![]() ![]() Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.Ī flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. IBM X-Force ID: 225340.Ī vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. Zimbra desktop 7.2.8 plus#By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. ![]() IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. Zimbra desktop 7.2.8 code#This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.Ī flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.Ī Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. ![]() This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. Once pax is installed, amavisd automatically prefers it over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |