Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1708: Red Hat Security Advisory: Satellite 6.10.5 Async Bug Fix Update

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-27023: puppet: unsafe HTTP redirect
  • CVE-2021-27025: puppet: silent configuration failure in agent
Red Hat Security Data
#sql#web#linux#red_hat#nodejs#js#java#kubernetes#vmware#aws#ruby#postgres

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-05-04

Updated:

2022-05-04

RHSA-2022:1708 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Satellite 6.10.5 Async Bug Fix Update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite.

Description

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security Fix(es):

2023859 puppet: unsafe HTTP redirect (CVE-2021-27023)
2023853 puppet: silent configuration failure in agent (CVE-2021-27025)

This update fixes the following bugs:

2070996 Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos
2070991 Warning: postgresql.service changed on disk, when calling foreman-maintain service restart
2071004 Config report upload failed with No smart proxy server found on [capsule.example.com] and is not in trusted_hosts
2070984 Uploading external DISA SCAP content to satellite 6.10 fails with exception Invalid SCAP file type
2075031 Content Import does not delete version on failure
2070985 Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error undefined method operatingsystems for nil:NilClass during the db:migrate step
2070994 Index content is creating duplicated errata in katello_erratum table after upgrading to Satellite 6.10
2070999 Fail to import contents when the connected and disconnected Satellite have different product labels for the same product
2071002 Error when importing content and same package belongs to multiple repositories
2071006 Content not accessible after importing
2076979 Wrong satellite version on login screen
2077046 Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table katello_errata violates foreign key constraint katello_content_facet_errata_errata_id

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Affected Products

  • Red Hat Satellite 6.10 x86_64
  • Red Hat Satellite Capsule 6.10 x86_64

Fixes

  • BZ - 2023853 - CVE-2021-27025 puppet: silent configuration failure in agent
  • BZ - 2023859 - CVE-2021-27023 puppet: unsafe HTTP redirect
  • BZ - 2070984 - Uploading external DISA SCAP content to satellite 6.10 fails with exception “Invalid SCAP file type”
  • BZ - 2070985 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error “undefined method operatingsystems’ for nil:NilClass” during the db:migrate step
  • BZ - 2070991 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart
  • BZ - 2070994 - Index content is creating duplicated errata in “katello_erratum” table after upgrading to Satellite 6.10
  • BZ - 2070996 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos
  • BZ - 2070999 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product
  • BZ - 2071002 - Error when importing content and same package belongs to multiple repositories
  • BZ - 2071004 - Config report upload failed with “No smart proxy server found on [“capsule.example.com”] and is not in trusted_hosts”
  • BZ - 2071006 - Content not accessible after importing
  • BZ - 2075031 - Content Import does not delete version on failure
  • BZ - 2076979 - Wrong satellite version on login screen
  • BZ - 2077046 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table “katello_errata” violates foreign key constraint “katello_content_facet_errata_errata_id”

Red Hat Satellite 6.10

SRPM

foreman-2.5.2.21-1.el7sat.src.rpm

SHA-256: 94bbde824a8855f9273d379b458d106f9a2620910f643b4bf58f5425f3da18c4

foreman-installer-2.5.2.14-1.el7sat.src.rpm

SHA-256: 241bb066308417504ddcbe1f5dc2c80e159e7adba51914577ee41f7968e3844b

puppet-agent-6.26.0-1.el7sat.src.rpm

SHA-256: 4b54010a91ee8ffafe075b64c4003ad988d42c9316766dddd1fa73fcb4e25bfd

puppetserver-6.18.0-1.el7sat.src.rpm

SHA-256: dcb912fb60c55732164584ac91ab58a4c55f09f197d4dba7e7cbf386aa6477f5

satellite-6.10.5-1.el7sat.src.rpm

SHA-256: eb2184e8560a7764d94c9e8f0ab73ff274eda850ad681cb8cbf5ffa5106d438b

tfm-rubygem-katello-4.1.1.55-1.el7sat.src.rpm

SHA-256: 6af276213dceb299a4480cad86d959573be0bd6cba7cae777dd70eb8a7ebe502

tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm

SHA-256: dab252cfca589d1d043b2dafa501aa4dfd7a43549ced1d9a27f812a379420364

x86_64

foreman-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 33dc9e069a4b8115ccd69f58318e950339aed463c93a5d3951c0647188a53f80

foreman-cli-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: f59de9f57d06fae2de770a88da1b3265345383c68251b57573c7edf900ba501e

foreman-debug-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: d0587e4af58ad327338862d34cd8a150c085801bed88a593a0a5248def480914

foreman-dynflow-sidekiq-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: bdff5898e6af0e46c00f62de6f3043b2cde0d771f276ff24827271420d09ec33

foreman-ec2-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 9ba70bf37f0a66a3c7d35a2590a8b5a209a7248f9b46fa0b76b698c4eb1497b8

foreman-gce-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 496255bd7a87a1c3996e17199e89a00a899688a766b03861cd670a9506b47c87

foreman-installer-2.5.2.14-1.el7sat.noarch.rpm

SHA-256: eeeda268f26b26b01d661077640c661c3fd9e2723b0fbcf116f3e4ba6a11121a

foreman-installer-katello-2.5.2.14-1.el7sat.noarch.rpm

SHA-256: de5528b21941eaef123f8e611395d4319d060d69131413dee287c9afddf28ac9

foreman-journald-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 6d558f6ea02fb6d62ed4c2a0a211de14f133a344a3003cafd3cf02eed675e44e

foreman-libvirt-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 25579fd4c50c6758471917d6b6823ab6d7528fc6a2aafa38febe49991efa570d

foreman-openstack-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 3cad0d6ba92e47561422eb1874bdd991011671087244a02af50fb30d1c6b6358

foreman-ovirt-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 6143996888c8dccb74efbeed6de9c15aee5eb6e97b2a7969e56b051c1894d9cd

foreman-postgresql-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: bf9200100e4f5a6757bb4311a4f32caf29bb178d4f460ff8ca25a537cfd52f35

foreman-service-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: de90508801bdcf8b395e34da42f5544616c1fedacafb28fbb1583ea5f970ca81

foreman-telemetry-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 4ea5d1f9de8606d7fb8bdd66684a8811322e101f4e85d34fff326dddb724d590

foreman-vmware-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 40ea8f4ce72551b3f6d1536e02c4bac30b809fe0165b081a88e78521458b196e

puppet-agent-6.26.0-1.el7sat.x86_64.rpm

SHA-256: 6cb336f7438068db6128648f43bf826a8a3b096954f92537d4eaefe286304e06

puppetserver-6.18.0-1.el7sat.noarch.rpm

SHA-256: 301cc35fd03649ac293d782020a71b3e5d158ddbedea043d3cc90754670587f3

satellite-6.10.5-1.el7sat.noarch.rpm

SHA-256: e3ee11a8212e0b0b4779f3499e44a30569d8e100223f25145d6de91f3d169b7a

satellite-cli-6.10.5-1.el7sat.noarch.rpm

SHA-256: d0c83acacff1dbd98c61011da2bd165aad2f74d05f7b819c3f1cc9de34d544f5

satellite-common-6.10.5-1.el7sat.noarch.rpm

SHA-256: e389405300e1d6feb82ce4c32d41dfeb0fa88715fff1362ca2aa15dd97db6746

tfm-rubygem-katello-4.1.1.55-1.el7sat.noarch.rpm

SHA-256: 192ca6c89c938e2948a4f71d875439495338236dbd95df4dc4ef3dcd2d4fc728

tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm

SHA-256: b3d1f792727a1481dfb6c49ae3249cf7aa640632fb26bb825dd384a188dcf125

Red Hat Satellite Capsule 6.10

SRPM

foreman-2.5.2.21-1.el7sat.src.rpm

SHA-256: 94bbde824a8855f9273d379b458d106f9a2620910f643b4bf58f5425f3da18c4

foreman-installer-2.5.2.14-1.el7sat.src.rpm

SHA-256: 241bb066308417504ddcbe1f5dc2c80e159e7adba51914577ee41f7968e3844b

puppet-agent-6.26.0-1.el7sat.src.rpm

SHA-256: 4b54010a91ee8ffafe075b64c4003ad988d42c9316766dddd1fa73fcb4e25bfd

puppetserver-6.18.0-1.el7sat.src.rpm

SHA-256: dcb912fb60c55732164584ac91ab58a4c55f09f197d4dba7e7cbf386aa6477f5

satellite-6.10.5-1.el7sat.src.rpm

SHA-256: eb2184e8560a7764d94c9e8f0ab73ff274eda850ad681cb8cbf5ffa5106d438b

tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm

SHA-256: dab252cfca589d1d043b2dafa501aa4dfd7a43549ced1d9a27f812a379420364

x86_64

foreman-debug-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: d0587e4af58ad327338862d34cd8a150c085801bed88a593a0a5248def480914

