Redis 安全漏洞

Redis Labs Redis is Redis Labs, Inc. is a set of open source written in ANSI C, network-enabled, memory-based can also be persistent log-type, key-value Key-Value storage database, and provides a variety of languages API. A security vulnerability exists in Redis. An attacker could exploit this...

PT-2022-26038 · Unknown · Markdownify

Name of the Vulnerable Software and Affected Versions: Markdownify version 1.4.1 Description: The issue allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the...

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update,...

CVE-2022-37968

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, becaus...

Microsoft Azure Kubernetes 安全漏洞

Microsoft Azure Kubernetes is a fully managed Kubernetes service from Microsoft Corporation USA. Offers serverless Kubernetes, a consolidated Continuous Integration and Continuous Delivery CI/CD experience, along with enterprise-grade security and governance. Unify development and operations team...

KLA20004 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Arc-enabled Kubernetes cluster Connect can be...

CVE-2022-37968

CVE-2022-37968 affects Azure Arc‑enabled Kubernetes cluster Connect. An unauthenticated attacker could elevate privileges, potentially obtaining administrative control of the Kubernetes cluster; Azure Stack Edge devices are also affected via Arc. The CVSSv3.1 score is 10.0 (Network, Low/Zero inte...

Canon Medical Vitrea View Cross-Site Scripting Vulnerability

Canon Medical Vitrea View is a DICOM network-enabled enterprise viewing solution from Canon, Japan. A cross-site scripting vulnerability exists in Canon Medical Vitrea View, which is used to visually display DICOM and multimedia images. An attacker could use this vulnerability to execute arbitrar...

CVE-2022-27810

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

CVE-2022-2986

Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk...

bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly

A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named...

CVE-2022-36551

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

Oracle Linux 7 : kubernetes (ELSA-2022-9855)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9855 advisory. - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Resolve Kubernetes CVE-2022-3172 for version 1.22 - Resolve Kubernetes CVE-2022-3172 for version 1.23 -...

[SECURITY] Fedora 35 Update: knot-resolver-5.5.3-1.fc35

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

Logic Flaw Vulnerability in TY-6201A of Sichuan Tianyi Kanghe Communication Co.

The TY-6201A is a cost-effective full-band Wi-Fi6-enabled wireless router. A logic flaw vulnerability exists in the TY-6201A of Sichuan Tianyi Kanghe Communication Company Limited, which can be exploited by an attacker to change a password without permission via a POST request for a specific path...

S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2022-057

This module enables you to utilize S3-compatible storage as a Drupal filesystem. The module doesn't sufficiently prevent file access across multiple filesystem schemes stored in the same bucket. This vulnerability is mitigated by the fact that an attacker must obtain a method to access arbitrary...

[SECURITY] Fedora 37 Update: knot-resolver-5.5.3-1.fc37

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

Fedora: Security Advisory for knot-resolver (FEDORA-2022-68ad89b21c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2022-17682 · Apache · Apache Pinot

Name of the Vulnerable Software and Affected Versions: Apache Pinot versions 0.10.0 and earlier Description: The issue is related to the groovy function support in the Pinot query endpoint and realtime ingestion layer, which poses a risk in unprotected environments. The estimated number of...

nss bug fix and enhancement update

An update is available for nss. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...