CVE-2022-24108: OpenCart’s plugin “So Listing Tabs” <= 2.2.0 Deserialization of Untrusted Data
Posted by Denis Mironov on May 16 [-] Affected Versions: Version 2.2.0 is affected, and prior versions are likely affected too. [-] Vulnerabilities Description: Vulnerable...
DSA-5137 needrestart – security update
Jakub Wilk discovered a local privilege escalation in needrestart, a utility to check which daemons need to be restarted after library upgrades. Regular expressions to...
DSA-5139 openssl – security update
Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands....
DSA-5138 waitress – security update
It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy. Read More
USN-5311-2: containerd regression
USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for this CVE by mistake. This update corrects the problem. We apologize for...
CVE-2021-27442
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code. Read...
CVE-2021-27444
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information...
CVE-2021-23265
A logged-in and authenticated user with a Reviewer Role may lock a content item. Read More
CVE-2021-23266
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages...
CVE-2021-23267
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. Read...