Posted by Julien Ahrens (RCE Security) on Mar 20
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: SAP Knowledge Warehouse
Vendor URL:
https://help.sap.com/viewer/816f1f952d244bbf9dd5063e2a0e66b0/7.5.21/en-US/4dc9605e4a9d6522e10000000a15822b.html
Type: Cross-Site Scripting [CWE-79]
Date found: 2021-09-21
Date published: 2022-03-17
CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE:…
Posted by Emanuel DUSS on Mar 20
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: 3CX Phone System
# Vendor: 3CX
# CSNC ID: CSNC-2021-022
# CVE ID: CVE-2021-45491
# Subject: Exportable Cleartext Passwords
# CWE-ID: CWE-257 (Storing Passwords in a Recoverable Format)
# Severity: Medium
# Effect:…
Posted by Emanuel DUSS on Mar 20
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: 3CX Client for Windows (legacy), Android & iOS
# Vendor: 3CX
# CSNC ID: CSNC-2021-021
# CVE ID: CVE-2021-45490
# Subject: Missing Certificate Verification
# CWE-ID: CWE-295 (Improper Certificate Validation)
#…
Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code or information disclosure.
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.
FEDORA-2022-d28042f559
Packages in this update:
dotnet3.1-3.1.417-1.fc34
Update description:
This is the March 2022 update for .NET Core 3.1: SDK 3.1.417 and Runtime 3.1.23
Release notes: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.23/3.1.23.md
This includes fixes for CVE-2022-24464, CVE-2022-24512 and CVE-2020-8927
FEDORA-2022-5ecee47acb
Packages in this update:
dotnet3.1-3.1.417-1.fc35
Update description:
This is the March 2022 update for .NET Core 3.1: SDK 3.1.417 and Runtime 3.1.23
Release notes: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.23/3.1.23.md
This includes fixes for CVE-2022-24464, CVE-2022-24512 and CVE-2020-8927
FEDORA-2022-9e046f579a
Packages in this update:
dotnet3.1-3.1.417-1.fc36
Update description:
This is the March 2022 update for .NET Core 3.1: SDK 3.1.417 and Runtime 3.1.23
Release notes: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.23/3.1.23.md
This includes fixes for CVE-2022-24464, CVE-2022-24512 and CVE-2020-8927
Posts navigation
News, Advisories and much more