Mageia: Security Advisory (MGASA-2022-0149)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0149 Updated gzip/xz packages fix security vulnerability

zgrep, xzgrep: arbitrary-file-write vulnerability. CVE-2022-1271...

CVE-2021-3722

The CVE-2021-3722 entry affects Lenovo PCManager prior to version 4.0.40.2175. It describes a vulnerability where installation could allow configuration files to be written to non-standard locations, impacting availability. The connected documents provide no details on exploit steps, affected pro...

Cisco Unified CM and Unified CM SME Arbitrary File Writing Vulnerability

Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager. cisco Unified CM and Unified CM SME are vulnerable to an...

CVE-2022-20789 Cisco Unified Communications Products Arbitrary File Write Vulnerability

A vulnerability in the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability i...

CVE-2022-20789 Cisco Unified Communications Products Arbitrary File Write Vulnerability

A vulnerability in the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability i...

SUSE SLES12 Security Update : gzip (SUSE-SU-2022:1272-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1272-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for...

The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P router software allows a hacker to disclose protected information or rewrite arbitrary files.

The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P microprogramming software routers exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or re-write arbitrar...

SUSE SLES12 Security Update : gzip (SUSE-SU-2022:1275-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1275-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for...

Cisco Unified Communications Manager 安全漏洞

Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager. cisco Unified CM and Unified CM SME are vulnerable to an...

The vulnerability in the implementation of the “execute restore src-vis” command in FortiOS operating systems allows a hacker to write arbitrary files.

The vulnerability in the execution of the “execute restore src-vis” command in FortiOS operating systems lies in the loading of code without checking its integrity. Exploiting this vulnerability allows an attacker to write arbitrary files using specially crafted update packages...

FreeBSD : zgrep -- arbitrary file write (b019585a-bfea-11ec-b46c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b019585a-bfea-11ec-b46c-b42e991fc52e advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on...

Debian DSA-5123-1 : xz-utils - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5123 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file...

SUSE SLES15 Security Update : gzip (SUSE-SU-2022:1250-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1250-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for...

Debian DSA-5122-1 : gzip - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5122 advisory. cleemy desu wayo reported that incorrect handling of filenames by zgrep in gzip, the GNU compression utilities, can result in overwrite of arbitrary files or executio...

CVE-2022-28113

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie...

CVE-2022-28113

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie...

CVE-2022-28113

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie...

FANTEC MWiD25-DS 安全漏洞

The FANTEC MWiD25-DS is a wireless extender from FANTEC Germany. A security vulnerability exists in the FANTEC MWiD25-DS that allows an attacker to write to a file and reset a user's password without a valid session cookie...

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...