The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
Category Archives: Advisories
CVE-2021-27444
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
CVE-2021-23265
A logged-in and authenticated user with a Reviewer Role may lock a content item.
CVE-2021-23266
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
CVE-2021-23267
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
USN-5422-1: libxml2 vulnerabilities
Shinji Sato discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308)
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-29824)
CVE-2021-25119
The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
USN-5421-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-35522)
Chintan Shah discovered that LibTIFF incorrectly handled memory when
handling certain images. An attacker could possibly use this issue to
cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2022-0865)
plantuml-1.2022.5-1.el9
FEDORA-EPEL-2022-a0a3d90422
Packages in this update:
plantuml-1.2022.5-1.el9
Update description:
Security fix for CVE-2022-1379
Updated version to 1.2022.4
plantuml-1.2022.5-1.fc36
FEDORA-2022-e6c09a89eb
Packages in this update:
plantuml-1.2022.5-1.fc36
Update description:
Security fix for CVE-2022-1379