Nginx 缓冲区错误漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx, Inc. in the United States. njs is one of the scripting language components that supports extended NGINX functionality. A security vulnerability exists in Nginx NJS version v0.7.7, which stems from ...

PT-2022-24613 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.7 Description: A segmentation violation was discovered in Nginx NJS via the njs utf8 next function at src/njs utf8.h. Recommendations: For Nginx NJS version 0.7.7, at the moment, there is no information about a newer...

RHEL 8 : nginx:1.18 (RHSA-2021:2259)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2259 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

CVE-2022-29062

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

CVE-2022-29062

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

CVE-2022-29062

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

Path traversal

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

CVE-2022-29062

CVE-2022-29062 affects Fortinet FortiSOAR before 7.2.1. The vulnerability is a set of relative path traversal flaws in the FortiSOAR web API that allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. Impact is described as the abi...

CVE-2022-29062

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

CVE-2022-29062

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests...

FortiSOAR - Path traversal vulnerabilities in the web API

Multiple relative path traversal vulnerabilities CWE-23 in the web API of FortiSOAR may allow an authenticated attacker to write in the underlying filesystem with nginx permissions via crafted HTTP requests...

FortiSOAR 路径遍历漏洞

FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet. A security vulnerability exists in Fortinet FortiSOAR versions prior to 7.2.1, which stems from a vulnerability in its Web API that allows an authenticated attacker to achieve relative path traversal via a...

FortiSOAR - Privilege escalation from nginx user to root

An improper privilege management vulnerability CWE-269 in FortiSOAR may allow a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE

This module exploits an unauthenticated command injection vulnerability in Roxy-WI prior to version 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. Module Option...

Ubuntu: Security Advisory (USN-4235-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4967-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mattermost: DoS via Automatic Response Message

Summary: A user can enable and modify its automatic response message, that is automatically sent when the user has the "Out of Office" status. This response message doesn't have any size check or validation, which allows an attacker to set an almost unlimited number of characters as the response...

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-37042 Zimbra CVE-2022-37042 Nuclei weaponized tem...

SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2022:2872-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2872-1 advisory. - HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially ...