A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
grub2-2.06-42.fc36
CVE fixes for 2022-06-06
Includes: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Moderate/high, some network access. Update!
Upstream disclosure with more information: https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
grub2-2.06-11.fc35
CVE fixes for 2022-06-06
Includes: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Moderate/high, some network access. Update!
Upstream disclosure with more information: https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
halibut-1.3-3.el7
This is an update fixing CVE-2021-42612, CVE-2021-42613, CVE-2021-42614.
It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a
user or automated system were tricked into using ntfsck on a specially
crafted disk image, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-46790)
Roman Fiedler discovered that NTFS-3G incorrectly handled certain return
codes. A local attacker could possibly use this issue to intercept
protocol traffic between FUSE and the kernel. (CVE-2022-30783)
It was discovered that NTFS-3G incorrectly handled certain NTFS disk
images. If a user or automated system were tricked into mounting a
specially crafted disk image, a remote attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789)
Roman Fiedler discovered that NTFS-3G incorrectly handled certain file
handles. A local attacker could possibly use this issue to read and write
arbitrary memory. (CVE-2022-30785, CVE-2022-30787)
halibut-1.3-3.el8
This is an update fixing CVE-2021-42612, CVE-2021-42613, CVE-2021-42614.
halibut-1.3-3.fc35
This is an update fixing CVE-2021-42612, CVE-2021-42613, CVE-2021-42614.
USN-5462-1 fixed several vulnerabilities in Ruby. This update provides
the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.
