Category Archives: Advisories

CVE-2021-20302

Read Time:13 Second

A flaw was found in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.

Read More

CVE-2021-20303

Read Time:18 Second

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

Read More

CVE-2021-23214

Read Time:13 Second

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Read More

CVE-2020-18326

Read Time:12 Second

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.

Read More

CVE-2020-18327

Read Time:9 Second

Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2

Read More

tomcat-9.0.59-1.fc37

Read Time:17 Second

FEDORA-2022-30ce1cbe6e

Packages in this update:

tomcat-9.0.59-1.fc37

Update description:

Automatic update for tomcat-9.0.59-1.fc37.

Changelog

* Wed Mar 2 2022 Sonia Xu <sonix@amazon.com> – 1:9.0.59-1
– Update to 9.0.59
– Resolves: rhbz#2047419 – CVE-2022-23181 tomcat: local privilege escalation vulnerability

Read More

CVE-2021-22688

Read Time:9 Second

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.

Read More