Security
Headlines
HeadlinesLatestCVEs

Tag

#java

Red Hat Security Advisory 2022-8506-01

Red Hat Security Advisory 2022-8506-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

Packet Storm
#sql#xss#vulnerability#web#ios#mac#google#linux#debian#red_hat#dos#apache#redis#js#git#java#perl#ldap#vmware#oauth#auth#ssh#ruby#rpm#mongo#postgres#docker#sap#ssl
CVE-2022-45461: Hotfix for Security Advisory Impacting NetBackup Java Admin Console

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.

Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit

Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022

CVE-2022-39834: Keyfactor Support

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.

CVE-2022-42960: New Vulnerability in Popular Widget Shows Risks of Third-Party Code | Imperva

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.

CVE-2022-44003

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.

CVE-2022-44000

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.