A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input ‘or”=’ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input ‘or”=’ leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CISA has added the bug to its Known Exploited Vulnerabilities (KEV) list
golang-1.18.4-1.fc37
Automatic update for golang-1.18.4-1.fc37.
* Wed Jul 13 2022 Alejandro Sáez <asm@redhat.com> – 1.18.4-1
– Update to 1.18.4
* Sun Jun 19 2022 Robert-André Mauchin <zebob.m@gmail.com> – 1.18.3-2
– Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
93% of companies admit failure when implementing IIoT/OT security projects
The Top 10 malware lineup for June 2022 remained consistent with May besides the return of GravityRAT, Mirai, and QakBot.
Ransomware activity rose by 21% compared to Q1 2022, according to a new report
osbuild-composer-57-1.fc35
Update osbuild-composer to the latest version
golang-1.18.4-1.fc36
go1.18.4 includes security fixes to the compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the runtime/metrics package.
xorg-x11-server-Xwayland-21.1.4-2.fc35
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
