Security
Headlines
HeadlinesLatestCVEs

Tag

#js

CVE-2022-3190: 2022/CVE-2022-3190.json · master · GitLab.org / cves · GitLab

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file

CVE
#dos#js#git#auth
CVE-2022-38538: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.

CVE-2022-38539: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.

CVE-2022-38537: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.

CVE-2022-38541: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.

CVE-2022-38540: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.

CVE-2022-38542: Archery/urls.py at v1.8.5 · hhyo/Archery

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.

RHSA-2022:6322: Red Hat Security Advisory: OpenShift Container Platform 4.7.59 bug fix and security update

Red Hat OpenShift Container Platform release 4.7.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass

CVE-2022-38616: SQL Injection in Terminal Tariff Group feature of SmartVista SVFE2 version 2.2.22 (CVE-2022-38616)

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.

CVE-2022-37011

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.3.1). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.