A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Category Archives: Advisories
CVE-2017-20048
A vulnerability, which was classified as critical, has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this issue is some unknown functionality of the component Script Editor. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
CVE-2017-20049
A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component.
CVE-2017-20050
A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component.
USN-5481-1: BlueZ vulnerabilities
It was discovered that BlueZ incorrectly validated certain capabilities
and lengths when handling the A2DP profile. A remote attacker could use
this issue to cause BlueZ to crash, resulting in a denial of service, or
possibly execute arbitrary code.
[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities
[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities
Arnie Cabral
Wed, 06/15/2022 – 12:36
1. CVE-2022-32973 – An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
2. CVE-2022-32974 – An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Additional details on the custom audit signing functionality can be found here: https://community.tenable.com/s/article/Audit-Signing-Overview
shim-15.6-1 shim-unsigned-aarch64-15.6-1 shim-unsigned-x64-15.6-1
FEDORA-2022-98830efc68
Packages in this update:
shim-15.6-1
shim-unsigned-aarch64-15.6-1
shim-unsigned-x64-15.6-1
Update description:
This fixes several issues, most notably BZ#1955416 and CVE-2022-28737. Please test.
USN-5479-1: PHP vulnerabilities
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
A Vulnerability in Citrix Application Delivery Management (Citrix ADM) Could Allow for an Unauthenticated Attacker to Reset the Administrator Password
Multiple vulnerabilities have been discovered in Citrix ADM. Citrix ADM is a web-based solution for managing all Citrix deployments. The most severe of these vulnerabilities Could Allow for an Unauthenticated Attacker to Reset the Administrator Password.
MS-ISAC CYBERSECURITY ADVISORY – Critical Patches Issued for Microsoft Products, June 14, 2022 – PATCH: NOW – TLP: WHITE
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.