CVE-2022-20789 Cisco Unified Communications Products Arbitrary File Write Vulnerability

A vulnerability in the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability i...

SUSE SLES12 Security Update : gzip (SUSE-SU-2022:1272-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1272-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for...

SUSE SLES12 Security Update : gzip (SUSE-SU-2022:1275-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1275-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for...

Cisco Unified Communications Manager 安全漏洞

Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager. cisco Unified CM and Unified CM SME are vulnerable to an...

The vulnerability in the implementation of the “execute restore src-vis” command in FortiOS operating systems allows a hacker to write arbitrary files.

The vulnerability in the execution of the “execute restore src-vis” command in FortiOS operating systems lies in the loading of code without checking its integrity. Exploiting this vulnerability allows an attacker to write arbitrary files using specially crafted update packages...

SUSE SLES15 Security Update : gzip (SUSE-SU-2022:1250-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1250-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for...

FreeBSD : zgrep -- arbitrary file write (b019585a-bfea-11ec-b46c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b019585a-bfea-11ec-b46c-b42e991fc52e advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on...

Debian DSA-5123-1 : xz-utils - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5123 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file...

Debian DSA-5122-1 : gzip - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5122 advisory. cleemy desu wayo reported that incorrect handling of filenames by zgrep in gzip, the GNU compression utilities, can result in overwrite of arbitrary files or executio...

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

Race condition

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

CVE-2022-25165

CVE-2022-25165 and CVE-2022-25166 affect Amazon AWS VPN Client 2.0.0. The issues are described as a TOCTOU race during VPN config validation, allowing parameters outside the allow list to be injected into the config and potentially writing files as SYSTEM (elevating privileges) or leaking Net-NTL...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current gzip Vulnerability (SSA:2022-104-02)

The version of gzip installed on the remote host is prior to 1.12. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-104-02 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name f...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current xz Vulnerability (SSA:2022-104-03)

The version of xz installed on the remote host is prior to 5.2.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-104-03 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name fo...

SUSE SLED15 / SLES15 Security Update : xz (SUSE-SU-2022:1158-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1158-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's...

Ubuntu 18.04 LTS / 20.04 LTS : Gzip vulnerability (USN-5378-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5378-1 advisory. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operatio...

Ubuntu 18.04 LTS / 20.04 LTS : XZ Utils vulnerability (USN-5378-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5378-2 advisory. Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain filenames. If a user or automated system were tricked into performing xzgrep...