Security
Headlines
HeadlinesLatestCVEs

Tag

#oauth

Red Hat Security Advisory 2023-0777-01

Red Hat Security Advisory 2023-0777-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.56. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.

Packet Storm
#xss#csrf#vulnerability#web#google#red_hat#dos#git#java#kubernetes#rce#oauth#auth#ssh#rpm
CVE-2023-26462: ThingsBoard Release Notes

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

RHSA-2023:0777: Red Hat Security Advisory: OpenShift Container Platform 4.9.56 security update

Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7692: PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enou...

CVE-2023-22974: OpenEMR Patches - OpenEMR Project Wiki

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

How to Stop Attackers That Target Healthcare Imaging Data

Attribute-based encryption could help keep sensitive metadata off of the Dark Web.

CVE-2023-25240: Bypassing SameSite cookie restrictions | Web Security Academy

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.