#js

Debian Linux Security Advisory 5532-1 - Tony Battersby reported that incorrect cipher key and IV length processing in OpenSSL, a Secure Sockets Layer toolkit, may result in loss of confidentiality for some symmetric cipher modes.

Red Hat Security Advisory 2023-6085-01 - An update is now available for Red Hat Openshift distributed tracing 2.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6084-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5896-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5895-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs.

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

### Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. > The passwords are *not* exposed in plaintext. > Nautobot 1.x is *not* affected by this vulnerability. Example: ``` GET /api/users/permissions/?depth=1 HTTP 200 OK API-Version: 2.0 Allow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS Content-Type: application/json Vary: Accept ``` ```json { "count": 1, "next": null, "previous": null, "results": [ { "id": "28ea85e4-5039-4389-94f1-9a3e1c787149", "object_type": "users.objectpermission", "display": "Run Job", "url": "http://localhost:8080/api/users/permissions/28ea85e4-5039-4389-94f1-9a3e1c787149/", "natural_slug": "run-job_28ea", "object_types": [ "extras.job" ], "name": ...

Red Hat Security Advisory 2023-6080-01 - Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6079-01 - Red Hat Integration Camel for Spring Boot 3.20.3 release and security update is now available. Issues addressed include a denial of service vulnerability.