In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

CVE-2022-2032 Stored Cross Site-Scripting in File Manager 14 Jun 2022 762 CVE-2022-2059 Stored Cross Site-Scripting in Agent Manager 14 Jun 2022 762 CVE-2022-1648 Relative Path Traversal to Remote Code Execution in File Manager 13 May 2022 761 CVE-2022-26310 Improper Authorization in User Management to Vertical Privilege Escalation 13 May 2022 761 CVE-2022-26309 Cross-Site Request en Bulk operation (User operation) 13 May 2022 761 CVE-2022-26308 Improper Access Control in Configuration (Credential store) 13 May 2022 761 CVE-2022-0507 Vulnerability: Authenticated SQL Injection in API 10 Feb 2022 760 CVE-2021-46681 Vulnerability XSS in module mass operation name field 15 Sept 2021 757 CVE-2021-46680 Vulnerability XSS in module form name field 15 Sept 2021 757 CVE-2021-46679 Vulnerability XSS in service elements 15 Sept 2021 757 CVE-2021-46678 Vulnerability XSS in service from name field 15 Sept 2021 757 CVE-2021-46677 Vulnerability XSS in Event filter name field 15 Sept 2021 757 CVE-2021-46676 Vulnerability XSS in Transaction Map name field 15 Sept 2021 757 CVE-2021-34075 In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. 30 Jun 2021 756 CVE-2021-35501 Vulnerability XSS in in the name field of a visual console 25 Jun 2021 755 CVE-2021-32100 A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user. 29 Jan 2020 743 CVE-2021-32099 A SQL injection vulnerability in the pandora\_console component of Artica Pandora FMS 742 allows an nauthenticated attacker to upgrade his unprivileged session via the /include/chart\_generator.php session\_id parameter, leading to a login bypass. 29 Jan 2020 743 CVE-2021-32098 functions\_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf\_live\_view ip\_dst, dst\_port, or src\_port parameter, a different vulnerability than CVE-2019-20224. 29 Jan 2020 743 CVE-2020-8947 functions\_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf\_live\_view ip\_dst, dst\_port, or src\_port parameter, a different vulnerability than CVE-2019-20224. 18 Dec 2019 742 CVE-2020-8511 In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. 8 Jun 2021 93 CVE-2020-8500 \*\* DISPUTED \*\* In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. 8 Jun 2021 93 CVE-2020-8497 In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. 8 Jun 2021 93 CVE-2020-7935 Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access. 8 Jun 2021 755 CVE-2020-5844 index.php?sec=godmode/extensions&sec2=extensions/files\_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742\_FIX\_PERL2020. 10 Feb 2021 752 CVE-2020-26518 Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora\_console/include/chart\_generator.php session\_id parameter. 2 Oct 2020 743 CVE-2020-13855 Pandora FMS 744 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. 4 Jun 2020 745 CVE-2020-13854 Pandora FMS 744 allows privilege escalation. 4 Jun 2020 745 CVE-2020-13853 Pandora FMS 744 has persistent XSS in the Messages feature. 4 Jun 2020 745 CVE-2020-13852 Pandora FMS 744 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. 4 Jun 2020 745 CVE-2020-13851 Pandora FMS 744 allows remote command execution via the events feature. 4 Jun 2020 745 CVE-2020-13850 Artica Pandora FMS 744 has inadequate access controls on a web folder. 4 Jun 2020 747 CVE-2020-11749 Pandora FMS 7.0 NG 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. 14 Apr 2020 747 CVE-2020-8947 Allows remote attackers to execute arbitrary OS commands via shell metacharacters in the netflow report. It needs valid credentials to success. 12 Feb 2020 743 CVE-2020-8511 Pandora FMS through 7.42, admin users can execute arbitrary code by uploading a .php file via the File Repository component. 31 Jan 2020 N/A CVE-2020-8497 Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. 30 Jan 2020 746 CVE-2020-7935 Artica Pandora FMS through 742 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager by the admin user. The vulnerability is exploitable only with Administrator access. 23 Jan 2020 N/A CVE-2020-5844 Files\_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. 6 Jan 2020 743 CVE-2019-20224 Netflow stats in Pandora FMS NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip\_src parameter. 2 Jan 2020 742 CVE-2019-20050 Pandora FMS 742 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type. 27 Dec 2019 742 CCVE-2019-13035 Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\\PandoraFMS (the current directory) as NT AUTHORITY\\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. 29 Jun 2019 735 CVE-2018-11223 XSS in Artica Pandora FMS before 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter. 16 May 2018 723 CVE-2018-11222 Local File Inclusion (LFI) in Pandora FMS through version 723 allows an attacker to call any php file via the /pandora\_console/ajax.php ajax endpoint. 16 May 2018 723 CVE-2018-11221 Unauthenticated untrusted file upload in Pandora FMS through version 723 allows an attacker to upload an arbitrary plugin via include/ajax/update\_manager.ajax in the update system. 16 May 2018 723 CVE-2017-15937 Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX). 27 Oct 2017 714 CVE-2017-15936 Pandora FMS NG an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. 27 Oct 2017 714 CVE-2017-15935 Pandora FMS 7.0 vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. 27 Oct 2017 714 CVE-2017-15934 Pandora FMS 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. 27 Oct 2017 714 CVE-2010-4283 PHP remote file inclusion vulnerability in extras/pandora\_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv\[1\] parameter. 17 Nov 2014 3.1.1 CVE-2010-4282 Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora\_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. 17 Nov 2014 3.1.1 CVE-2010-4281 Incomplete blacklist vulnerability in the safe\_url\_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character. 17 Nov 2014 3.1.1 CVE-2010-4280 Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id\_group parameter in an operation/agentes/ver\_agente action to ajax.php or (2) the group\_id parameter in an operation/agentes/estado\_agente action to index.php, related to operation/agentes/estado\_agente.php. 17 Nov 2014 3.1.1 CVE-2010-4279 The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash\_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash\_user parameter, in conjunction with the md5 hash of "admin" in the loginhash\_data parameter. 17 Nov 2014 3.1.1 CVE-2010-4278 operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. 17 Nov 2014 3.1.1 CVE-2014-8629 Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. 11 Nov 2014 5.1 SP2

CVE-2022-2059: Pandora FMS Common Vulnerabilities and Exposures

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859)
* CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
* CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-07-25

Updated:

2022-07-25

**RHSA-2022:5701 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: java-1.8.0-openjdk security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.  

Security Fix(es):  

*   OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)
*   OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)
*   OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

For details on how to apply this update, which includes the changes described in this advisory, refer to:  

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

**Affected Products**

*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.1 x86\_64

**Fixes**

*   BZ - 2108540 - CVE-2022-21540 OpenJDK: class compilation issue (Hotspot, 8281859)
*   BZ - 2108543 - CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
*   BZ - 2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

**Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1**

SRPM

java-1.8.0-openjdk-1.8.0.342.b07-1.el8\_1.src.rpm

SHA-256: 680cc1393646c23c3fcf4b0802a8c671b6b6031b9ce0c01f1398d4e80816e372

ppc64le

java-1.8.0-openjdk-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 605f1015861e7a7db069eee9a39538fc92098b120ac390c55f23ecfe874ec007

java-1.8.0-openjdk-accessibility-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: a9dc7bb74b445c3978cb1e40753f49b04e5cfa6fce789005a937a91d2f9fb439

java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: a4147c3b26df50f9e20fd4164c0c41f17d408a38b3f7be13f6d40178c6356e11

java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 0da61a8ea094bcaf1a733e88587dae09dbba86f684036e51b7ce581011b806dd

java-1.8.0-openjdk-demo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 5dfaf4ea0e21b68c6ce0fe2325ccfcae2f4d6928919bcaaf267c77ff7baba785

java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: d324538fad36457d9b82629488cbb1881637e1623a8588040ef964a05b6e4890

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 92220c7ae826c70536834404aa7441fb1c9b0fa439cb84c98692c33cfa537670

java-1.8.0-openjdk-devel-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 2c4790586d6b69fd2741b9494e1b643ee10182ec3b28294f6280d016c8d82dab

java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 2645841f486053f9dc35751f09be2e82c2d0d39889c67f2fd9c6cc96a1dcf406

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 7845b20f3f8b8a1802d1eee6212445d4c63038c37d937ce41bf70dbcd7c36bc3

java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 721bf94c573efe5eb5d74ad43aef060869f8a2b311d352411b92604a0f8c5e51

java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 0fa50b2fb6312ea16eaf0cffbdfc0516f6f26dac3d54f73b97af1d71dc15fb48

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: d901092f10bc2fe214e6afa0a4f1cd29e91ef04c8c754357559ec5ebdee6250b

java-1.8.0-openjdk-javadoc-1.8.0.342.b07-1.el8\_1.noarch.rpm

SHA-256: 0fef1786b6f29373703405483a92ad808bda25d348b83bf67bab109ac30bff87

java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-1.el8\_1.noarch.rpm

SHA-256: 3c9d046f5d5c75bedd803250d9b11ff690c8c00a28b557977c360ff683cb7b8d

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: 5a02c5117b35f1d22f8a4bb2654df6ecd58b872cb0a72e55b9c4257b7f714d36

java-1.8.0-openjdk-src-1.8.0.342.b07-1.el8\_1.ppc64le.rpm

SHA-256: c34d7d338e43728283a1fbd6b97460c7c39c7b72b837c064171dd72c3d87db58

**Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.1**

SRPM

java-1.8.0-openjdk-1.8.0.342.b07-1.el8\_1.src.rpm

SHA-256: 680cc1393646c23c3fcf4b0802a8c671b6b6031b9ce0c01f1398d4e80816e372

x86\_64

java-1.8.0-openjdk-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: b82701c59459d16f37fda744733167f78c488a066fe0e49e24b02b3e8224c4b7

java-1.8.0-openjdk-accessibility-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: f7118f1ab7be4d4e8f7a4b503ff709d3adfd4c98fd14399276dd2b213629da0c

java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: bb383e262ea3940bce4029c0bb12959bfba9056b4b4d7f9ee5246d6014fdf193

java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: a1214ed285d8226dd18dd82ec6526da3b2bba4459ca628bd24f25a67db8f9014

java-1.8.0-openjdk-demo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: 0a502f5159167b7031b36a94b1fae629da176c2ccbe2fae471124567f91dbf55

java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: 33030503811fa0cf7738691fb9d6ce0e0445bcc7a461aec92244fb43d90fc3ae

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: 3dc3a63de0bbd7dc4c7a96768df4c726daa72779f864ed22387d39a592afe3ab

java-1.8.0-openjdk-devel-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: a7caf495a9ecbb98ad42e5ad8425fed4a95bdef0b61d08759c807788479397b5

java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: 1f6b0a2c758a622f558ad377929559871edde5542d6c56c421f75ad300ee13fd

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: 418f17dac0f813ccf5d7b07950aaffc8023bbb64a65c82b984ad3937db976960

java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: b4d4fb43a182a90b66f6ed26b1eac5279ce60a29336d70d7d7c0b3fd49a0e6ab

java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: 61e637fd50a5f5720d027c7fbd63bfe8f3a659736177f3e658591f0258825976

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: b7f9fffe5dd5ff14f548282ca8eb87c24a37ce17119239e354df2221be2bda5d

java-1.8.0-openjdk-javadoc-1.8.0.342.b07-1.el8\_1.noarch.rpm

SHA-256: 0fef1786b6f29373703405483a92ad808bda25d348b83bf67bab109ac30bff87

java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-1.el8\_1.noarch.rpm

SHA-256: 3c9d046f5d5c75bedd803250d9b11ff690c8c00a28b557977c360ff683cb7b8d

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: c44431b155894712948251b90dd2766ab6fb244d833ee343e929c4cedd238781

java-1.8.0-openjdk-src-1.8.0.342.b07-1.el8\_1.x86\_64.rpm

SHA-256: c4ff26e9a1589fa78b0e72d6852367e66b3032e6585fb20fee96eb2a8cd1e805

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:5701: Red Hat Security Advisory: java-1.8.0-openjdk security update

Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

A comprehensive plugin for your WordPress visitor statistics, Track statistics for your WordPress site without depending on external services. Enable you to display how many users are online on your WordPress blog with detailed statistics, easy to install and working fine (Thousands of WordPress sites are already using it)  
When it comes to ease of use, WordPress visitor statistics comes in first, You will have a real counter and statistics plugin for your WordPress website..  
This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page..

**Basic Features**

✅ Real time statistics  
✅ visits, visitors location.  
✅ Comprehensive overview page & User-friendly interface  
✅ GeoIP location by Country  
✅ Search Engines queries from popular search engines like Google  
✅ Support for hashing IP addresses (Full GDPR)  
✅ Automatically prune the databases of old data  
✅ Automatic updates to the GeoIP database.  
✅ Fully compliant with the European GDPR guidelines.  
✅ and more

**Pro features**

✅ Online counter  
✅ Widgets to provide information to your users  
✅ Shortcodes for many different types of data.  
✅ E-mail reports of statistics  
✅ Interactive map of visitors location  
✅ GEO locations (country and city)  
✅ Recent visitors by IP  
✅ and more

**Requirements**

*   WordPress 3.8+
*   PHP 5.2+ (or 5.5+ if you use the Browscap data file)
*   MySQL 5.0.3+
*   At least 20 MB of free web space
*   At least 5 MB of free DB space
*   At least 32 Mb of free PHP memory for the tracker (peak memory usage)
*   IE9+ or any browser supporting HTML5, to access the reports

**Premium Add-ons**

Visit our website for a list of available extensions.

**Translations**

*   English
*   French
*   Russian
*   German (Formal)

**Contributing and Reporting Bugs**

WordPress visitor statistics (Histats) is being developed on GitHub, If you’re interested in contributing to plugin, Please look at Github page

**Support**

We’re happy to help. Here are a few things to do before contacting us:  
\* Have you read the \[FAQs\] (http://plugins-market.com/documentation/)  
\* Have you search the support forum for a similar issue?  
\* You can also contact us at support@plugins-market.com if you have any enquiry.

1.  Download the package.
2.  Upload the package using your plugins page > add new > upload or Extract the contents of .zip folder to wp-content/plugins/ folder
3.  Activate the Plugin via plugins page
4.  Clear your site cache (if you have any caching plugin enabled)  
    Thanks!

I am hugely disappointed at their support and the Plugins. Firstly, the Counts shown on Graphic Chart increased, for example, from 100 counts to 170 from Mexico. It is an increment of 70 visitors. However, there are No visitor logs shown on Google Analytics or Analtify. the Same thing with WordFence Traffic Logs, there's no Traffic log shows 70 visitors from Mexico. The overall count visit logs including the \* Hacking Attempt \* Search Engine Bots(from Bing, Google. etc) \* Human Visit I have tried to get help on this matter by contacting the support, but No Replies for over 10 days.

It is very accurate with its statistics, which is good because you know what to do and what not to do to keep improving your site

I don't recommend this plugin. If you try to delete it, it leaves lots of unused tables that are impossible to delete automatically contrary to what the designer says. I had to go through the cPanel to delete them. And those who are not familiar with this kind of manipulation, they can break the website.

We find the Visitor Statistics plug-in very useful, and the developers are highly responsive and efficient when it comes to technical support.

this plugin is useful and easy to use

Read all 105 reviews

“WP Visitor Statistics (Real Time Traffic)” is open source software. The following people have contributed to this plugin.

Contributors

*    osama.esh

**5.9**

1.  Bug fixes (notice)

**5.8**

1.  Bug fixes in settings page
2.  Adding new feature in the settings page (Excluding Roles from statistics)

**5.7**

1.  Bug fixes in the GEO location vars

**5.6**

1.  Bug fixes – escape data

**5.5**

1.  Bug fixes in IP execlusion page

**5.4**

1.  Bug fixes – escape data

**5.3**

1.  Bug fixes in IP exclusion ajax request

**5.2**

1.  Bug fixes in timezone

**5.1**

1.  Bug fixes in settings

**4.9**

1.  Security Bug fixes

**4.8**

1.  Security Bug fixing in ajax requests

**4.7**

1.  Bug fixing in multisite (network)

**4.6**

1.  Bug fixing in IP extension

**4.5**

1.  Bug fixing in removing plugin (remove all tables and views)

**4.4**

1.  Bug fixing in dashboard stylesheet (with non admin users)

**4.3**

1.  Bug fixing in storing URLs (Lowercase issue)

**4.2**

1.  Security Bug fixing in ajax requests – part 2

**4.1**

1.  Security Bug fixing in ajax requests reported by Mr. Krzysztof Zając

**3.18**

1.  Security Bug fixing in ajax requests reported by Mr. Krzysztof Zając

**3.18**

1.  Bug fixing in the timezone (part 2)

**3.17**

1.  Bug fixing in the timezone

**3.16**

1.  bug fixing in stylesheet

**3.15**

1.  Adding FR translation (Thanks Maxence RICHARD for your help)
2.  Bug fixing in the main statistics chart
3.  bug fixing in stylesheet

**3.14**

1.  Bug fixing “PHP Notice: Undefined variable” in functions

**3.13**

1.  Bug fixing “PHP Notice: Undefined variable” happend after the latest changes
2.  Reports enhancements

**3.12**

1.  Bug fixing “PHP Notice: Undefined variable” happend after the latest changes

**3.11**

1.  bug fixing (single quote issue) in search engines

**3.10**

1.  Urgent fixing (Database errors)

**3.9**

1.  Top bar icon + bug fixing in the plugin init file

**3.8**

1.  Security bug fixing reported by Mr. “Austin Turecek”, Sanitizing ajax request

**3.7**

1.  Bug fixing in search engines graphs

**3.6**

1.  Bug fixing in prepare statement in the reports

**3.5**

1.  Bug fixing in prepare statement

**3.4**

1.  Bug fixing in search engines query (single quote issue reported by @madmax4ever)

**3.3**

1.  Bug fixing in enqueue scripts

**3.2**

1.  Bug fixing in user roles with different site language

**3.1**

1.  Bug fixing in user roles

**2.9**

1.  Bug fixing in traffic counter after the latest updates

**2.8**

1.  Bug fixing – PHP notice

**2.7**

1.  js compression

**2.6**

1.  Css compression

**2.5**

1.  adding the ability to give access to statistics page for any user type
2.  exclude robots

**2.4**

1.  adding new subscribe message to get latest updates

**2.3**

1.  bug fixing in CSS
2.  enhancement in the plugin performance

**2.2**

1.  removing alert message

**2.1**

1.  IP addresses hashing for last 3 digits
2.  Bug fixing in default data

**1.9**

1.  we used the \[GEOPLUGIN\] web service (http://geoip-db.com) These library give us more help in identifying the city name, here is the privacy page for this service http://geoip-db.com/privacy
2.  improve reports

**1.8**

1.  fixing content reports (Traffic by title and by url)
2.  timezone is now support syncronization
3.  php 7.2 bug fixing
4.  improve reports

**1.7**

1.  Fixing undefined offset issue

**1.6**

1.  New feature, user can setup add-ons
2.  wordpress network (multisite support)

**1.5**

1.  Fix Bounce issue

**1.4**

1.  Fix total page views issue

**1.3**

1.  Fix timezone issue

**1.2**

1.  show alert if another stats plugin is enabled

**1.1**

1.  Fix schedule cron job issue

**1.0**

1.  Initial version

CVE-2022-33965: WP Visitor Statistics (Real Time Traffic)

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-THENIFY-571690
    
*   **published**
    
    15 Jun 2020
    
*   **disclosed**
    
    15 Jun 2020
    
*   **credit**
    
    JHU System Security Lab
    

**How to fix?**

Upgrade thenify to version 3.3.1 or higher.

**Overview**

thenify is a Promisify a callback-based function using any-promise.

Affected versions of this package are vulnerable to Arbitrary Code Execution. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

**PoC**

    var a = require("thenify");
    var attack_code = "fs=require('fs');fs.writeFile('Song', 'test',function(){})";
    function cur(){};
    Object.defineProperty(cur, "name", { value: "fake() {" + attack_code + ";})();(function(){//"});
    a(cur);

CVE-2020-7677: Snyk Vulnerability Database | Snyk

This affects all versions of package ffmpeg-sdk.
 The injection point is located in line 9 in index.js.



Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-FFMPEGSDK-1050429
    
*   **published**
    
    26 Jan 2021
    
*   **disclosed**
    
    26 Jan 2021
    
*   **credit**
    
    JHU System Security Lab
    

**How to fix?**

There is no fixed version for ffmpeg-sdk.

**Overview**

Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 9 in index.js.

##PoC

    var root = require("ffmpeg-sdk");
    root.execute("touch JHU");

CVE-2020-28435: Snyk Vulnerability Database | Snyk

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-NODEIMPORT-571691
    
*   **published**
    
    15 Jun 2020
    
*   **disclosed**
    
    15 Jun 2020
    
*   **credit**
    
    JHU System Security Lab
    

**How to fix?**

There is no fixed version for node-import.

**Overview**

node-import is a package that imports dependencies and run it directly or concatenate them and exports to file.

Affected versions of this package are vulnerable to Arbitrary Code Execution. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".

**PoC**

    var a = require("node-import");
    var params = {
      'fs=require("fs");fs.writeFile("JHU");//':123
    }
    a.module('',params,true)

CVE-2020-7678: Snyk Vulnerability Database | Snyk

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-NTESSERACT-1050982
    
*   **published**
    
    26 Jan 2021
    
*   **disclosed**
    
    14 Dec 2020
    
*   **credit**
    
    JHU System Security Lab
    

**How to fix?**

Upgrade ntesseract to version 0.2.9 or higher.

**Overview**

ntesseract is a simple wrapper for the Tesseract OCR package for node.js

Affected versions of this package are vulnerable to Command Injection via lib/tesseract.js.

**PoC:**

    var a =require("ntesseract");
    a.process("& touch JHU #","",function(){})

CVE-2020-28446: Snyk Vulnerability Database | Snyk

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.

A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

**Types of attacks**

There are a few methods by which XSS can be manipulated:

Type

Origin

Description

**Stored**

Server

The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.

**Reflected**

Server

The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.

**DOM-based**

Client

The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.

**Mutated**

The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

**Affected environments**

The following environments are susceptible to an XSS attack:

*   Web servers
*   Application servers
*   Web application environments

**How to prevent**

This section describes the top best practices designed to specifically protect your code:

*   Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
*   Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
*   Give users the option to disable client-side scripts.
*   Redirect invalid requests.
*   Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
*   Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
*   Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

CVE-2022-21802: Snyk Vulnerability Database | Snyk

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-SONARWRAPPER-1050980
    
*   **published**
    
    26 Jan 2021
    
*   **disclosed**
    
    14 Dec 2020
    
*   **credit**
    
    JHU System Security Lab
    

**How to fix?**

There is no fixed version for sonar-wrapper.

**Overview**

sonar-wrapper is a package that wraps SonarQube Scanner as a node module.

Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/sonarRunner.js.

**PoC**

    var root = require("sonar-wrapper");
    var options= {'sonar.projectName':'& touch JHU'};
    root.runAnalisys('./',options, []);

CVE-2020-28443: Snyk Vulnerability Database | Snyk

All versions of package git-archive are vulnerable to Command Injection via the exports function.


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-GITARCHIVE-1050391
    
*   **published**
    
    20 Jan 2021
    
*   **disclosed**
    
    11 Dec 2020
    
*   **credit**
    
    JHU System Security Lab
    

**How to fix?**

There is no fixed version for git-archive.

**Overview**

git-archive is a module to take a bare git repo, archive it, and export it as a tarball to a given path

Affected versions of this package are vulnerable to Command Injection via the exports function.

Tag

#js