#js

Hospital Management System version 1.0 suffers from a code injection vulnerability.

Event Registration and Attendance System version 1.0 suffers from a code injection vulnerability.

Red Hat Security Advisory 2024-5583-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-5582-03 - An update for kpatch-patch-4_18_0-372_87_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-5522-03 - An update for kpatch-patch-4_18_0-553 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-5082-03 - Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 17.1 for Red Hat Enterprise Linux 8.4.

Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials

Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials

One of the key components of a container-based architecture is security.There are many facets to it (just have a look at the list of topics in the official OpenShift documentation here), but some of the most basic requirements are authentication and authorization. In this article, I explain how authentication and authorization work in Kubernetes and Red Hat OpenShift. I cover interactions between the different layers of a Kubernetes ecosystem, including the infrastructure layer, Kubernetes layer, and the containerized applications layer.What is authentication and authorization?In simple terms,

During account assignment in the Talk2M platform, a Cosy+ device generates and sends a certificate signing request (CSR) to the back end. This CSR is then signed by the manufacturer and used for OpenVPN authentication by the device afterward. Since the common name (CN) of the certificate is specified by the device and used in order to assign the OpenVPN session to the corresponding Talk2M account, an attacker with root access to a Cosy+ device is able to manipulate the CSR and get correctly signed certificates for foreign devices.