737 matches found
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.7 security and extras update
Red Hat OpenShift Container Platform release 4.17.7 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a security impact of...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...
RHEL 8 : nodejs-postcss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-postcss: Regular expression denial of service during source map parsing CVE-2021-23368 Note that Nessus has...
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security...
Security Bulletin: Vulnerability in PostCSS affects IBM Business Automation Workflow - CVE-2023-44270
Summary IBM Business Automation Workflow is depends on a vulnerable version of PostCSS. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a specially crafted external Cascadi...
Security Bulletin: postcss-8.4.14.tgz is vulnerable to CVE-2023-44270 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses postcss-8.4.14.tgz which is vulnerable to CVE-2023-44270 Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a...
Security Bulletin: IBM Event Processing is vulnerable to Improper Input Validation due to the PostCSS (CVE-2023-44270).
Summary Operator of IBM Event Processing is vulnerable to Improper Input Validation due to the postcss-8.4.21.tgz before 8.4.31. PostCSS is a tool for transforming CSS with JavaScript plugins and this is a dev dependency used by Event Processing Team. CVE-2023-44270. Vulnerability Details...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)
Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion HCI's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerabili...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to security restrictions bypass due to PostCSS CVE-2023-44270
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to security restrictions bypass due to PostCSS CVE-2023-44270. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in PostCSS
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of PostCSS. Vulnerability Details CVEID: CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a specially...
Security Bulletin: IBM Storage Fusion may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)
Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability...
Improper Input Validation
postcss is vulnerable to Improper Input Validation. The vulnerability is due to the REBADBRACKET in tokenize.js which does not account for carriage returns \r. This means that any CSS containing a carriage return character \r would not be matched by this regular expression, potentially allowing...
GHSA-7FH5-64P2-3V2J PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets CSS. There may be \r discrepancies, as demonstrated by @font-face font:\r/; in a rule. This vulnerability affects linters using PostCSS to parse external untrusted CSS. An...
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets CSS. There may be \r discrepancies, as demonstrated by @font-face font:\r/; in a rule. This vulnerability affects linters using PostCSS to parse external untrusted CSS. An...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
DEBIAN-CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
Code injection
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...