Okuningana okuhlonziwe kamuva nje:
- Ukuba sengozini okubalulekile (CVE-2022-41034) kukhonjwe ku-Visual Studio Code (VS Code) evumela ukusetshenziswa kwekhodi lapho umsebenzisi evula isixhumanisi esilungiswe umhlaseli. Ikhodi ingenziwa emshinini we-VS Code noma kunoma yimuphi omunye umshini oxhunywe ku-VS Code kusetshenziswa isici sokuThuthukiswa kwesilawuli kude. Inkinga ibeka ingozi enkulu kubasebenzisi benguqulo yewebhu ye-VS Code nabahleli bewebhu ngokusekelwe kuyo, okuhlanganisa i-GitHub Codespaces kanye ne-github.dev.
Ukuba sengozini kubangelwa ikhono lokucubungula izixhumanisi zesevisi "zomyalo:" ukuze uvule iwindi elinetheminali futhi ukhiphe imiyalo yegobolondo engafanele kulo, lapho ucubungula amadokhumenti aklanywe ngokukhethekile ngefomethi ye-Jypiter Notebook kusihleli, alandwe kuseva yewebhu elawulwayo. ngomhlaseli (amafayela angaphandle anesandiso esithi β .ipynbβ ngaphandle kokuqinisekisa okwengeziwe avulwa kumodi ethi "isTrusted", evumela ukucutshungulwa kokuthi "command:").
- Kuphawulwe ukuba sengozini kusihleli sombhalo se-GNU Emacs (CVE-2022-45939), esivumela ukuhlela ukwenziwa kwemiyalo lapho kuvulwa ifayela elinekhodi, ngokushintshanisa izinhlamvu ezikhethekile egameni elicutshungulwe kusetshenziswa ikhithi yamathuluzi ye-ctags.
- Ukuba sengozini (CVE-2022-31097) kukhonjwe kuplathifomu yokubuka idatha yomthombo ovulekile yase-Grafana engavumela ikhodi ye-JavaScript ukuthi isetshenziswe lapho isaziso siboniswa ngohlelo Lokuxwayisa lwe-Grafana. Umhlaseli onamalungelo omhleli angalungisa isixhumanisi esiklanywe ngokukhethekile futhi athole ukufinyelela kusixhumi esibonakalayo se-Grafana esinamalungelo omlawuli uma umlawuli echofoza lesi sixhumanisi. Ukuba sengozini kulungisiwe ekukhishweni kuka-Grafana 9.2.7, 9.3.0, 9.0.3, 8.5.9, 8.4.10 kanye no-8.3.10.
- Ukuba sengozini (CVE-2022-46146) kulabhulali yekhithi yamathuluzi yabathekelisi esetshenziselwa ukudala abathumeli bamamethrikhi be-Prometheus. Inkinga ikuvumela ukuthi udlule ukuqinisekiswa okuyisisekelo.
- Ukuba sengozini (CVE-2022-44635) kuplathifomu yezinsizakalo zezezimali ze-Apache Fineract evumela umsebenzisi ongagunyaziwe ukuthi afinyelele ekusebenziseni ikhodi yesilawuli kude. Inkinga ibangelwa ukuntuleka kokuphunyuka okufanele kwezinhlamvu ".." ezindleleni ezicutshungulwe ingxenye yokulayisha amafayela. Ukuba sengozini kwalungiswa ekukhishweni kwe-Apache Fineract 1.7.1 naku-1.8.1.
- Ukuba sengozini (CVE-2022-46366) kuhlaka lwe-Apache Tapestry Java okuvumela ikhodi yangokwezifiso ukuthi isetshenziswe lapho idatha efomethwe ngokukhethekile isuswa. Inkinga ivela kuphela egatsheni elidala le-Apache Tapestry 3.x, elingasasekelwa.
- Ubungozi kubahlinzeki be-Apache Airflow ku-Hive (CVE-2022-41131), i-Pinot (CVE-2022-38649), i-Pig (CVE-2022-40189) kanye ne-Spark (CVE-2022-40954), okuholela ekwenzeni ikhodi ekude ngokulayisha ngokungafanele amafayela noma esikhundleni somyalo kumongo wokwenziwa komsebenzi ngaphandle kokuba nokufinyelela kokubhala kumafayela e-DAG.
Source: opennet.ru