Important: Red Hat Security Advisory: kpatch-patch-4_18_0-305_120_1 security update

An update for kpatch-patch-4180-3051201 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools...

CVE-2024-43853 cgroup/cpuset: Prevent UAF in proc_cpuset_show()

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow An UAF can happen when /proc/cpuset is read as reported in 1. This can be reproduced by the following methods: 1.add an mdelay1000 before acquiring the cgrouplock In the cgrouppathns...

CVE-2024-43853 cgroup/cpuset: Prevent UAF in proc_cpuset_show()

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow An UAF can happen when /proc/cpuset is read as reported in 1. This can be reproduced by the following methods: 1.add an mdelay1000 before acquiring the cgrouplock In the cgrouppathns...

PT-2024-40842 · Git +1 · Hdf5

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions, including H5SL search, H5FS sect remove real, and H5FS...

PT-2024-21149 · Octobercms · October Cms Bloghub Plugin

Name of the Vulnerable Software and Affected Versions: October CMS Bloghub Plugin versions 1.3.8 and lower Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section. This can lead to the execution...

CVE-2024-25837

A stored cross-site scripting XSS vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section...

CVE-2024-25837

CVE-2024-25837 — Summary (concrete details from connected docs): The vulnerability is a stored XSS in the October CMS Bloghub Plugin, affecting versions 1.3.8 and earlier. The XSS occurs via a crafted payload in the Comments section, enabling execution of arbitrary web scripts or HTML in the vict...

CVE-2024-25837

A stored cross-site scripting XSS vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section...

Important: Red Hat Security Advisory: bind and bind-dyndb-ldap security update

An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:5322 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: Firefox: 115.14/128.1 ESR mozilla: Fullscreen notification dialog can be obscured by document content CVE-2024-7518 mozilla: Out of bounds memory access in graphics shar...

Critical: Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: wget security update

An update for wget is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: jose security update

An update for jose is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Cache Poisoning

typo3/cms is vulnerable to Cache Poisoning. The vulnerability is caused due to using the configuration option config.prefixLocalAnchors with values "all" or "cached". This can lead to unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the...

KLA71478 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET and Visua...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free CVE-2022-48666 In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. CVE-2024-36484 In the Linux kernel, the following...

Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...