io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2022-27196 via org.jvnet.hudson.plugins:favorite (>=1.16 <=2.3.1)

org.jvnet.hudson.plugins:favorite MAVEN version =1.16, =1.0-alpha-1, =1.27.17, =1.0.0, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =0.1, =1.0.0 Source cves: CVE-2022-27196 Source advisory: OSV:GHSA-874R-46C6-7P4R...

Huawei Emui and Magic UI Bastet modules have unspecified vulnerabilities

Huawei Emui is a mobile operating system developed on Android.Magic Ui is a mobile operating system developed on Android.Huawei Emui and Magic UI Bastet modules have a security vulnerability that can be exploited by attackers to compromise the integrity...

gnuhealth-all-modules (>=4.0.4 <=4.4.1) potentially affected by CVE-2022-26662 via proteus (=6.0.10)

proteus PYPI version =6.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on proteus and may be impacted: - gnuhealth-all-modules =4.0.4, =4.4.1 Source cves: CVE-2022-26662 Source advisory: OSV:GHSA-PM3H-MM62-PWM8...

gnuhealth-all-modules (>=4.0.4 <=4.4.1) potentially affected by CVE-2022-26661 via proteus (=6.0.10)

proteus PYPI version =6.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on proteus and may be impacted: - gnuhealth-all-modules =4.0.4, =4.4.1 Source cves: CVE-2022-26661 Source advisory: OSV:GHSA-CJ78-RGW3-4H5P...

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...

HUAWEI EMUI和Honor Magic Ui 安全漏洞

Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Wi-Fi modules have a privilege control vulnerability that could be exploited by attackers to obtain sensitive information...

Huawei EMUI和Huawei Magic UI 安全漏洞

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Nearby modules are vulnerable to authorization issues that could be exploited by attackers to compromise availability and integrity...

[slackware-security] Slackware 15.0 kernel

New kernel packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.27/: Upgraded. These updates fix various bugs and security issues, including the recently announced "Dirty Pipe" vulnerability which...

Nvidia GPU Display Driver for Linux拒绝服务漏洞

Nvidia GPU Display Driver for Linux is a driver for interactive support of graphics modules on Linux systems from Nvidia, Inc. A denial-of-service vulnerability exists in the Nvidia GPU Display Driver for Linux kernel driver package, which can be exploited by attackers to The vulnerability can be...

DRUPAL-CONTRIB-2022-027

The GOV.UK Theme govuktheme is a Drupal theme for the GOV.UK Design System. The theme doesn't sanitize user input in certain cases, which leads to Cross-Site-Scripting XSS vulnerabilities. An attacker that can create or edit certain entities or configuration may be able to exploit one or more...

microweber has an unspecified vulnerability (CNVD-2022-13203)

Microweber is an online store management system from the US Microweber community that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. Microweber has a security vulnerability, and no details of the vulnerability are available at this time...

Cobbler Command Injection Vulnerability (CNVD-2022-18324)

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...

Privilege Escalation

cobbler is vulnerable to privilege escalation. The vulnerability exists due to the lack of template sanitization in the checkforinvalidimports function of templar.py, allowing Cheetah code to import Python modules without permission...

GHSA-6CM4-GM85-972C Command Injection in Cobbler

An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

Improper Neutralization of Special Elements used in a Command ('Command Injection')

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the from MODULE import substring. Only lines beginning with import are blocked...

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

Design/Logic Flaw

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

PYSEC-2022-37

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...