TestNG is vulnerable to Path Traversal

Impact Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal only for .xml, .yaml and .yml files by default. The attack implies running an...

GHSA-RC2Q-X9MF-W3VF TestNG is vulnerable to Path Traversal

Impact Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal only for .xml, .yaml and .yml files by default. The attack implies running an...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.41 security update

Red Hat OpenShift Container Platform release 4.10.41 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

Microsoft Azure Command-Line Interface (CLI) Installed (Windows)

Binary data microsoftazurecliinstalledwin.nbin...

org.apache.archiva:archiva-artifact-converter (>=1.4-M1 <=2.1.0), org.apache.archiva:archiva-checksum (>=1.4-M1 <=2.2.10) +74 more potentially affected by CVE-2022-40309 via org.apache.archiva:archiva-common (>=1.1 <=2.2.8)

org.apache.archiva:archiva-common MAVEN version =1.1, =1.4-M1, =1.4-M1, =1.3, =1.1, =1.1, =1.4-M3, =1.1, =1.2, =1.1, =1.1, =1.4-M4, =1.1, =1.1, =1.4-M3, =1.4-M1, =2.2.10 and more Source cves: CVE-2022-40309 Source advisory: OSV:GHSA-XGQ8-JQ9W-77R5...

osbuild-composer bug fix and enhancement update

An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The osbuild-composer package is a service for building customized OS...

nvme-cli bug fix and enhancement update

An update is available for nvme-cli. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.1...

stratis-cli bug fix and enhancement update

An update is available for stratis-cli. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

RHEL 9 : php (RHSA-2022:8197)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8197 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7457 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access to th...

CVE-2022-20934

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands...

CVE-2022-20934

CVE-2022-20934 affects Cisco Firepower Threat Defense (FTD) and Cisco FXOS Software. The issue is a command-injection vulnerability in the CLI caused by insufficient input validation, allowing an authenticated, local attacker with Administrator privileges to inject OS commands and gain root acces...

@abstraktor/actordemo (>=0.0.0-ad-beta.1 <=0.0.0-ad-beta.2), @abstraktor/actorjs (>=0.0.0-aj-beta.3 <=0.0.0-aj-beta.6) +59 more potentially affected by CVE-2022-24066 +1 more via simple-git (>=3.0.3 <=3.14.1)

simple-git NPM version =3.0.3, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =2.0.0, =1.0.1-beta.0, =1.0.3, =1.0.1, =0.1.1, =3.0.5, =1.1.3, =1.4.0-beta.3 - @logol/dc-cli =1.2.0 and more Source cves: CVE-2022-24066, CVE-2022-25912 Source advisory: SNYK:JS-SIMPLEGIT-3112221...

Cisco Firepower Threat Defense和Cisco FXOS Software 操作系统操作系统命令注入漏洞

Cisco Firepower Threat Defense FTD and Cisco FXOS Software are both products of Cisco, Inc. Cisco Firepower Threat Defense is a unified suite of software that provides next-generation firewall services.Cisco FXOS Cisco FXOS Software is a suite of firewall software that runs in Cisco security...

CentOS 8 : php:8.0 (CESA-2022:7624)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7624 advisory. - php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 - php: Uninitialized array in pgqueryparams leading to RCE CVE-2022-31625...

osbuild-composer bug fix and enhancement update

An update is available for osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The osbuild-composer package is a service for building customized OS...

GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

...

nvme-cli bug fix and enhancement update

An update is available for nvme-cli. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.7...

awscli bug fix and enhancement update

An update is available for awscli. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.7...

CVE-2022-33186 : EZServer module vulnerability

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP...