Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

RHSA-2023:1742: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44531: A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry...

Red Hat Security Data
#vulnerability#linux#red_hat#dos#nodejs#js#java#perl#buffer_overflow#auth#ibm#sap
CVE-2023-1829: 🐧🕺

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.

RHSA-2023:1656: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to u...

RHSA-2023:1693: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2625: A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT ...

Samsung Engineers Feed Sensitive Data to ChatGPT, Sparking Workplace AI Warnings

In three separate incidents, engineers at the Korean electronics giant reportedly shared sensitive corporate data with the AI-powered chatbot.

CVE-2023-25955: お知らせ

National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.

Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and in provisioning Azure Role Based Access Control as customers are responsible for configuring and managing applications, identity, and data.

CVE-2022-38604: Wacom Driver Arbitrary File Deletion Vulnerability

Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.

CVE-2022-43293: Wacom Driver Arbitrary File Write\Overwrite Vulnerability

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.

Ubuntu Security Notice USN-6003-1

Ubuntu Security Notice 6003-1 - Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands.