In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module.
In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS.
USN-5625-1 fixed a vulnerability in Mako. This update provides the corresponding update for
Ubuntu 22.10.
Original advisory details:
It was discovered that Mako incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
FEDORA-2022-dec4cdacd7
Packages in this update:
grub2-2.06-63.fc37
Update description:
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
FEDORA-2022-31e61d51c5
Packages in this update:
grub2-2.06-55.fc36
Update description:
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
FEDORA-2022-c29b9ad5e5
Packages in this update:
grub2-2.06-12.fc35
Update description:
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15
SEC Consult Vulnerability Lab Security Advisory < 20221114-0 >
=======================================================================
title: Path Traversal Vulnerability
product: Payara Platform
vulnerable version: Enterprise: <5.45.0
Community: <6.2022.1, <5.2022.4, <4.1.2.191.38
fixed version: Enterprise: 5.45.0
Community: 6.2022.1, 5.2022.4,…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15
SEC Consult Vulnerability Lab Security Advisory < 20221110-0 >
=======================================================================
title: HTML Injection
product: BMC Remedy ITSM-Suite
vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)
fixed version: 22.1
CVE number: CVE-2022-26088
impact: Low
homepage: https://www.bmc.com/it-solutions/remedy-itsm.html …
Posts navigation
News, Advisories and much more