Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.
Category Archives: Advisories
CVE-2020-25163
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions.
CVE-2020-25167
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
CVE-2020-28602
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].
CVE-2020-28603
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().
CVE-2020-28604
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().
CVE-2011-1762
A flaw exists in WordPress related to the ‘wp-admin/press-this.php ‘script improperly checking user permissions when publishing posts. This may allow a user with ‘Contributor-level’ privileges to post as if they had ‘publish_posts’ permission.
CVE-2011-4917
In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.
plantuml-1.2022.4-1.fc36
FEDORA-2022-930b54aa84
Packages in this update:
plantuml-1.2022.4-1.fc36
Update description:
notes=Security fix for [CVE-2022-1231]
zchunk-1.2.2-1.fc36
FEDORA-2022-a7ceb864fd
Packages in this update:
zchunk-1.2.2-1.fc36
Update description:
Fix various small issues highlighted by Coverity