Red Hat Security Advisory 2022-0866-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.56. Issues addressed include a code execution vulnerability.
074786ed947c683e2eed700d99aa184d37f3d83bb72f57c693b498dc966fbbaeImpressCMS versions 1.4.2 and below pre-authentication SQL injection to remote code execution exploit. User input passed through the "groups" POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the "users" database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.
576e64698cc9d7062dccead415b9bdbbe2c02e4ae86258cd980164b5e56355ccRed Hat Security Advisory 2022-1029-01 - A micro version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include cross site scripting, denial of service, information leakage, and server-side request forgery vulnerabilities.
e1a2e4b551ccd5d032fc05c0712cca1e96b04eea7c46e8e7109f20f450bbd890Ubuntu Security Notice 5343-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.
f52b839ff13c30e863d5be66f515f639c4bbf6c3ac1911f54911c3a1db6abad1Red Hat Security Advisory 2022-0870-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.45. Issues addressed include a code execution vulnerability.
93130424d32563e2c2dd53848108e26a74919f3ac0aa24524a7f992181731abeRed Hat Security Advisory 2022-0871-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.35. Issues addressed include a code execution vulnerability.
8c60d330e09868f9c004fdf9cdd2e0430e7b49f37602ccff9799dfddfe2fe30cRed Hat Security Advisory 2022-1012-01 - Expat is a C library for parsing XML documents. Issues addressed include code execution and integer overflow vulnerabilities.
57f82e760b9ff26a89294331c00d89dc12766f4bb95dba6543918b518a6f31d8Ubuntu Security Notice 5340-1 - Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
9cd0120842dd043b5e493d3eb8821794d81f1b61c1e795bb4c60d255fb26b0b3ProtonVPN version 1.26.0 suffers from an unquoted service path vulnerability.
e21848ef4218212fdffd52292dd2336d076c2389731673c907a9fead149a68a1Drupal Avatar Uploader version 7.x-1.0-beta8 suffers from a cross site scripting vulnerability.
b2390b5f84449f7631d49eaf64401f414a42042133354c3f7488cb219f6ce52bRed Hat Security Advisory 2022-1013-01 - Red Hat Integration - Camel Extensions for Quarkus 2.2.1 serves as a replacement for 2.2 and includes security fixes. Issues addressed include code execution, denial of service, deserialization, information leakage, and memory leak vulnerabilities.
d5cfb7d93bd17d4a300c3574ceea4314e4c04e0e4b82484593f5c02a870e2682WordPress Amministrazione Aperta plugin version 3.7.3 suffers from an arbitrary file read vulnerability.
1af5cdbca2fba34e20952246b62d1c6ea3c147e377bb3da4d6af9bc7e3a8b828Red Hat Security Advisory 2022-1007-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability.
ce07462a1501c987a2440081205eb708f1ce719bb26e12f1801968793ad136a6Red Hat Security Advisory 2022-1010-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability.
e2f0b3d0237280bfe9ca2b4a1b6982996781f17805ce5490fa8e00a1f172e116
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed