CLSA-2022-1660759048 Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack...

CLSA-2022-1660756974 Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack...

SUSE-SU-2022:2825-1 Security update for rsync

This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write when connecting to a malicious server bsc1201840...

PT-2022-4468 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

SUSE-FU-2022:2794-1 Feature update for ongres-scram, ongres-stringprep, postgresql-jdbc

This feature update for ongres-scram, ongres-stringprep, postgresql-jdbc provides: ongres-scram: - Upgrade from version 1.0.0-beta.2 to version 2.1. jscSLE-23994 Add standard SASLPrep bsc1196693, jscSLE-23994 Failover to bouncy castle implementation of PBKDF2WithHmacSHA256 to support Oracle JDK 7...

FreeBSD : rsync -- client-side arbitrary file write vulnerability (21f43976-1887-11ed-9911-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 21f43976-1887-11ed-9911-40b034429ecf advisory. - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary...

GHSA-QP5M-C3M9-8Q2P JSPUI vulnerable to path traversal in submission (resumable) upload

Impact The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters durin...

CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

CVE-2022-29154

CVE-2022-29154 affects rsync prior to 3.2.5, enabling a malicious server (or MITM) to cause the rsync client to write arbitrary files in the client’s directory tree (including sensitive files such as .ssh/authorized_keys). The issue arises from insufficient validation of filenames returned by the...

rsync -- client-side arbitrary file write vulnerability

Openwall oss-security reports: We have discovered a critical arbitrary file write vulnerability in the rsync utility that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. Due to...

Directory Traversal

Overview std/path/filepath is a Go standard library package std/path/filepath Affected versions of this package are vulnerable to Directory Traversal. Go Vulnerability Report: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing ...

CVE-2022-36987

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server...

CVE-2022-36990

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...

CVE-2022-36990

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...

CVE-2022-36987

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server...

CVE-2022-36990

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...

Code injection

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server...

CVE-2022-36990

CVE-2022-36990 affects Veritas NetBackup, including versions 8.1.x–8.1.2, 8.2, 8.3.x–8.3.0.2, 9.x–9.0.0.1, and 9.1.x–9.1.0.1. Affected components: NetBackup Client and Primary server configuration. Vulnerability allows an attacker with authenticated access to a NetBackup Client to remotely write ...

GHSA-6XF5-C3CX-67PV Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfbf and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content...

Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfbf and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content...