#js

Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data. "SolarWinds Access Rights

### Impact The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to <svg onload=alert('XSS')> if they know how to craft these requests themselves. ### Patches N/A ### Workarounds Review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the "Enable rich text editor for participants" setting in the admin dashboard ### References OWASP ASVS v4.0.3-5.1.3

Red Hat Security Advisory 2024-6667-03 - Red Hat OpenShift Dev Spaces 3.16 has been released.

Red Hat Security Advisory 2024-6663-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-6662-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Security Advisory 2024-6661-03 - An update for python3-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Security Advisory 2024-6656-03 - Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a cross site scripting vulnerability.

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized

Red Hat Security Advisory 2024-6657-03 - Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.