CVE-2022-2597 The Visual Portfolio, Photo Gallery & Post Grid plugin before 2.19.0 had some security issues, allowing users with a low role to inject arbitrary CSS.
This is possible because the plugin does not have an ACL on its endpoints. An attacker can send requests to the affected REST APIs as
CVE-2022-39050 An attacker who is logged into OTRS as an admin user may manipulate the customer URL field to store JavaScript that is later executed in the context of OTRS.
which are accessible by logged-in attacker. Another example of a destructive attack is when an attacker creates an OTRS account to monitor a specific email
CVE-2022-39830 - Missing Return Value Check in sign_pFwInfo in Samsung mTower (<=.3.) Leads to Denial of Service
In September 2022, a security vulnerability tracked as CVE-2022-39830 was discovered in the Samsung mTower software, up to version .3.. This flaw arises from a
CVE-2022-31176 The Grafana Image Renderer plugin renders panels and dashboards to PNGs using a headless browser. An internal security review identified a vulnerability that unauthorized file disclosure.
If your organization is unable to apply the fix quickly, it is recommended to disable HTTP remote rendering by setting `render_enabled_media_types` to
CVE-2022-38170 Airflow prior to 2.3.4 had an insecure umask that could lead to race condition for world-writable files in the Airflow home directory.
This issue has been fixed by configuring the umask appropriately.
Prior to Apache Airflow version 2.3.4, a config error in one of the
Episode
00:00:00
00:00:00