Oracle Linux 8 : kubernetes (ELSA-2022-10036)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10036 advisory. - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve...

Oracle Linux 7 : kubernetes (ELSA-2022-10035)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10035 advisory. - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve...

[SECURITY] [DLA 3207-1] jackson-databind security update

Debian LTS Advisory DLA-3207-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 27, 2022 https://wiki.debian.org/LTS Package : jackson-databind Version : 2.9.8-3+deb10u4 CVE ID : CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 Debian Bug : 1007109 Several fla...

SUSE-SU-2022:4221-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. bsc1203868 - CVE-2022-42252: Fixed a request smuggling bsc1204918...

PT-2022-6455 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...

CVE-2022-38097

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An...

Design/Logic Flaw

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An...

Exploit for Uncontrolled Recursion in Owasp Modsecurity

Detection-and-Mitigation-script-for-CVE-2021-42717 Detection a...

UBUNTU-CVE-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...

Rocky Linux 8 : postgresql:12 (RLSA-2022:7128)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7128 advisory. - A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait fo...

The vulnerability of the _convert_from_str() function in the numpy.core module of the NumPy library allows a hacker to initiate data copying.

The vulnerability of the convertfromstr function in the numpy.core module of the NumPy library for Python is related to incorrect string comparisons. Exploiting this vulnerability could allow a malicious actor to initiate data copying through specially created objects...

The vulnerability of the object-cleaning function in the XML analysis library libxml2 allows a attacker to cause a service failure.

The vulnerability of the object-cleaning function in the XML library for analyzing XML documents, libxml2, is related to double memory deallocation when processing dict objects, where the first byte of the structure equals zero. Exploiting this vulnerability can allow an attacker to cause service...

CVE-2022-41607 ETIC Telecom Remote Access Server Path Traversal

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

CVE-2022-41607 ETIC Telecom Remote Access Server Path Traversal

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

PT-2022-5430 · Unknown +3 · Kubernetes +2

Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: A bug in the Kubernetes API server allows bypassing validation of node proxying addresses. This could enable an attacker to send authenticated requests to the API server's private networ...

CVE-2022-41203

In some workflow of SAP BusinessObjects BI Platform Central Management Console and BI LaunchPad, an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted...

Microsoft Exchange Server Remote Code Execution (CVE-2022-23277)

A remote code execution vulnerability exists in Microsoft Exchange Server. The vulnerability is due to improper handling of EWS requests containing malicious UserConfiguration objects...

Prototype Pollution

unset-value is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the module.exports function in index.js and modify attributes such as proto, constructor, and prototype base objects...

CVE-2022-41607

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...