Security
Headlines
HeadlinesLatestCVEs

Tag

#google

RHSA-2023:0560: Red Hat Security Advisory: OpenShift Container Platform 4.10.51 security update

Red Hat OpenShift Container Platform release 4.10.51 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7692: PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the ...

Red Hat Security Data
Open in Source
#xss#csrf#vulnerability#web#google#linux#red_hat#dos#apache#nodejs#js#git#java#kubernetes#aws#oauth#auth#ssh#ibm
Toyota Global Supply Chain Portal Flaw Put Hacker in the Driver's Seat

The automaker closed a hole that allowed a security researcher to gain system administrator access to more than 14,000 corporate and partner accounts and troves of sensitive data.

How Businesses Benefit from Using Instagram Reels

By Owais Sultan Since its launch in August 2020, Instagram Reels has become home to a whopping two billion active users.… This is a post from HackRead.com Read the original post: How Businesses Benefit from Using Instagram Reels

CVE-2023-0748: Open Redirect on "returnUrl=" parameter in btcpayserver

Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.

CVE-2023-0747: File Upload Type Validation Error lead to Stored XSS in btcpayserver

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.

Why Some Cloud Services Vulnerabilities Are So Hard to Fix

Five months after AWS customers were alerted about three vulnerabilities, nearly none had plugged the holes. The reasons why underline a need for change.

Stalkerware-type app developers fined by NY Attorney General

Categories: News Tags: stalkerware Tags: mobile Tags: device Tags: NYAG Tags: monitoring Tags: New York Tags: app Tags: developer We take a look at news that the NYAG has penalised developers of stalkerware-type apps, and the ramifications for those developers further down the line. (Read more...) The post Stalkerware-type app developers fined by NY Attorney General appeared first on Malwarebytes Labs.

VMware Disputes Old Flaws at Root of ESXiArgs Ransomware Attacks

By Deeba Ahmed The refutation came days after Europe and North America were rattled by ESXiArgs Ransomware attacks. This is a post from HackRead.com Read the original post: VMware Disputes Old Flaws at Root of ESXiArgs Ransomware Attacks

CVE-2023-24828: Fix issue #1179 - OneDev should use crypto strong random string for a… · theonedev/onedev@d67dd96

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability.