A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.

@@ -1,3 +1,6 @@ \------------------------------------------------------------------------ English \------------------------------------------------------------------------ Shopizer (for java 1.8 +) \-------------------  
@@ -119,4 +122,259 @@ If you have interest in giving feedback or for participating to Shopizer project Feel to use the contact form <http://www.shopizer.com/contact.html> and share your email address so we can send an invite to our Slack channel  
### How to Contribute: \------------------- Fork the repository to your GitHub account  
Clone from fork repository \-------------------  
$ git clone https://github.com/yourusername/shopizer.git  
Build application according to steps provided above  
Synchronize lastest version with the upstream \-------------------  
$ git remote add upstream https://github.com/yourusername/shopizer.git $ git pull upstream 2.17.0  
Create new branch in your repository \-------------------  
$ git checkout -b branch-name  
  
Check your branch status before commit to the branch \-------------------  
$ git status $ git commit  
Push changes to GitHub \-------------------  
$ git push -u origin HEAD  
  
  
\------------------------------------------------------------------------ FRENCH \------------------------------------------------------------------------  
Shopizer (pour java 1.8 +) \-------------------  
\[!\[last\_version\](https://img.shields.io/badge/last\_version-v2.12.0-blue.svg?style=flat)\](https://github.com/shopizer-ecommerce/shopizer/tree/2.12.0) \[!\[Official site\](https://img.shields.io/website-up-down-green-red/https/shields.io.svg?label=official%20site)\](http://www.shopizer.com/) \[!\[Docker Pulls\](https://img.shields.io/docker/pulls/shopizerecomm/shopizer.svg)\](https://hub.docker.com/r/shopizerecomm/shopizer) \[!\[stackoverflow\](https://img.shields.io/badge/shopizer-stackoverflow-orange.svg?style=flat)\](http://stackoverflow.com/questions/tagged/shopizer)  
  
Logiciel de commerce électronique open source Java  
\- Panier \- Catalogue \- Chercher \- Check-out \- Administration \- API REST  
Voir la démo (jsp): \------------------- http://aws-demo.shopizer.com:8080/  
Voir la démo (angular): \------------------- Bientôt disponible  
  
Obtenez le code: \------------------- Clonez le référentiel:  
$ git clone git://github.com/shopizer-ecommerce/shopizer.git  
Si c'est la première fois que vous utilisez Github, consultez http://help.github.com to learn the basics.  
Vous pouvez également télécharger le fichier zip contenant le code depuis https://github.com/shopizer-ecommerce/shopizer  
Pour créer l'application: \------------------- Depuis la ligne de commande:  
$ cd shopizer $ mvnw clean install  
  
Exécutez l'application depuis Tomcat \------------------- copier sm-shop / target / ROOT.war vers tomcat ou tout autre répertoire de déploiement du serveur d'applications  
Augmenter l'espace du tas à 1024 m （Heap space)  
### Configuration de l'espace de tas dans Tomcat (Heap space):  
  
Si vous utilisez Tomcat, modifiez catalina.bat pour les utilisateurs Windows ou catalina.sh pour les utilisateurs Linux / Mac  
sous Windows set JAVA\_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=256m"  
sous Linux / Mac export JAVA\_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=256m"  
Exécutez l'application à partir de Spring Boot \-------------------  
$ cd sm-shop $ mvnw spring-boot:run  
Exécutez l'application à partir de Spring Boot dans eclipse \-------------------  
Faites un clic droit sur com.salesmanager.shop.application.ShopApplication  
exécuter en tant qu'application Java  
### Accédez à l'application: \-------------------  
Accédez à l'application Web déployée à l'adresse: http: //localhost:8080/  
Accédez à la section d'administration à l'adresse: http://localhost: 8080/admin  
nom d'utilisateur: admin@shopizer.com  
mot de passe: password  
Les instructions ci-dessus vous permettront d'exécuter l'application avec les paramètres et configurations par défaut. Veuillez lire les instructions pour vous connecter à MySQL, configurer un serveur de messagerie et configurer d'autres sous-systèmes  
  
### Documentation: \-------------------  
Documentation disponible sur le wiki <http://shopizer-ecommerce.github.io/shopizer/#>  
ChatOps <https://shopizer.slack.com> - Rejoignez notre chaîne Slack https://shopizer-slackin.herokuapp.com/  
Plus d'informations sont disponibles sur le site Web de Shopizer ici <http://www.shopizer.com>  
### Participation: \-------------------  
Si vous souhaitez donner votre avis ou participer de quelque manière que ce soit au projet Shopizer N'hésitez pas à utiliser le formulaire de contact <http://www.shopizer.com/contact.html> et à partager votre adresse email afin que nous puissions envoyer une invitation sur notre chaîne Slack  
  
  
\------------------------------------------------------------------------ 中文版本 \------------------------------------------------------------------------ Shopizer（适用于 java 1.8 +） \-------------------  
\[!\[最新版本\](https://img.shields.io/badge/last\_version-v2.12.0-blue.svg?style=flat)\](https://github.com/shopizer-ecommerce/shopizer/tree/2.12.0) \[!\[官方网站\](https://img.shields.io/website-up-down-green-red/https/shields.io.svg?label=official%20site)\](http://www.shopizer.com/) \[!\[Docker Pulls\](https://img.shields.io/docker/pulls/shopizerecomm/shopizer.svg)\](https://hub.docker.com/r/shopizerecomm/shopizer) \[!\[stackoverflow\](https://img.shields.io/badge/shopizer-stackoverflow-orange.svg?style=flat)\](http://stackoverflow.com/questions/tagged/shopizer)  
Java开源电子商务软件  
\- 购物车 \- 目录 \- 搜索 \- 查看 \- 行政 \- REST API  
参阅演示（jsp）： \------------------- http://aws-demo.shopizer.com:8080/  
请参阅演示（角度）： \------------------- 即将推出  
  
获取代码： \------------------- 克隆存储库：  
$ git clone git://github.com/shopizer-ecommerce/shopizer.git  
如果这是您第一次使用 Github，请查看 http://help.github.com 以了解基础知识。  
您还可以从 https://github.com/shopizer-ecommerce/shopizer 下载包含代码的 zip 文件  
将要构建应用程序：  
\------------------- 从命令行：  
$ cd shopizer $ mvnw clean install  
从 Tomcat 运行应用程序 \------------------- 将 sm-shop/target/ROOT.war 复制到 tomcat 或任何其他应用服务器部署目录  
将堆空间增加到 1024 m  
###Tomcat中的堆空间配置：  
  
如果您使用 Tomcat，请为 windows 用户编辑 catalina.bat 或为 linux / Mac 用户编辑 catalina.sh  
在 Windows 中 设置 JAVA\_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=256m"  
在 Linux / Mac 中 导出 JAVA\_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=256m"  
从 Spring Boot 运行应用程序 \-------------------  
$ cd sm-shop $ mvnw spring-boot:run  
在 Eclipse 中从 Spring Boot 运行应用程序 \-------------------  
右键单击 com.salesmanager.shop.application.ShopApplication  
作为 Java 应用程序运行  
### 访问应用程序： \-------------------  
访问已部署的 Web 应用程序：http://localhost:8080/  
访问管理部分：http://localhost:8080/admin  
用户名：admin@shopizer.com  
密码：password  
上述说明将让您使用默认设置和配置运行应用程序。 请阅读有关如何连接到 MySQL、配置电子邮件服务器和配置其他子系统的说明  
  
### 文档： \-------------------  
可从 wiki <http://shopizer-ecommerce.github.io/shopizer/#> 获得的文档  
ChatOps <https://shopizer.slack.com> - 加入我们的 Slack 频道 https://shopizer-slackin.herokuapp.com/  
更多信息可在此处的购物者网站上获得 <http://www.shopizer.com>  
### 参与： \-------------------  
如果您有兴趣提供反馈或以任何方式参与 Shopizer 项目 请使用联系表 <http://www.shopizer.com/contact.html> 并分享您的电子邮件地址 这样我们就可以邀请您进入我们的 Slack 频道

CVE-2022-23059: working version 3.0.alpha · shopizer-ecommerce/shopizer@6b9f1ec

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked.

![pentest](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_pentest.png)

**In IT-Systeme eindringen – nach allen Regeln der Kunst****In IT-Systeme eindringen – nach allen Regeln der Kunst**

![rotate card](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/refresh.svg)

**Pentest****In IT-Systeme eindringen – nach allen Regeln der Kunst**

Es vergeht keine Woche, in der Hacker nicht in Netzwerke, Server und PCs eindringen. Es vergeht kein Tag, an dem wir nicht das Gleiche tun – aber in Ihrem Auftrag. Unsere Penetrationstester sind bestens mit Angriffsmethoden auf IT-Systeme vertraut.

weitere Informationen

**Technisches Consulting****Kompetent beraten - IT sichern**

Es gibt viele Gründe für Unternehmen und Organisationen, sich in Fragen der IT-Sicherheit beraten zu lassen: ein Sicherheitsvorfall, Ergebnisse eines Penetrationstests, neue Anforderungen, Outtasking von Aufgaben oder andere Hintergründe. Die SySS unterstützt Sie bereits zu Projektbeginn oder auch während des gesamten Projektverlaufs mit der entscheidenden Expertise.

weitere Informationen

![digital-forensic](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_digital-forensic.png)

**Digitale Forensik****Gefahren abwehren – Beweise sichern****Gefahren abwehren – Beweise sichern**

![rotate card](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/refresh.svg)

**Digitale Forensik****Gefahren abwehren – Beweise sichern**

Die SySS GmbH unterstützt Sie bei der Aufklärung akuter IT-Sicherheitsvorfälle und der Erfassung gerichtsverwertbarer Daten in Ihrem Unternehmensnetzwerk. Dazu gehört u.a. die Sicherung und Analyse digitaler Spuren nach einem Angriff.

weitere Informationen

![red-teaming](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_red-teaming.png)

**Red Teaming****APT geplant erleben – Abwehr trainieren****APT geplant erleben – Abwehr trainieren**

![rotate card](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/refresh.svg)

**Red Teaming****APT geplant erleben – Abwehr trainieren**

Die Bedrohung durch gezielte Angriffe auf Unternehmen und Institutionen steigt zunehmend an. Aus einer externen Perspektive ohne Vorkenntnisse simulieren wir einen solchen zielgerichteten Angriff. Dabei testen wir Ihre Prozesse und Systeme sowie das Bewusstsein Ihrer Mitarbeiter für IT-Sicherheit.

weitere Informationen

![live-hacking](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_live-hacking.png)

**Live-Hacking****Angriffe erlebbar machen – Sensibilität steigern****Angriffe erlebbar machen – Sensibilität steigern**

![rotate card](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/refresh.svg)

**Live-Hacking****Angriffe erlebbar machen – Sensibilität steigern**

Wer sich vor Angriffen aus dem Netz schützen will, sollte die Arbeitsweise von Hackern genau kennen. Im Live-Hacking führen unsere Spezialisten eindrucksvoll – und live – vor Augen, wie leicht es ist, an die Daten Dritter zu gelangen.

weitere Informationen

![schulung](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_schulung.png)

**Schulung****Sicherheit trainieren – Kompetenzen ausbauen****Sicherheit trainieren – Kompetenzen ausbauen**

![rotate card](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/refresh.svg)

**Schulung****Sicherheit trainieren – Kompetenzen ausbauen**

Sicherheitsbeauftragte Ihres Unternehmens und alle für IT zuständigen Mitarbeiter werden von SySS umfassend in aktuellen Fragen und Vorgehensweisen zur IT-Sicherheit ausgebildet. Wir lassen Sie in die Welt des Hackens eintreten.

weitere Informationen

*   ![pentest](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_pentest.png)
    
    **Pentest****In IT-Systeme eindringen – nach allen Regeln der Kunst**
    
    Es vergeht keine Woche, in der Hacker nicht in Netzwerke, Server und PCs eindringen. Es vergeht kein Tag, an dem wir nicht das Gleiche tun – aber in Ihrem Auftrag. Unsere Penetrationstester sind bestens mit Angriffsmethoden auf IT-Systeme vertraut.
    
*   ![digital-forensic](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_digital-forensic.png)
    
    **Digitale Forensik****Gefahren abwehren – Beweise sichern**
    
    Die SySS GmbH unterstützt Sie bei der Aufklärung akuter IT-Sicherheitsvorfälle und der Erfassung gerichtsverwertbarer Daten in Ihrem Unternehmensnetzwerk. Dazu gehört u.a. die Sicherung und Analyse digitaler Spuren nach einem Angriff.
    
*   ![red-teaming](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_red-teaming.png)
    
    **Red Teaming****APT geplant erleben – Abwehr trainieren**
    
    Die Bedrohung durch gezielte Angriffe auf Unternehmen und Institutionen steigt zunehmend an. Aus einer externen Perspektive ohne Vorkenntnisse simulieren wir einen solchen zielgerichteten Angriff. Dabei testen wir Ihre Prozesse und Systeme sowie das Bewusstsein Ihrer Mitarbeiter für IT-Sicherheit.
    
*   ![live-hacking](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_live-hacking.png)
    
    **Live-Hacking****Angriffe erlebbar machen – Sensibilität steigern**
    
    Wer sich vor Angriffen aus dem Netz schützen will, sollte die Arbeitsweise von Hackern genau kennen. Im Live-Hacking führen unsere Spezialisten eindrucksvoll – und live – vor Augen, wie leicht es ist, an die Daten Dritter zu gelangen.
    
*   ![schulung](https://syss.de/typo3conf/ext/user_site/Resources/Public/Images/icon_schulung.png)
    
    **Schulung****Sicherheit trainieren – Kompetenzen ausbauen**
    
    Sicherheitsbeauftragte Ihres Unternehmens und alle für IT zuständigen Mitarbeiter werden von SySS umfassend in aktuellen Fragen und Vorgehensweisen zur IT-Sicherheit ausgebildet. Wir lassen Sie in die Welt des Hackens eintreten.
    

**Aktuelles**

**Auszeichnung für die SySS**

![](https://syss.de/fileadmin/_processed_/7/b/csm_BrandEins_IT2022_Logo_untere_Seite_0c21ed3517.jpg)

brand eins zählt SySS zu den besten IT-Dienstleistern 2022!

Ihr direkter Kontakt zu SySS +49 (0)7071 - 40 78 56-0 oder anfrage@syss.de | IN DRINGENDEN FÄLLEN AUSSERHALB DER GESCHÄFTSZEITEN +49 (0)7071 - 40 78 56-99

Als Rahmenvertragskunde wählen Sie bitte die bereitgestellte Rufbereitschaftsnummer

Ihr direkter Kontakt zu SySS +49 (0)7071 - 40 78 56-0 oder anfrage@syss.de

IN DRINGENDEN FÄLLEN AUSSERHALB DER GESCHÄFTSZEITEN +49 (0)7071 - 40 78 56-99

Als Rahmenvertragskunde wählen Sie bitte die bereitgestellte Rufbereitschaftsnummer

Direkter Kontakt

+49 (0)7071 - 40 78 56-0 oder anfrage@syss.de

IN DRINGENDEN FÄLLEN AUSSERHALB DER GESCHÄFTSZEITEN

+49 (0)7071 - 40 78 56-99

Als Rahmenvertragskunde wählen Sie bitte die bereitgestellte Rufbereitschaftsnummer

CVE-2022-24957: SySS GmbH - The Pentest Experts

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.

Permalink

main

Switch branches/tags

**Hardware-IoT/**tp-link tl-wr840n\_X\_TP\_ClonedMACAddress=.pdf****

Go to file

*   Go to file

*   Copy path
*   Copy permalink

Cannot retrieve contributors at this time

209 KB

Download

*   Open with Desktop
*   Download

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2022-26642: Hardware-IoT/tp-link tl-wr840n_X_TP_ClonedMACAddress=.pdf at main · Quadron-Research-Lab/Hardware-IoT

BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Hi,  
I found a new transient execution attack on risc-v boom.  
The attack relies on the bug #558, which is a performance bug originally.  
But the same bug can also be used to transiently poison the BIM table using a transiently accessed secret.

The attached PoC attack is a Meltdown type of attack where a supervisor-mode software transiently leaks  
a secret from the machine-mode software (i.e., either a firmware or an enclave).  
The attack is based on two vulnerabilities: **1) boom transiently executes load instruction before checking  
PMP violation**, and **2) BIM table can be transiently updated using the accessed value**.  
The attack is quite slow than using D-cache as a side channel, but it still works and almost correctly retrieves  
the secret value (i.e., _0xdeadbeef_).

           /* in the given directory */
           make clean; make
           <path to simulator-chipyard-SmallBoomConfig> ./exploit.riscv
    

This can be mitigated by fixing either one of two bugs above.

CVE-2022-26296: New transient execution attack on Boom. · Issue #577 · riscv-boom/riscv-boom

There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.

@@ -37,7 +37,12 @@ public function render()

  

// bring the form action into the local scope

$formAction = $this\->\_loginForm\['action'\];

  

  

// Check redirect for chevrons, deny if found.

if (preg\_match('/\[<>\]/i', $this\->\_params\['data'\]\['performredirect'\])) {

$result\->addError(\_('Script is not allowed'));

}

  

// Are we already submitting the form login?

if (!empty($formAction)) {

// make sure we can simply assume all fields are there

CVE-2021-43725: Update SpotPage_login.php · spotweb/spotweb@2bfa001

The components for Windows Container Support for Red Hat OpenShift 5.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
* CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
* CVE-2021-3121: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
* CVE-2021-29923: golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
* CVE-2021-31525: golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
* CVE-2021-33195: golang: net: lookup functions may return invalid host names
* CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
* CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
* CVE-2021-34558: golang: crypto/tls: certificate of wrong type is causing TLS client to panic
* CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic


Issued:

2022-03-28

Updated:

2022-03-28

**RHSA-2022:0577 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Moderate: Windows Container Support for Red Hat OpenShift 5.0.0 \[security update\]

**Type/Severity**

Security Advisory: Moderate

**Topic**

The components for Windows Container Support for Red Hat OpenShift 5.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.  

Security Fix(es):  

*   gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
*   golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
*   golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
*   golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
*   golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
*   golang: net: lookup functions may return invalid host names (CVE-2021-33195)
*   golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
*   golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
*   golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
*   golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86\_64

**Fixes**

*   BZ - 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
*   BZ - 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
*   BZ - 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
*   BZ - 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
*   BZ - 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
*   BZ - 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
*   BZ - 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
*   BZ - 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
*   BZ - 1990573 - Username annotation error when byoh Windows have uppercase hostname
*   BZ - 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
*   BZ - 1992841 - Deleting Machine Node object throws reconciliation error after WMCO restart
*   BZ - 1994859 - Windows Containers on Windows Nodes get assigned the DNS Server IP “172.30.0.10”, which is wrong, if the default kubernetes subnet is not used
*   BZ - 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
*   BZ - 2000772 - WMCO fails to configure VMs with Powershell set as the default SSH shell
*   BZ - 2001547 - BYOH Windows instance configured with DNS name got deconfigured immediately on UPI baremetal
*   BZ - 2002961 - CSR reconciler report error constantly when BYOH CSR approved by other Approver
*   BZ - 2005360 - BYOH Windows instance configured twice with DNS name
*   BZ - 2008601 - WMCO ignores delete events for machines with invalid IP addresses
*   BZ - 2015772 - Replacing private key reconcile 2 Windows nodes in parallel
*   BZ - 2032048 - CSR approval failures caused by update conflicts
*   WINC-747 - Windows Container Support for Red Hat OpenShift 5.0.0 release

