New Alerts for Next.js, PyTorch, Microsoft Edge, HPE, JTEKT, Apache Commons, and Linux.
Next.js
Next.js has been released to address a security vulnerability. It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. CVSSv3 score of 9.1
More info.
A deserialization vulnerability exists in the Pytorch RPC framework. This flaw allows a remote attacker to execute arbitrary code by sending a malicious serialized PythonUDF object, leading to RCE on the master node. CVSSv3 score of 9.8
More info.
Microsoft has updated Edge with the latest chromium security updates and 1 Edge-specific security update.
More info.
Security vulnerabilities have been identified in HPE Telco Service Activator Product that allow a remote attacker to cause a DoS, access restriction bypass, and unauthorized data access. Highest CVSSv3 score of 7.5
More info.
Multiple vulnerabilities were found in HMI GC-A2 series. Highest CVSSv3 score of 5.8
More info.
Multiple vulnerabilities were found in HMI View Jet C-more series. Highest CVSSv3 score of 8.6
More info.
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password.
More info.
SUSE has updated the kernel. More info.