foreman-installer-2.5.2.14-1.el7sat.noarch.rpm

SHA-256: eeeda268f26b26b01d661077640c661c3fd9e2723b0fbcf116f3e4ba6a11121a

foreman-installer-katello-2.5.2.14-1.el7sat.noarch.rpm

SHA-256: de5528b21941eaef123f8e611395d4319d060d69131413dee287c9afddf28ac9

puppet-agent-6.26.0-1.el7sat.x86_64.rpm

SHA-256: 6cb336f7438068db6128648f43bf826a8a3b096954f92537d4eaefe286304e06

puppetserver-6.18.0-1.el7sat.noarch.rpm

SHA-256: 301cc35fd03649ac293d782020a71b3e5d158ddbedea043d3cc90754670587f3

satellite-capsule-6.10.5-1.el7sat.noarch.rpm

SHA-256: 53314b75b2429a04e1ac3f8e74bc900f821cb0e2e249779cd88421841968d86d

satellite-common-6.10.5-1.el7sat.noarch.rpm

SHA-256: e389405300e1d6feb82ce4c32d41dfeb0fa88715fff1362ca2aa15dd97db6746

tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm

SHA-256: b3d1f792727a1481dfb6c49ae3249cf7aa640632fb26bb825dd384a188dcf125

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-22434: IBM Robotic Process Automation parameter pollution CVE-2022-22434 Vulnerability Report

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159.

CVE-2022-22433: IBM Robotic Process Automation security bypass CVE-2022-22433 Vulnerability Report

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156.

CVE-2022-22415: Security Bulletin: IBM Robotic Process Automation may allow regular users to view some admin pages.

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029.

CVE-2021-39020: IBM Guardium Data Encryption information disclosure CVE-2021-39020 Vulnerability Report

IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.

RHSA-2022:1725: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1520: Mozilla: Incorrect security status shown after viewing an attached email * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29913: Mozilla: Speech Synthesis feature not properly disabled ...

CVE-2022-1464: attachment: set CSP header in the serving endpoint (#6926) · gogs/gogs@bc77440

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

RHSA-2022:1730: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1520: Mozilla: Incorrect security status shown after viewing an attached email * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29913: Mozilla: Speech Synthesis feature not properly disabled ...

RHSA-2022:1726: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1520: Mozilla: Incorrect security status shown after viewing an attached email * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29913: Mozilla: Speech Synthesis feat...

RHSA-2022:1727: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1520: Mozilla: Incorrect security status shown after viewing an attached email * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29913: Mozilla: Speech Synt...

RHSA-2022:1734: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-41771: golang: debug/macho: invalid dynamic symbol table command can cause panic * CVE-2021-41772: golang: archive/zip: Reader.Open panics on empty string * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close ...

RHSA-2022:1724: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1520: Mozilla: Incorrect security status shown after viewing an attached email * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29913: Mozilla: Speech Synthesis feat...

CVE-2021-42242: Administrator Interface Command Execution Vulnerability · Issue #28 · jflyfox/jfinal_cms

A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.

CVE-2022-1575: 18.0.0 release · jgraph/drawio@f768ed7

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus

Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded,"

RHSA-2022:1716: Red Hat Security Advisory: Red Hat Ceph Storage 4.3 Security and Bug Fix update

New packages for Red Hat Ceph Storage 4.3 are now available on Red Hat Enterprise Linux 8.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-25658: python-rsa: bleichenbacher timing oracle attack against RSA decryption * CVE-2021-3524: ceph object gateway: radosgw: CRLF injection * CVE-2021-3979: ceph: Ceph volume does not honour osd_dmcrypt_key_size

RHSA-2022:1715: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.10 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.10 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-20...

Security recommendations for SAP HANA on RHEL

After extensive testing on RHEL 8.2, 8.4, 8.6 and 9 using the SAP HANA validation test suite, Red Hat’s engineering team concluded that SELinux can run in Enforcing mode with minimal impact to database performance. This is important because it means that RHEL customers will be able to apply higher security levels to their hosts running SAP HANA and tailor the policies to their needs.

Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts. Tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, the vulnerabilities "could allow an attacker to escape from the guest virtual machine (VM) to the host machine,

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388, which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of

Red Hat Security Advisory 2022-1703-01

Red Hat Security Advisory 2022-1703-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-1701-01

Red Hat Security Advisory 2022-1701-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-1708-01

Red Hat Security Advisory 2022-1708-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Red Hat Security Advisory 2022-1705-01

Red Hat Security Advisory 2022-1705-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-1709-01

Red Hat Security Advisory 2022-1709-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 serves as a replacement for Red Hat Single Sign-On 7.5.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-1622-01

Red Hat Security Advisory 2022-1622-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.57.

