varnish-6.0-3520221118143100.f27b74a8
New upstream release varnish-6.0.11: A security release. Includes fix for CVE-2022-45060 aka VSV00011. See https://varnish-cache.org/security/VSV00011.html for details.
varnish-6.0-3620221118143100.5e5ad4a0
New upstream release varnish-6.0.11: A security release. Includes fix for CVE-2022-45060 aka VSV00011. See https://varnish-cache.org/security/VSV00011.html for details.
Greg Hudson discovered integer overflow flaws in the PAC parsing in
krb5, the MIT implementation of Kerberos, which may result in remote
code execution (in a KDC, kadmin, or GSS or Kerberos application server
process), information exposure (to a cross-realm KDC acting
maliciously), or denial of service (KDC or kadmind process crash).
It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.
cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients.
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.
kubernetes-1.25.4-3.fc37
Resolves, in part, #2142161. Security patches that resolve CVE-2022-3162 and CVE-2022-3294.
