Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2626: Fix security issues in v-add-web-domain-redirect + Sync up main with … · hestiacp/hestiacp@b178b97

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.

CVE
Open in Source
#sql#web#git#php

@@ -31,8 +31,9 @@ source_conf “$HESTIA/conf/hestia.conf”

is_user_free() {

these names may cause issues with MariaDB/MySQL database names and should be reserved:

sudo has been added due to Privilege escalation as sudo group has always sudo permission

check_sysuser=$(php -r '$reserved_names=array("aria", "aria_log", "mysql", "mysql_upgrade", "ib", "ib_buffer",

"ddl", "ddl_recovery", “performance”); if(in_array(strtolower($argv[1]), $reserved_names, true)){echo implode(", ", $reserved_names);}’ “$user” );

"ddl", "ddl_recovery", "performance", “sudo”); if(in_array(strtolower($argv[1]), $reserved_names, true)){echo implode(", ", $reserved_names);}’ “$user” );

if [ -n “$check_sysuser” ]; then

check_result “$E_INVALID” “The user name ‘$user’ is reserved and cannot be used. List of reserved names: $check_sysuser”

return

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE