Read Time:9 Second
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module.
Category Archives: Advisories
CVE-2020-12507
Read Time:10 Second
In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS.
USN-5625-2: Mako vulnerability
Read Time:13 Second
USN-5625-1 fixed a vulnerability in Mako. This update provides the corresponding update for
Ubuntu 22.10.
Original advisory details:
It was discovered that Mako incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
grub2-2.06-63.fc37
Read Time:11 Second
FEDORA-2022-dec4cdacd7
Packages in this update:
grub2-2.06-63.fc37
Update description:
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
grub2-2.06-55.fc36
Read Time:11 Second
FEDORA-2022-31e61d51c5
Packages in this update:
grub2-2.06-55.fc36
Update description:
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
grub2-2.06-12.fc35
Read Time:11 Second
FEDORA-2022-c29b9ad5e5
Packages in this update:
grub2-2.06-12.fc35
Update description:
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform
Read Time:19 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15
SEC Consult Vulnerability Lab Security Advisory < 20221114-0 >
=======================================================================
title: Path Traversal Vulnerability
product: Payara Platform
vulnerable version: Enterprise: <5.45.0
Community: <6.2022.1, <5.2022.4, <4.1.2.191.38
fixed version: Enterprise: 5.45.0
Community: 6.2022.1, 5.2022.4,…
SEC Consult SA-20221110-0 :: HTML Injection in BMC Remedy ITSM-Suite
Read Time:19 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15
SEC Consult Vulnerability Lab Security Advisory < 20221110-0 >
=======================================================================
title: HTML Injection
product: BMC Remedy ITSM-Suite
vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)
fixed version: 22.1
CVE number: CVE-2022-26088
impact: Low
homepage: https://www.bmc.com/it-solutions/remedy-itsm.html…
SEC Consult SA-20221109-0 :: Multiple Critical Vulnerabilities in Simmeth System GmbH Supplier manager (Lieferantenmanager)
Read Time:17 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15
SEC Consult Vulnerability Lab Security Advisory < 20221109-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Simmeth System GmbH Supplier manager (Lieferantenmanager)
vulnerable version: < 5.6
fixed version: 5.6
CVE number: CVE-2022-44012, CVE-2022-44013, CVE-2022-44014,
CVE-2022-44015,…
APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1
Read Time:25 Second
Posted by Apple Product Security via Fulldisclosure on Nov 15
APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1
macOS Ventura 13.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213504.
libxml2
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2022-40303: Maddie Stone of Google…