool for managing high-performance computing HPC environments. Exploitation of this issue may allow an...

Design/Logic Flaw

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

Reboot of PunkSpider Tool at DEF CON Stirs Debate

Researchers will release a reboot of a controversial tool that crawls the web to identify back-end vulnerabilities in websites in the hopes that companies will quickly fix them and reduce security risks. However, experts have mixed feelings about the tool called PunkSpider, created by the analyti...

SUSE: Security Advisory (SUSE-SU-2021:2470-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DoD Cloud Computing Impact Levels 4-5

Moving past DoD Impact Level 2 IL2, the logical next step should be IL3; however, IL3 is no longer used by the Department of Defense DoD and has been consolidated into IL4. DoD IL4 is designed to store, process, and transmit up to controlled unclassified information CUI related to military or...

Unauthorized Access Vulnerability in RAID Management System

Tiandiweiye is an intelligent security solution provider, based on artificial intelligence, big data, cloud computing, Internet of Things and other technologies, providing intelligent video products, system solutions and technical services for public security, politics and law, transportation,...

SUSE: Security Advisory (SUSE-SU-2021:2353-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary File Read Vulnerability in TerraMaster System Management at Shenzhen Tumi Electronic Technology Co.

TerraMaster is a cloud computing brand of Shenzhen Tumi Electronic Technology Co. An arbitrary file read vulnerability exists in the management of the TerraMaster system of Shenzhen Tumi Electronic Technology Co. Ltd, which can be exploited by an attacker to obtain sensitive information...

Red Hat OpenShift has unexplained holes

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat that supports building, testing, deploying, and running applications.A security vulnerability exists in versions prior to OpenShift version 4.8, which stems from a certificate generated by a service CA within ...

Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its “vncDll” module, used for monitoring and intelligence gathering, researchers said. According to an analysis this week from Bitdefender, there has been “a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.38 extras and security update

Red Hat OpenShift Container Platform release 4.6.38 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of...

Baidu Rust SGX SDK 安全漏洞

Baidu Rust SGX SDK is a Rust language development kit for Intel SGX Trusted Computing Platform from Baidu, China. Baidu Rust SGX SDK suffers from a security vulnerability, which originates from a side-channel vulnerability in base64 PEM file decoding in Rust SGX 1.1.3. An attacker can exploit the...

SUSE: Security Advisory (SUSE-SU-2021:2292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-32753

EdgeX Foundry’s CVE-2021-32753 affects Edinburgh, Fuji, Geneva, and Hanoi releases. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user exists, the proxy username is used as both the client_id and client_secret, enabling a remote attacker to perform a dictionary-ba...