Channel creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

Acronis: HTML Injection in E-mail Not Resolved ()

Summary On this report " https://hackerone.com/reports/1536899 " You closed the report and changed the status to Resolved. But it's Not Resolved The Bug It's Still there Steps To Reproduce 1.Please register at https://www.acronis.com/en-us/products/cyber-protect/trial/registration with the victim...

CVE-2022-31045

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress...

SUSE-SU-2022:1974-1 Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005946 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in sndpcmhwfree leading to use-after-free due to the AB/BA lock with buffermutex and mmaplock bsc1197597. - CVE-2022-30594: Fixed restriction...

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

Code injection

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

postgresql:12 security update

postgresql 12.11-2 - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package 12.11-1 - Resolves: CVE-2022-1552 - Update to 12.11 - Release notes: https://www.postgresql.org/docs/release/12.11/...

Security Bulletin: IBM MQ Appliance is affected by sensitive information disclosure vulnerability (CVE-2022-22325)

Summary IBM MQ Appliance has resolved a sensitive information disclosure vulnerability. Vulnerability Details CVEID: CVE-2022-22325 DESCRIPTION: IBM MQ can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. CVSS Base score: 5.1 CVSS Tempor...

openSUSE: Security Advisory for libsolv, (SUSE-SU-2022:1157-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23704

A potential security vulnerability has been identified in Integrated Lights-Out 4 iLO 4. The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 iLO 4 2.80 and later...

CVE-2022-24843 Path Traversal in github.com/flipped-aurora/gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for th...

CVE-2022-24844 SQL Injection in github.com/flipped-aurora/gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sysautocodepgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occu...

CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1

CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1. An upgraded version of the package is available that resolves this issue...

OPENSUSE-SU-2022:0110-1 Security update for opera

This update for opera fixes the following issues: Update to 85.0.4341.28 - CHR-8816 Update chromium on desktop-stable-99-4341 to 99.0.4844.84 - DNA-98092 Crash at views::MenuItemView::GetMenuController - DNA-98278 Translations for O85 - DNA-98320 Mac Unable to delete recent search entries -...

Xxe

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

CVE-2022-24714 Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

CVE-2022-24716 Path traversal in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

Stack overflow in TensorFlow

Impact The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel: library function signature name: "SomeOp" description:...