Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2022-45461: Hotfix for Security Advisory Impacting NetBackup Java Admin Console

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.

CVE
Open in Source
#vulnerability#windows#linux#java#auth
CVE-2022-42982: BKG Professional NtripCaster

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.

CVE-2021-38819: CVE-2021-38819/CVE-2021-38819.md at main · m4sk0ff/CVE-2021-38819

A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page.

Red Hat Enterprise Linux and Microsoft security update of November 2022

<p><span><span><span><span><span><span>On November 8th, 2022, Microsoft released a series of security updates for various Windows operating systems to fix two security issues:</span></span></span></span></span></span></p> <ul> <li aria-level="1"><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966"&

CVE-2022-40752: Security Bulletin: IBM InfoSphere DataStage is vulnerable to a command injection vulnerability [CVE-2022-40752]

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687.

Disneyland Malware Team: It’s a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.

CVE-2022-34354: Security Bulletin: IBM Partner Engagement Manager is vulnerable to sensitive data exposure (CVE-2022-34354)

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.

Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass

Revenue Collection System version 1.0 suffers from a persistent cross site scripting vulnerability allowing an authenticated client user to add an administrative user account to the application then log in as the newly created admin.

Revenue Collection System 1.0 SQL Injection / Remote Code Execution

Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result of that command.

Red Hat Security Advisory 2022-8494-01

Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.