#sql

An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22569: protobuf-java: potential DoS in the parsing procedure for binary data * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: net...

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7746: chart.js: prototype pollution * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2021-23436: immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477 * CVE-2021-44906: minimist: prototype pollution * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-202...

Joomla RAXO All-Mode PRO extension version 2.01 suffers from a cross site scripting vulnerability.

Canteen Management version 1.0-2022 suffers from a remote SQL injection vulnerability.

Joomla Solidres extension version 2.12.9 suffers from a cross site scripting vulnerability.

Categories: Threat Intelligence In September, LockBit accounted for almost half of all known ransomware attacks. (Read more...) The post Ransomware review: September 2022 appeared first on Malwarebytes Labs.

### Summary The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to [v3.39.4](https://sqlite.org/releaselog/3_39_4.html). libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification: > Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the > prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so > this should be considered a security update. > > In order to exploit the vulnerability, an attacker must have full SQL access and must be able to > construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit > signed integer overflow. This vulnerability has not been assigned a CVE and does not have a severity declared. Please note that this advisory only applies to the sqlite3 gem v1.5.0, and only if the packaged libsqlite is being used. If you've overridden defaults at installation time to use system librarie...

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.