SUSE-SU-2022:3335-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.43.2 - Release notes...

SUSE-SU-2022:3334-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.51.0 - Release notes...

CVE-2022-38453 Contec Health CMS8000

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...

Information disclosure

In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Out-of-bounds

In updateAudioTrackInfoFromESDSMPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

[SECURITY] Fedora 36 Update: golang-github-goccy-yaml-1.9.5-3.fc36

Go package similar to github.com/go-yaml/yaml with some additional features...

[SECURITY] Fedora 35 Update: golang-github-goccy-yaml-1.9.5-3.fc35

Go package similar to github.com/go-yaml/yaml with some additional features...

PT-2022-15402 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 Description: The issue allows an authenticated user to execute specially crafted SQL statements, potentially causing the server to terminate abnormally, resulting in...

Malicious code in additional-properties (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76a44ce34d1ad24320b0c2a981a6691a1d0c55ecd04f7d7fd24dd29ae86f8df4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-851 Malicious code in additional-properties (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76a44ce34d1ad24320b0c2a981a6691a1d0c55ecd04f7d7fd24dd29ae86f8df4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1071 Malicious code in apps-showcase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c82f48875c33cf0dc7ce3363a53872dd7ee778927e9083715b9d88b29be083b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CLSA-2022-1654526233 Fixed CVE-2021-21705 in php-4.module_el8.4.0+2054+2eb69d76.tuxcare.els4

CVE-2021-21705: Fix SSRF bypass in FILTERVALIDATEURL adding additional check ups...

Design/Logic Flaw

The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences...

Race condition

Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system...

be.personify.iam:personify-api (>=1.2.6.RELEASE <=1.3.1.RELEASE), be.personify.iam:personify-frontend (>=1.2.6.RELEASE <=1.3.0.RELEASE) +58 more potentially affected by CVE-2021-22047 via org.springframework.data:spring-data-rest-core (>=3.5.0 <=3.5.5)

org.springframework.data:spring-data-rest-core MAVEN version =3.5.0, =1.2.6.RELEASE, =1.2.6.RELEASE, =1.2.5.RELEASE, =5.12.1, =5.12.0, =5.12.0, =5.12.0, =5.12.0, =2.1.0, =2.1.0, =2.1.0, =2.1.2 and more Source cves: CVE-2021-22047 Source advisory: OSV:GHSA-4926-QPXG-6R3W...

Woocommerce Cross-site Scripting via Additional tax classes field when taxes are enabled

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled...

GHSA-MP46-7X6Q-F28M Woocommerce Cross-site Scripting via Additional tax classes field when taxes are enabled

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled...

Gravity Forms stored HTML injection vulnerability

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

renovatinghometoolsdeals.com Cross Site Scripting vulnerability OBB-2625732

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The vulnerability of the “additional signup fields” function in the Auth0 authentication tool allows a hacker to disclose protected information.

The vulnerability of the “additional signup fields” function in the Auth0 authentication tool is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...