SolarView Compact version 6.00 suffers from multiple cross site scripting vulnerabilities.
25d560f3ffdb43d77020e39409d019b6357d829359c682ee2a18df30976b41c7
Red Hat Security Advisory 2022-5095-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
4c3ec629c4223eb162af5230c255c58930695266f861587bbbf2094a5e049e04
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
859d87ae63633787bdbe010be7b03817fc47a4dc9d6e5a47c6b19c31de4fe3cc
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.
6d66162caa87e1410113575c6a6d6f93e01bfe781f0ffa5dbe090641a9dac682
Red Hat Security Advisory 2022-5096-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
599b664c81a5612e99f1e4c5c07ad0f0223b8a2bc5a4d147cae39fb875d1c284
Red Hat Security Advisory 2022-5098-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
eb5658310e362f002091a1f7f759c770aba64922b044eb6f3ef039ee02122cb7
Red Hat Security Advisory 2022-5101-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.0 serves as a replacement for Red Hat AMQ Broker 7.9.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
891960734e7d0b04a094b7cc3327354f46fb865081875776be3a8e74d43869ed
TP-Link AX50 router with firmware 210730 suffers from an authenticated remote code execution vulnerability.
e9405793b7fbd26449e879b0ee195c0abb5d3b3eb2e5d7aa68fa030fc4d1ffa1
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
0499022a6a3f03967aa1bfbbc7d7e74d466f3bd50061bd29d99dde21b1e9744c
Red Hat Security Advisory 2022-4965-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.53. There are no images for this advisory. Issues addressed include a memory exhaustion vulnerability.
060b9f1d5164061ad5cc5b180d24a58a441261729fd2896079b0ebed8c3111da
Red Hat Security Advisory 2022-5050-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.106 and .NET Runtime 6.0.6. Issues addressed include a password leak vulnerability.
853f067e7e0fc0acfe19dbb91f56ae6488db7d6e90f04e1ca2100ebb41120b30
phpIPAM version 1.4.5 suffers from an authenticated remote code execution vulnerability.
8f8f581bef46b30619f23cdd03d90b8de0076a748e81770e4068037caff5d8e3
XNU suffers from a flow divert race condition use-after-free vulnerability.
18168cefa7044ee89ba183a692734419daa60890808dbb1d62407aa2c4c7f70c
Chrome suffers from having an incomplete fix for CVE-2022-1096.
a034f87b7b68c9e71d23b3a96392d323625a4e9fd5c2246a143f439e0d73ddee
Chrome suffers from a missing bounds check in WebGPUDecoderImpl::DoRequestDevice.
ef3fbfbf0d934cc45efe08abfdf55bd55ba171f52a654e23e476c7b46f1b6cca
Red Hat Security Advisory 2022-4990-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
20017ff178c8e520a7c25df4416ff0396612237ce1fed2cfca40f6a90bc36dc4
Red Hat Security Advisory 2022-5052-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
713bc7bd4180e33789f269703f23e9d971d8af3931d2e5f95a2f8531c3084f8b
Red Hat Security Advisory 2022-5054-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
30a68647980f7bf0749ff6d895aa9c8bb8eb52c92ad7177ecc962524d1c44b26
Old Age Home Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2bfd5dccf3cd5e1cec7742280f8ac2bc3034ffefdbf201d08d4c64178ad59b16
Red Hat Security Advisory 2022-5056-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
b7e66150f9d77db5524e7869677d2999b696f281d6ad59bacacc4af59f3e4c72
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description] and the corresponding user manual. Thus, an attacker with physical access to such an external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.
2ceb86673a9c736cebd67a39527a5eb8f328102b032e0b9271b870c40377d572
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data.
7098d1b68edc002a1e51f5c5258de96984b038b74b703b8420355811a28fb504
This Metasploit module exploits the file upload vulnerability of Multi Language Pharmacy Management System to achieve remote code execution.
742456930e5e52c2ee76502248a99373d271bc23c86a2afc2380664719fcc4cb
Red Hat Security Advisory 2022-5057-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
f30383a6573732073c6409de35ba14aa0460a757737ad8b75555eaf0997c9b32
Sourcegraph Gitserver version 3.36.3 suffers from a remote code execution vulnerability.
ee3b7d37bfe4486bd0f3cce9798a27ebb2b45cf81818291f4acb0d35f4d13d82