#java

Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. * CVE-2023-28120: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrus...

Red Hat OpenShift Container Platform release 4.10.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42889: A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Common...

Categories: Exploits and vulnerabilities Categories: News Tags: APC Tags: UPS Tags: Schneider Electric Tags: CVE-2023-29411 Tags: CVE-2023-29412 Tags: CVE-2023-29413 In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. (Read more...) The post APC warns about critical vulnerabilities in online UPS monitoring software appeared first on Malwarebytes Labs.

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

The report found that ninety-seven percent of security vulnerabilities labeled as "critical" could actually be deprioritized.

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision

CraftCMS prior to version 3.7.68 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities.