Description
In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source.
For …
[org.apache.xmlgraphics:batik] Untrusted code execution in Apache XML Graphics Batik
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
References
https://nvd.nist….
[org.apache.xmlgraphics:batik] Apache XML Graphics Batik vulnerable to code execution via SVG.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
References
https://nvd.nist.gov/vuln/detail/C…
[org.apache.geode:geode-core] Apache Geode vulnerable to Cross-Site Scripting
Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-34870
https://lists.apache.org/thread/zl…
[pulp-ansible] Plaintext storage of tokens in pulp_ansible
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp’s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-364…
[Microsoft.NETCore.App.Runtime.linux-musl-arm] .NET Core Elevation of Privilege Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial…
[github.com/free5gc/free5gc] free5GC vulnerable to malformed NGAP message crashing the AMF and NGAP decoders
In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43677
https://github.com/free5gc/free5gc/issues/402
https://githu…
[org.apache.heron:heron-api] Heron allows CRLF log injection
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-42010
h…
[Microsoft.AspNetCore.App.Runtime.osx-arm64] .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability…
[Microsoft.NETCore.App.Runtime.Mono.linux-arm] .NET Core Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerab…