#js

Red Hat Security Advisory 2023-3218-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.

thrsrossi Millhouse-Project version 1.414 suffers from a remote shell upload vulnerability.

LeadPro CRM version 1.0 suffers from a remote SQL injection vulnerability.

Yank Note version 3.52.1 suffers from an arbitrary code execution vulnerability.

Red Hat OpenShift Container Platform release 4.10.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2995: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct acc...

Categories: Business How Malwarebytes MDR successfully helped a company detect and respond to the potent banking Trojan QBot. (Read more...) The post Tracking down a trojan: An inside look at threat hunting in a corporate network appeared first on Malwarebytes Labs.

An update for rh-ruby27-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33621: A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients. * CVE-2023-28755: A flaw was found in the ...

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...

Categories: News Categories: Personal Tags: AI Tags: twitter Tags: misinformation Tags: disinformation Tags: fake Tags: viral Tags: hoax Tags: news Tags: verified Tags: checkmark Tags: debunk We take a look at a viral hoax on Twitter which used AI generated imagery to claim an explosion had occurred close to the Pentagon. (Read more...) The post AI generated Pentagon explosion photograph goes viral on Twitter appeared first on Malwarebytes Labs.

### Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. ``` TypeError: Cannot convert object to primitive value at Socket.emit (node:events:507:25) at .../node_modules/socket.io/lib/socket.js:531:14 ``` ### Patches A fix has been released today (2023/05/22): - https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3, included in `[email protected]` - https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced, included in `[email protected]` | `socket.io` version | `socket.io-parser` version | Needs minor update? | |---------------------|---------------------------------------------------------------------------------------------------------|--------------------------------------| | `4.5.2...latest` | `~4.2.0`...