Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Unleashing the potential of Intel® IPU with Red Hat OpenShift

Red Hat and Intel are collaborating on a joint solution that more seamlessly integrates Intel® IPU with Red Hat OpenShift, propelling cloud and edge computing into a new era of performance and scalability.The solution brings together Intel’s latest leading programmable network device, the Intel® Infrastructure Processing Unit (Intel® IPU) E2000 Series with Red Hat OpenShift. This solution, shown in the following diagram, is designed for performance at scale under real world workloads and opens up a wide array of use cases through the ability to flexibly service chain network functions at

Red Hat Blog
Open in Source
#vulnerability#web#mac#linux#red_hat#kubernetes#intel#ssl
GHSA-2xp3-57p7-qf4v: xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing

### Summary Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-CoreValidation. As such, without additional validation steps, the default configuration allows a malicious actor to re-sign an XML document, place the certificate in a `<KeyInfo />` element, and pass `xml-crypto` default validation checks. ### Details Affected `xml-crypto` versions between versions `>= 4.0.0` and `< 6.0.0`. `xml-crypto` trusts by default any certificate provided via digitally signed XML document's `<KeyInfo />`. `xml-crypto` prefers to use any certificate provided via digitally signed XML document's `<KeyInfo />` even if library was configured to use specific certificate (`publicCert`) for signature verification purposes. Attacker can spoof signature verification by modifying XML document and replacing existing signature with signature generated with malicious pri...

GHSA-3999-5ffv-wp2r: Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

### Summary Attack scenario The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended to this vector. This can be remotely triggered in a number of ways, for example by: 1. Opening a new libp2p Identify stream. This causes the node to send its Identify message. Of course, every other protocol that causes the sending of data also works. The larger the response, the more data is enqueued. 2. Sending a Yamux Ping frame. This causes a Pong frame to be enqueued. Under normal circumstances, this queue of pending frames would be drained once they’re sent out over the network. However, the attacker can use TCP’s receive window mechanism to prevent the victim from sending out any data: By not reading from the TCP connection, the receive window will never be increased, and the victim won’t be able to send out any new data (this is how TC...

GHSA-rwfq-v4hq-h7fg: static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names

### Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like `<img src=x onerror=alert(1)>.txt` will allow JavaScript code execution in the context of the web server’s domain. ### Details SWS generally does not perform escaping of HTML entities on any values inserted in the directory listing. At the very least `file_name` and `current_path` could contain malicious data however. `file_uri` could also be malicious but the relevant scenarios seem to be all caught by hyper. ### Impact For any web server that allow users to upload files or create directories under a name of their choosing this becomes a stored XSS vulnerability.

GHSA-9p57-h987-4vgx: Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values

There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are when it comes to executing unsafe JavaScript via HTML attributes. ### Impact If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. ```ruby a(href: user_profile) { "Profile" } ``` If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. ```ruby h1(**JSON.parse(user_attributes)) ``` ### Patches Patches are [available on RubyGems](https://rubygems.org/gems/phlex) for all minor versions released in the last year. - [1.10.2](https://rubygems.org...

GHSA-q5qj-x2h5-3945: Zitadel exposing internal database user name and host information

### Impact In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. ### Patches 2.x versions are fixed on >= [2.50.3](https://github.com/zitadel/zitadel/releases/tag/v2.50.3) 2.49.x versions are fixed on >= [2.49.5](https://github.com/zitadel/zitadel/releases/tag/v2.49.5) 2.48.x versions are fixed on >= [2.48.5](https://github.com/zitadel/zitadel/releases/tag/v2.48.5) 2.47.x versions are fixed on >= [2.47.10](https://github.com/zitadel/zitadel/releases/tag/v2.47.10) 2.46.x versions are fixed on >= [2.46.7](https://github.com/zitadel/zitadel/releases/tag/v2.46.7) 2.45.x versions are fixed on >= [2.45.7](https://github.com/zitadel/zitadel/releases/tag/v2.45.7) ### Workarounds There is no workaround since a patch is already available. ### Questions If you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected])

GHSA-w2v8-php4-p8hc: Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`

### Impact If a model has been made available for editing through the [`wagtail.contrib.settings`](https://docs.wagtail.org/en/stable/reference/contrib/settings.html) module or [`ModelViewSet`](https://docs.wagtail.org/en/stable/extending/generic_views.html#modelviewset), and the [`permission` argument on `FieldPanel`](https://docs.wagtail.org/en/stable/reference/pages/panels.html#wagtail.admin.panels.FieldPanel.permission) has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific field can craft an HTTP POST request that bypasses the permission check on the individual field, allowing them to update its value. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, or by a user who has not been granted edit access to the model in question. The editing interfaces for pages and snippets are also unaffected. ### Patches Patched versions have been released as W...

The US Government Is Asking Big Tech to Promise Better Cybersecurity

The Biden administration is asking tech companies to sign a pledge, obtained by WIRED, to improve their digital security, including reduced default password use and improved vulnerability disclosures.

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.