ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.
ee31da97db0bda4a3b42019ff3e199e34d24625e0b83fa1d18f2b97da9c2728c
Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected.
a04c70c3c5d6b08862017de94ee487ead5f2b2595fd13961e1c80a947b2d275c
Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.
e8c5fca15c718cc8dd491c4bcec10fa3e9d5113ff39850bf8adff3a3d0ba7b03
The latest version (5.1) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate their privileges to root by abusing a weak sudo configuration for the "dcm" user.
566ceaa70e7ce9a3bd9825a0b7a97b644b608fe05fd23b30746e3017a5408ae6
Zhuhai Suny Technology ESL Tag suffers from replay attacks and a forgery attack allowing for the displaying of arbitrary contents.
8a27a8ec1a40c485612406d067e803d86d138460771fe55dd5f37c04f5c55870
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).
ae9802d4db6010e09c5ca96ad72cd8f9bb70aff4d7af8a1ec00cebd3203d1f95
Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.
0dca96db49c3aae632e40d6b29c30d32088f3d7c6667b64b954a6a6345dcc625
Delta Electronics DVW-W02W2-E2 version 2.42 suffers from an authenticated command injection vulnerability.
52f6f8745199afbfc55428bee6dbae1fbbe91da63778b61a0ac8bf89593b7906
Delta Electronics DX-2100-L1-CN version 1.5.0.10 suffers from command injection and cross site scripting vulnerabilities.
c011ce849673992de02ffa60ff745be7e4efb5d267d29dec7c008d33777fc8a8