CVE-2022-36594

Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function...

Sql injection

Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function...

CVE-2022-36594

Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function...

CVE-2022-36594

CVE-2022-36594 concerns Mapper, a Java persistence framework by Liuzh. Vulnerable ranges are Mapper 4.0.0 through 4.2.0, with a SQL injection via the ids parameter in the selectByIds function. The NVD entry cites a high/critical impact (CVSS v3.1: 9.8; NETWORK, LOW complexity, no user interaction...

USN-5594-1: Linux kernel vulnerabilities

Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 Moshe Kol, Amit Klein and Yossi Gilad discovered that the I...

Mapper SQL注入漏洞

Mapper is a Java persistence framework developed by Liuzh in China. Mapper is a Java persistence framework that maps objects to corresponding records in a database by associating them with stored procedures or SQL statements via XML descriptors or annotations. A SQL injection vulnerability exists...

PT-2022-23494 · Mapper · Mapper

Name of the Vulnerable Software and Affected Versions: Mapper versions 4.0.0 through 4.2.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the ids parameter at the selectByIds function. Recommendations: For Mapper versions 4.0.0 through...

CVE-2022-38772

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...

CVE-2022-36529

Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml...

CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

DEBIAN-CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

AZL-10559 CVE-2022-2503 affecting package kernel for versions less than 5.15.67.1-4

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

UBUNTU-CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503 Linux Kernel LoadPin bypass via dm-verity table reload

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

Cross-site Scripting (XSS)

keycloak-core is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the SAML protocol mapper when the UPLOADSCRIPTS feature is disabled...

GHSA-Q2GP-GPH3-88X9 Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references. Original Description An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even...

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...