Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/archive endpoint creates an archive of the repository, leveraging the git-archive command to do so. Supplying NULL bytes to the request enables the passing of additional arguments to the command, ultimately enabling execution of arbitrary commands.
b243d8611790a90b192551fc326eb12be22c5ca700eb91be1d60e366f9f665cbUbuntu Security Notice 5628-1 - It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service. It was discovered that etcd incorrectly handled directory permissions when trying to create a directory that exists already. An attacker could possibly use this issue to obtain sensitive information. It was discovered that etcd incorrectly handled endpoint setup. An attacker could possibly use this issue to cause a denial of service.
28f2da782ea003139da2e8040d034ae2b2f3198ce124812a6471f98fc2cbaab1Ubuntu Security Notice 5627-1 - It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information.
7aa38649a545af11b9197793106e2db93bfb4933b2a8c062f9b3ded3df35c13eRed Hat Security Advisory 2022-6681-01 - Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important.
35fe0c51a1e2d8d57b8f5b189f065486839edc6ee7397371f98e2e4d322f3113Linux stable versions 5.4 and 5.10 suffers from a page use-after-free via stale TLB caused by an rmap lock not held during PUD move.
b9d45dd1409659792dcfd15c2c4781345acb1b7ca05dc637d666213b43252dffWorkOrder CMS version 0.1.0 suffers from a cross site scripting vulnerability.
8cb65551c6ae83267598a7e09fa1ae7d1fe89f8b73a899df384b74eda241039dWorkOrder CMS version 0.1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1be273ff725163819b2cfa9a453104d943c26788eac55ddd53d75e0f3feec9d8Ubuntu Security Notice 5626-2 - USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service.
5582262f24a0e94484485b69255a623685abc83599ef59c31512503b78e7393cRed Hat Security Advisory 2022-6535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5.
6d3c1ddf774e1588d2f8e92bbdc00d295380ed834dc8b5fd7cc6adb3e7a09bafRed Hat Security Advisory 2022-6536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.5.
0c76c344a24ad9f294e5e60b3ecf6b5cbee617962cc0ff63f7cf784cc0666fc0Red Hat Security Advisory 2022-6531-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.33.
c6657749af2aec5a876585445e4bcbd9d3c2a60965b10273bbb9fc304ad6aa9aMultix version 2.4 suffers from a cross site request forgery vulnerability.
d804687ad3c71ed52a7465168db79fb1a6b87b78c6e128b3cc988a897cc33cf8Multix version 2.4 suffers from a cross site scripting vulnerability.
bb2ca11cc842b79877a14838fd8eff43efb418ab7ce31beacd1ccccfae1b0bf7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed