Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

CVE-2022-38254: Nagios XI Change Log - Nagios

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#microsoft#ubuntu#linux#debian#red_hat#apache#memcached#js#git#java#oracle#php#rce#perl#ldap#ssrf#pdf#acer#auth#ssh#telnet#ibm#zero_day#rpm#mongo#postgres#chrome#firefox#sap#ssl
WordPress BackupBuddy 8.7.4.1 Arbitrary File Read

WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability.

Red Hat Security Advisory 2022-6347-01

Red Hat Security Advisory 2022-6347-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. Version 0.5 has been released with security fixes and updates.

FTPManager 8.2 Local File Inclusion / Directory Traversal

FTPManager version 8.2 suffers from local file inclusion and directory traversal vulnerabilities.

CVE-2022-36757: Xaomi Vuln – Google Drive

Xaomi Mi Browser v13.10.0-gn contains a vulnerability which allows attackers to execute arbitrary code via user interaction with a crafted URL.

CVE-2021-43565: [security] Vulnerability in golang.org/x/crypto/ssh

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

RHSA-2022:6347: Red Hat Security Advisory: VolSync 0.5 security fixes and updates

VolSync v0.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack e...

EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA

The phishing-as-a-service offering targets accounts from tech giants, and also has connections to PyPI phishing and the Twilio supply chain attack.

CVE-2022-34883: Vulnerability Information: Hitachi Storage Solutions: Hitachi

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

CVE-2022-34883: Security information for Hitachi Disk Array Systems(September 6, 2022):Vulnerability Information:Storage Solutions:Hitachi

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.