#perl

### Impact Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. ##### Example: ```php // request url: https://example.com/foo?groupBy=o_id`; SELECT SLEEP(20);-- $list = new DataObject\Car\Listing(); $list->setOrderKey($request->get('orderBy')); $list->setGroupBy($request->get('groupBy')); $list->load(); ``` ### Patches Upgrade to >= 10.4.4 or apply the following patch manually: https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549.patch ### Workarounds Apply this patch manually: https://github.com/pimcore/pim...

Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.

Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.

Red Hat Security Advisory 2022-5162-01 - PostgreSQL is an advanced object-relational database management system.

A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.

With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.

An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile.

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.

Data Processing and Infrastructure Processing Units – DPU and IPU – are changing the way enterprises deploy and manage compute resources across their networks.