Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd’s annual vulnerability report.
Red Hat Security Advisory 2022-0155-03 – Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.1 serves as a replacement for Red Hat Single Sign-On 7.5.0, and includes bug fixes and enhancements, which are documented…
Nyron version 1.0 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2022-0146-03 – These are CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP2 code base. Issues addressed include an information leakage vulnerability.
Leostream Connection Broker 22.214.171.124 allows administrator to upload and execute Perl code.
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.2.7.
In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
Leostream Connection Broker 126.96.36.199 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.
There’s a tiny data leakage bug in the WebKit browser engine… but it could act as a “supercookie” identifier for your browsing
Red Hat Security Advisory 2022-0157-03 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.