GHSA-G56W-CWG4-HXX9 Code injection in quarkus dev ui config editor

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

Code injection in quarkus dev ui config editor

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

Remote code execution

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

Oracle Linux 9 : podman (ELSA-2022-7954)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7954 advisory. 2:4.2.0-3.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 2:4.2.0-3 - fix dependency in test subpackage - Related:...

PT-2022-6100 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: quarkus affected versions not specified Description: The issue is related to the Dev UI Config Editor component of the quarkus Java framework, which is vulnerable to remote code execution due to incorrect code generation management. This can...

podman: Remote traffic to rootless containers is seen as orginating from localhost

A flaw was found in podman. Rootless containers receive all traffic with a source IP address of 127.0.0.1 including from remote hosts which impact containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. The highest threat from this...

Improper Access Control

github.com/istio/istio is vulnerable to improper access control due to the isTrustedAddress function of xfccauthenticator.go. An attacker with access to the localhost Istiod control plane can impersonate any workload identity within the service mesh...

CVE-2022-39388 Istio may allow identity impersonation if user has localhost access

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

CVE-2022-39388 Istio may allow identity impersonation if user has localhost access

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

Istio may allow identity impersonation if user has localhost access

Impact User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Patches 1.15.3 Workarounds No. If using 1.15.2 please upgrade to 1.15.3 or later. References None at this time. For more information If you have any questions or...

GHSA-6C6P-H79F-G6P4 Istio may allow identity impersonation if user has localhost access

Impact User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Patches 1.15.3 Workarounds No. If using 1.15.2 please upgrade to 1.15.3 or later. References None at this time. For more information If you have any questions or...

PT-2022-24947 · Istio · Istio

Name of the Vulnerable Software and Affected Versions: Istio versions 1.15.x prior to 1.15.3 Description: A user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Recommendations: For versions prior to 1.15.3, upgrade to versi...

curl: CVE-2022-43552: HTTP Proxy deny use-after-free

Issues reported by Trail of Bits. This is either one or two issues. Summary: ./src/curl 0 -x0:80 telnet:/j-uj-u//0 -m 01 ./src/curl 0 -x0:80 smb:/j-uj-u//0 -m 01 Both command line ends up having libcurl access and use already freed heap-memory. For read and write. Steps To Reproduce: See above, r...

Cross-site Scripting in actionpack

actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit. This vulnerability is disputed by the Rails security team. It requires that the developer is tricked into copy pasting a malicious...

Multix 2.4 Cross Site Request Forgery Vulnerability

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Cross Site Request Forgery Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on Ubuntu...