#vulnerability

Red Hat Security Advisory 2024-3998-03 - An update for curl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-3989-03 - Migration Toolkit for Applications 6.2.3 release. Issues addressed include denial of service, memory leak, and password leak vulnerabilities.

Red Hat Security Advisory 2024-3918-03 - Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-3881-03 - Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

Highlights Complex Tool Landscape: Explore the wide array of cybersecurity tools used by MSPs, highlighting the common challenge of managing multiple systems that may overlap in functionality but lack integration.Top Cybersecurity Challenges: Discuss the main challenges MSPs face, including integration issues, limited visibility across systems, and the high cost and complexity of maintaining

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table. This issue affects Apache Superset before version 3.1.3 and in version 4.0.0. Users are recommended to upgrade to version 4.0.1 or 3.1.3, both of which fix the issue.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.

### Impact A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. ### Patches This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that, when using the `noneditable_regexp` option, any content within an attribute is properly verified to match the configured regular expression before being added. ### Fix To avoid this vulnerability: * Upgrade to TinyMCE 7.2.0 or higher. * Upgrade to TinyMCE 6.8.4 or higher for TinyMCE 6.x. * Upgrade to TinyMCE 5.11.0 LTS or higher for TinyMCE 5.x (only available as part of commercial [long-term support](https://www.tiny.cloud/long-term-support/) contract). ### References * [TinyMCE 6.8.4](https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-not...