**CVEs**

*   CVE-2020-28851
*   CVE-2020-28852
*   CVE-2021-3121
*   CVE-2021-3521
*   CVE-2021-3712
*   CVE-2021-29923
*   CVE-2021-31525
*   CVE-2021-33195
*   CVE-2021-33197
*   CVE-2021-33198
*   CVE-2021-34558
*   CVE-2021-36221
*   CVE-2021-42574
*   CVE-2022-24407

**Red Hat OpenShift Container Platform 4.10 for RHEL 8**

SRPM

x86\_64

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:0577: Red Hat Security Advisory: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.

![Openwall](https://www.openwall.com/logo.png)

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

CVE-2022-27950: security - Memory leak in Linux HID-elo driver

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

Back to top

Edit this page

Toggle table of contents sidebar

**Security#**

This release addresses several security problems.

CVE-2022-24303: If the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary image file after im.show() (and related actions), and potentially remove an unrelated file. This has been present since PIL.

CVE-2022-22817: While Pillow 9.0 restricted top-level builtins available to PIL.ImageMath.eval(), it did not prevent builtins available to lambda expressions. These are now also restricted.

**Other Changes#**

Pillow 9.0 added support for xdg-open as an image viewer, but there have been reports that the temporary image file was removed too quickly to be loaded into the final application. A delay has been added.

CVE-2022-24303: 9.0.1

**Security¶**

This release addresses several security problems.

CVE-2022-24303: If the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary image file after `im.show()` (and related actions), and potentially remove an unrelated file. This been present since PIL.

CVE-2022-22817: While Pillow 9.0 restricted top-level builtins available to `PIL.ImageMath.eval()`, it did not prevent builtins available to lambda expressions. These are now also restricted.

**Other Changes¶**

Pillow 9.0 added support for `xdg-open` as an image viewer, but there have been reports that the temporary image file was removed too quickly to be loaded into the final application. A delay has been added.

Technitium Installer v4.4 was discovered to allow attackers to execute arbitrary code or escalate privileges via placing a crafted DLL in the same directory as the current installer.

**DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4**

![image](https://user-images.githubusercontent.com/21979646/155652696-751b0227-004a-4928-b663-aea9178c38d2.png)

**Vulnerable Software and Version**:  

1.  Technitium Installer v4.4

**Vulnerable software download link**:  
https://technitium.com/tmac/

**Date discovered and reported**:  
25 Feb 2022  

**Description**:  
**Technitium Installer v4.4** is suffering from **CWD DLL Hijacking** by placing x86 **SXS.dll** in the same directory as the installer , which could cause **arbitrary code execution and privilege escalation** since the installer requires admin right to run by design.

The installer is actually looking for below DLLs in the current directory as the installer but then only SXS.dll is tested and hijacked successfully

1.  SXS.dll
2.  MSVBVM60.dll
3.  VCRUNTIME140.dll

**Attack vector**:  
Taking SXS.dll as an example, placing the malicious crafted dll in the current directory as the installer and whenever a user click the installer, **arbitrary code execution and privilege escalation** could be achieved.

PoC code of dll can be found in my repository

**Attack steps**:  

1.  Craft and drop a malicious DLL named as "SXS.dll" with entry point DllMain ![image](https://user-images.githubusercontent.com/21979646/155653240-ef58e64b-802e-4268-a9a6-cc8e74c576c0.png)
    
2.  Double click the executable, administrator privilege is required to run
    
3.  Malicious DLL has been called and an admin shell can be obtained as PoC ![image](https://user-images.githubusercontent.com/21979646/155653291-16145a65-ccdc-4461-a328-f6dc277e4d54.png)

Tag

#mac