PT-2022-9814 · Ge · Ge Ur

Name of the Vulnerable Software and Affected Versions: GE UR firmware versions prior to 8.1x Description: The issue allows sensitive information exposure without authentication. This occurs because the web server interface is supported over the HTTP protocol. Recommendations: For GE UR firmware...

Red Hat 389 Directory Server 授权问题漏洞

Red Hat 389 Directory Server formerly known as Fedora Directory Server is an enterprise-class Linux directory server from Red Hat, Inc. The server fully supports the LDAPv3 specification and features scalable, multi-master replication, etc. A security vulnerability exists in Red Hat 389 Directory...

CVE-2022-22671

An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen...

CVE-2022-22671

An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen...

CVE-2022-22656

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen...

CVE-2022-22656

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen...

CVE-2022-22671

An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen...

CVE-2022-22671

CVE-2022-22671 concerns an authentication issue in iOS/iPadOS where a person with physical access could view photos from the lock screen. The connected sources confirm the vulnerability affects Apple devices and is fixed in iOS 15.4 / iPadOS 15.4. Affected component: VoiceOver/lock-screen handlin...

CVE-2022-22656

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen...

CVE-2022-22656

CVE-2022-22656 is a macOS authentication issue involving the fast user switching screen. The vulnerability arises from flawed state management, allowing a local attacker to view the previous logged-in user’s desktop. It is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, and Security Update 20...

PT-2022-4658 · Unknown +9 · Pacemaker Configuration Tool +9

Name of the Vulnerable Software and Affected Versions: Pacemaker configuration tool pcs affected versions not specified Description: A flaw was found in the Pacemaker configuration tool, allowing expired accounts and accounts with expired passwords to login when using PAM authentication. This iss...

PT-2022-15604 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.6.5 macOS Monterey versions prior to 12.3 macOS Catalina versions prior to Security Update 2022-003 Description: An authentication issue was addressed with improved state management, allowing a local attacker to...

CVE-2022-24748 Incorrect Authentication in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgra...

OPENSUSE-SU-2022:0743-1 Security update for cyrus-sasl

This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sqlauxpropstore in plugins/sql.c bsc1196036. The following non-security bugs were fixed: - postfix: sasl authentication with password fails bsc1194265...

MGASA-2022-0086 Updated mc packages fix security vulnerability

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. CVE-2021-36370...

PT-2022-10706 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.1 and earlier Liferay DXP versions 7.0 through 7.0 before fix pack 90 Liferay DXP versions 7.1 through 7.1 before fix pack 17 Liferay DXP versions 7.2 through 7.2 before fix pack 5 Description: The issue concerns t...

Missing authentication in ShenYu

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

PT-2022-10291 · Fresenius Kabi · Fresenius Kabi Agilia Link + +1

Name of the Vulnerable Software and Affected Versions: Fresenius Kabi Agilia SP MC WiFi versions prior to vD25 Fresenius Kabi Agilia Link + version 3.0 Description: The issue concerns a default configuration page that is accessible without authentication. An attacker may exploit this to change...

Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS

The plugin does not have any authorisation and CSRF in its bpfwpwelcomeaddcontactpage and bpfwpwelcomesetcontactinformation AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting...

多款Qualcomm产品代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. The Qualcomm chip has a code issue vulnerability that stems from...