EUVD-2022-48761

Malicious code in bioql PyPI...

ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: ILIAS eLearning platform vulnerable version: = 7.15 fixed version: 7.16 CVE number: CVE-2022-45915, CVE-2022-45916,...

CVE-2022-45915

ILIAS before 7.16 allows OS Command Injection...

CVE-2022-45916

ILIAS before 7.16 allows XSS...

CVE-2022-45916

ILIAS before 7.16 allows XSS...

CVE-2022-45918

ILIAS before 7.16 allows External Control of File Name or Path...

Command injection

ILIAS before 7.16 allows OS Command Injection...

Open redirect

ILIAS before 7.16 has an Open Redirect...

CVE-2022-45918

CVE-2022-45918 affects ILIAS eLearning platform prior to 7.16. The vulnerability is External Control of File Name or Path, with upstream advisories and Red Hat corroborating that versions

CVE-2022-45915

ILIAS before 7.16 allows OS Command Injection...

CVE-2022-45916

ILIAS before 7.16 allows XSS...

CVE-2022-45915

CVE-2022-45915 affects ILIAS eLearning platform. Multiple connected sources confirm that ILIAS prior to version 7.16 is vulnerable to OS Command Injection, with fixed version 7.16 or later. The vulnerability impacts versions

ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS eLearning platform versions prior to 7.16 that stems from allowing external control over file names or paths...

ILIAS < 6.20, 7.x < 7.16 Multiple Vulnerabilities

ILIAS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if description...

PT-2022-7073 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.16 Description: The issue is related to an open redirect in the shib logout.php script, specifically with the handling of the return parameter. This could allow a remote attacker to redirect users to an arbitrary URL...

PT-2022-16218 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 7.16 through 7.17.0 Description: A flaw was discovered in Elasticsearch's upgrade assistant, which occurs when upgrading from version 6.x to 7.x, disabling the in-built protections on the security index. This allows...

CVE-2019-8835

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary...

CVE-2019-8834

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iClo...

CVE-2019-8846

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code...

About the security content of iCloud for Windows 7.16

About the security content of iCloud for Windows 7.16 This document describes the security content of iCloud for Windows 7.16. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...