#java

Red Hat OpenShift Container Platform release 4.12.10 is now available with updates to packages and images that fix several bugs.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25577: A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage, allowing an attacker to cause a denial of service by sending crafted multipart data to an endpoint that w...

Red Hat Security Advisory 2023-1533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.

ChatGPT suffered from a cross site scripting vulnerability. OpenAI has since addressed this issue.

Red Hat Security Advisory 2023-1516-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

GLPI versions 10.0.0 through 10.0.2 suffer from a remote SQL injection vulnerability that can lead to remote code execution.

ManageEngine Access Manager Plus version 4.3.0 suffers from a path traversal vulnerability.

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserve...

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

Categories: Exploits and vulnerabilities Categories: News Tags: Azure Tags: Microsoft Tags: Super FabriXss Tags: RCE Tags: vulnerability Tags: CVE-2023-23383 Researchers disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer. (Read more...) The post Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer appeared first on Malwarebytes Labs.