#js

Red Hat Security Advisory 2023-7783-03 - An update for postgresql is now available for Red Hat Enterprise Linux 7. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-7782-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2023-7778-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-7720-03 - An update is now available for RHOL-5.8-RHEL-9. Issues addressed include a file disclosure vulnerability.

Red Hat Security Advisory 2023-7691-03 - Red Hat OpenShift Container Platform release 4.11.55 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2023-7690-03 - Red Hat OpenShift Container Platform release 4.11.55 is now available with updates to packages and images that fix several bugs and add enhancements.

Debian Linux Security Advisory 5577-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Missing Encryption of Sensitive Data, Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Improper Input Validation, Out-of-bounds Write, Out-of-bounds Read, Infinite Loop, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Allocation of Resources Without Limits or ...

### Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. ### Patches The issue has been patched in the `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. ### Workarounds There are currently no workaround for older versions, and the recommendation is to upgrade. ### References The issue was reported by an independent researcher in our Community Slack and has been promptly patched in the recent update.

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.