#vulnerability

A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitrary

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement: <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">   <property name="constraint" ref="securityConstraint" />   <property name="pathSpec" value="/" /> </bean> Or we encourage users to upgrade to Apache ActiveMQ 6.1.2 where the default configuration has been updated with authentication by default.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email

Here at Red Hat, we’ve spent over a decade building up the power of Red Hat Insights, making it one of the most valuable pieces of technology included in your Red Hat subscription. We’ve integrated with industry-leading technologies like IBM X-Force, we’ve grown invaluable data sets from our own support cases, and we’ve extended our reach to deliver Insights wherever you work. See What the Insights portfolio can do for you.One thing that's been a blocker for US government customers and contractors has been FedRAMP. But that's a blocker no more! Through a long process of sponsorship, d

Red Hat and Intel are collaborating on a joint solution that more seamlessly integrates Intel® IPU with Red Hat OpenShift, propelling cloud and edge computing into a new era of performance and scalability.The solution brings together Intel’s latest leading programmable network device, the Intel® Infrastructure Processing Unit (Intel® IPU) E2000 Series with Red Hat OpenShift. This solution, shown in the following diagram, is designed for performance at scale under real world workloads and opens up a wide array of use cases through the ability to flexibly service chain network functions at

### Summary Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-CoreValidation. As such, without additional validation steps, the default configuration allows a malicious actor to re-sign an XML document, place the certificate in a `<KeyInfo />` element, and pass `xml-crypto` default validation checks. ### Details Affected `xml-crypto` versions between versions `>= 4.0.0` and `< 6.0.0`. `xml-crypto` trusts by default any certificate provided via digitally signed XML document's `<KeyInfo />`. `xml-crypto` prefers to use any certificate provided via digitally signed XML document's `<KeyInfo />` even if library was configured to use specific certificate (`publicCert`) for signature verification purposes. Attacker can spoof signature verification by modifying XML document and replacing existing signature with signature generated with malicious pri...

### Summary Attack scenario The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended to this vector. This can be remotely triggered in a number of ways, for example by: 1. Opening a new libp2p Identify stream. This causes the node to send its Identify message. Of course, every other protocol that causes the sending of data also works. The larger the response, the more data is enqueued. 2. Sending a Yamux Ping frame. This causes a Pong frame to be enqueued. Under normal circumstances, this queue of pending frames would be drained once they’re sent out over the network. However, the attacker can use TCP’s receive window mechanism to prevent the victim from sending out any data: By not reading from the TCP connection, the receive window will never be increased, and the victim won’t be able to send out any new data (this is how TC...

### Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like `<img src=x onerror=alert(1)>.txt` will allow JavaScript code execution in the context of the web server’s domain. ### Details SWS generally does not perform escaping of HTML entities on any values inserted in the directory listing. At the very least `file_name` and `current_path` could contain malicious data however. `file_uri` could also be malicious but the relevant scenarios seem to be all caught by hyper. ### Impact For any web server that allow users to upload files or create directories under a name of their choosing this becomes a stored XSS vulnerability.

There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are when it comes to executing unsafe JavaScript via HTML attributes. ### Impact If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. ```ruby a(href: user_profile) { "Profile" } ``` If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. ```ruby h1(**JSON.parse(user_attributes)) ``` ### Patches Patches are [available on RubyGems](https://rubygems.org/gems/phlex) for all minor versions released in the last year. - [1.10.2](https://rubygems.org...