Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Apache has released...

Path Traversal

github.com/gogs/gogs is vulnerable to path traversal. The vulnerability exists in the HTTP function in http.go due to a lack of input validation which allows a malicious user to craft an http request and gain access to unauthorized system data...

Vulnerability fixed in Fortinet products

Vulnerabilities have been fixed in several products from Fortinet. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution...

Path Traversal

djangos3file is vulnerable to path traversal. The vulnerability exists in the S3FileMiddleware function in middleware.py due to lack of input validation in the form field which allows an malicious user to access and modify system data...

Magento 2 Community Edition RCE via Unsafe File Upload

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure...

Vulnerabilities fixed in QNAP QTS, QuTS hero and QuTScloud

QNAP has fixed vulnerabilities in QTS, QuTS hero and QuTScloud. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data...

Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software NFVIS that could permit an attacker to fully compromise and take control over the hosts. Tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, the vulnerabiliti...

CVE-2022-20780

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

CVE-2022-20779

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

Information disclosure

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

CVE-2022-20780 Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

CVE-2022-20780 Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

CVE-2022-20779 Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

CVE-2022-20779

Cisco NFVIS (Cisco Enterprise NFV Infrastructure Software) has CVE-2022-20779 and related vulnerabilities allowing an attacker to escape a guest VM to the host, inject root-level commands during image registration, or leak host data to VMs. Affected component is the NFVIS image/registration pathw...

CVE-2022-20779 Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

Vulnerabilities fixed in FortiOS

Vulnerabilities have been fixed in FortiOS. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data Fortinet has released updates to...

Vulnerabilities fixed in Yokogawa Centum VP, ProSafe-RS and B/M9000 VP

Yokogawa has fixed vulnerabilities in Centum VP, ProSafe-RS and B/M9000 VP. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access t...

Vulnerabilities fixed in IBM QRadar

Vulnerabilities have been fixed in IBM QRadar. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Circumventing security measures Remo...

SUSE-SU-2022:1369-1 Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005960 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nftables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read...