Tag
#java
An update for nss is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Categories: Threat Intelligence Tags: magecart Tags: skimmer Tags: obfuscation Tags: hunter Tags: credit card Tags: magento The threat actor behind this operation is using an open-source JavaScript obfuscator to hide its code. (Read more...) The post A look at a Magecart skimmer using the Hunter obfuscator appeared first on Malwarebytes Labs.
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25751: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash. * CVE-2023-25752: A flaw was found in Mozilla. The Mozilla Foundation Secu...
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
Red Hat OpenShift Container Platform release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric...
Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.
### Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. ### Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. ### Workarounds None. ### References Wikipedia has an explanation of this class of vulnerability: [billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack) ### Acknowledgements Thank you to @gdude2002 for reporting this issue.
MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.