#js

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Diverse ecosystem of global technology, finance, and university leaders join as first OpenWallet Foundation Members, many more expected.

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

### Impact Providing an invalid value to the `where` option of a query caused Sequelize to ignore that option instead of throwing an error. A finder call like the following did not throw an error: ```ts User.findAll({ where: new Date(), }); ``` As this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option. ### Patches This issue has been patched in [`[email protected]`](https://github.com/sequelize/sequelize/pull/15699) & [`@sequelize/[email protected]`](https://github.com/sequelize/sequelize/pull/15375) ### References A discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15698 CVE: CVE-2023-22579 Snyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090

Debian Linux Security Advisory 5358-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.

Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.

Red Hat Security Advisory 2023-0902-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-0903-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Yoga Class Registration System version 1.0 suffers from multiple remote SQL injection vulnerabilities.