Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2022-4780: ISOS release notes - Elvexys SA

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.

CVE
Open in Source
#sql#vulnerability#mac#linux#git#intel#ldap#vmware#auth#postgres#ssl
CVE-2022-4779: StreamX release notes - Elvexys SA

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected.

Debian Security Advisory 5306-1

Debian Linux Security Advisory 5306-1 - Several vulnerabilities were discovered in gerbv, a Gerber file viewer, which could result in the execution of arbitrary code, denial of service or information disclosure if a specially crafted file is processed.

CVE-2022-4773: vuln-fix: Partial Path Traversal Vulnerability · HolgerHees/cloudsync@3ad7968

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2022-4772: [SECURITY] Fix Zip Slip Vulnerability by JLLeitschuh · Pull Request #551 · dgarijo/Widoco

A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.

CVE-2022-45434: Security Advisory – Vulnerabilities found in Dahua software products

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.

CVE-2022-47968: Reflected XSS · Issue #1086 · linuxserver/Heimdall

Heimdall Application Dashboard through 2.5.4 allows reflected XSS via "Application name" to the "Add application" page.

Why Attackers Target GitHub, and How You Can Secure It

The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.

CVE-2019-18177: Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

CVE-2020-12069: VDE-2021-061 | CERT@VDE

In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort.