#js

Red Hat Security Advisory 2024-4256-03 - An update for less is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-4252-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4249-03 - An update for c-ares is now available for Red Hat Enterprise Linux 8. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2024-4247-03 - An update for libuv is now available for Red Hat Enterprise Linux 8. Issues addressed include a server-side request forgery vulnerability.

Red Hat Security Advisory 2024-4246-03 - An update for container-tools is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-4245-03 - An update for python3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-4244-03 - An update for python3.11-PyMySQL is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote SQL injection vulnerability.

The Microsoft Security Response Center (MSRC) has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report Abuse Portal and API, which will significantly improve the way we handle and respond to abuse reports.

### Impact Improper access control allows editors to remove admin group and locale configuration in Aimeos backend

### Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure `polyfill.io` and its subdomains could not resolve to the compromised service, rendering this vulnerability **unexploitable**. The following sections describe this vulnerability prior to the domain level intervention, when it was still exploitable. ### Impact `fides.js`, a client-side script used to interact with the consent management features of Fides, used the `polyfill.io` domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard. On June 25th, 2024, Sansec published the following regarding the `polyfill.io` domain. > The polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io domain... However, in February this year, a Chinese company bought the domain and the Github account. Since then, this domain was caught injecting malware on mobile devices via ...