Red Hat Security Advisory 2022-1702-01

Red Hat Security Advisory 2022-1702-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-1704-01

Red Hat Security Advisory 2022-1704-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-1712-01

Red Hat Security Advisory 2022-1712-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 on RHEL 8 serves as a security patch for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-1711-01

Red Hat Security Advisory 2022-1711-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 on RHEL 7 serves as a security patch for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a privilege escalation vulnerability.

RHSA-2022:1620: Red Hat Security Advisory: OpenShift Container Platform 4.6.57 packages and security update

Red Hat OpenShift Container Platform release 4.6.57 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0711: haproxy: Denial of service via set-cookie2 header * CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents * CVE-2022-25174: workflow-cps-global-lib: OS comman...

CVE-2022-20771: Cisco Security Advisory: ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20796: Cisco Security Advisory: ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.

CVE-2022-23724: Ping Identity Documentation Portal

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.

CVE-2022-20801: Cisco Security Advisory: Cisco Small Business RV Series Routers Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.

CVE-2022-20770: Cisco Security Advisory: ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20785: Cisco Security Advisory: ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20734: Cisco Security Advisory: Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

CVE-2022-20794: Cisco Security Advisory: Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20771: Cisco Security Advisory: ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20796: Cisco Security Advisory: ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.

CVE-2022-20785: Cisco Security Advisory: ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20753: Cisco Security Advisory: Cisco Small Business RV Series Routers Remote Code Execution Vulnerability

A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

CVE-2022-20770: Cisco Security Advisory: ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20780: Cisco Security Advisory: Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-28940: 0day/新华三magicR100存在DOS攻击漏洞分析.md at main · zhefox/0day

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.

CVE-2022-27461: Free and open-source eCommerce platform. ASP.NET based shopping cart.

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.

RHSA-2022:1713: Red Hat Security Advisory: security update for rh-sso-7/sso75-openshift-rhel8 container image

Security updated rh-sso-7/sso75-openshift-rhel8 container image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1245: keycloak: Privilege escalation vulnerability on Token Exchange

CVE-2022-28081: arPHP 3.6.0 - Reflected XSS

A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts.

CVE-2022-28076: seacms v11.6 Vulnerability Execution Command · Issue #1 · likCodinG/seacms_vul

Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.

RHSA-2022:1712: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update on RHEL 8

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1245: keycloak: Privilege escalation vulnerability on Token Exchange

RHSA-2022:1711: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update on RHEL 7

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1245: keycloak: Privilege escalation vulnerability on Token Exchange

SAC Health System Impacted By Security Incident

Six boxes of paper documents were removed from the facility without authorization in early March.

RHSA-2022:1709: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update

A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1245: keycloak: Privilege escalation vulnerability on Token Exchange

RHSA-2022:1703: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29914: Mozilla: Fullscreen notification bypass using popups * CVE-2022-29916: Mozilla: Leaking browser history with CSS variables * CVE-2022-29917: Mozilla: ...

RHSA-2022:1702: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29914: Mozilla: Fullscreen notification bypass using popups * CVE-2022-29916: Mozilla: Leaking browser history with CSS variables *...

RHSA-2022:1705: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29914: Mozilla: Fullscreen notification bypass using popups * CVE-2022-29916: Mozilla: Leaking browser history with CSS variables * CVE-2022-29917: Mozilla: ...

RHSA-2022:1704: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29914: Mozilla: Fullscreen notification bypass using popups * CVE-2022-29916: Mozilla: Leaking browser history with CSS variables *...

RHSA-2022:1701: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29914: Mozilla: Fullscreen notification bypass using popups * CVE-2022-29916: Mozilla: Leaking browser history with CSS v...

CVE-2021-42192: Security Advisory for Konga v.14.9

Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.

CVE-2022-1571: Cross-site scripting - Reflected in Create Subaccount in facturascripts

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...

RHSA-2022:1622: Red Hat Security Advisory: OpenShift Container Platform 4.6.57 security and extras update

Red Hat OpenShift Container Platform release 4.6.57 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty

CVE-2022-28055: Remove email_logs download. (#6331) · fusionpbx/fusionpbx@4e260b1

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.

CVE-2022-27431: Wuzhicms v4.1.0 /coreframe/app/member/admin/group.php hava a SQL Injection Vulnerability · Issue #200 · wuzhicms/wuzhicms

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.

CVE-2021-43164: Multiple Vulnerabilities in Ruijie RG-EW Series Routers

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless.