Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Red Hat Security Advisory 2022-6834-01

Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#nodejs#js
Red Hat Security Advisory 2022-6835-01

Red Hat Security Advisory 2022-6835-01 - This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-6833-01

Red Hat Security Advisory 2022-6833-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Critical flaw in open source WebPageTest remains unpatched

Public disclosure, a talk, and a blog post later, the RCE exploit remains unresolved

CVE-2022-41355: Bug_report/SQLi-1.md at main · Cvedig/Bug_report

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department.

RHSA-2022:6850: Red Hat Security Advisory: openvswitch2.11 security update

An update for openvswitch2.11 is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

CVE-2022-42242: bug_report/SQLi-2.md at main · aabbcc8997/bug_report

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking.

CVE-2022-42241: bug_report/SQLi-3.md at main · aabbcc8997/bug_report

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message.

CVE-2022-39270: SECURITY: Render TOC items as plain text (#44) · discourse/DiscoTOC@f80c215

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level - configured in component's settings) are able to inject arbitrary HTML on that topic's page. The issue has been fixed on the `main` branch. Admins can update the theme component through the admin UI (Customize -> Themes -> Components -> DiscoTOC -> Check for Updates). Alternatively, admins can temporarily disable the DiscoTOC theme component.

CVE-2022-3002: Improved display of data in the business hours · YetiForceCompany/YetiForceCRM@54728be

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.