GSD-2022-1001916 ocfs2: fix crash when mount with quota enabled

ocfs2: fix crash when mount with quota enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

GSD-2022-1001611 ocfs2: fix crash when mount with quota enabled

ocfs2: fix crash when mount with quota enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

CVE-2022-28613

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The...

CVE-2022-20678

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could...

CVE-2022-27291

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service DoS via the config.savenetworkenabled parameter...

D-Link DIR-619 缓冲区错误漏洞

D-Link DIR-619 is a series of routers from D-Link, a Chinese company. D-Link DIR-619 Ax v1.00 has a security vulnerability that can be exploited by attackers to cause a denial of service DoS via the config.savenetworkenabled parameter...

PT-2022-18147 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.7.0 Description: The default settings of CORS ORIGIN and CORS ENABLED in Directus are true, which could lead to unauthorized access in uncontrolled environments when the configuration hasn't been changed. This is...

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...

PT-2022-3153 · Nvidia · Nvidia Jetson Linux Driver Package

Name of the Vulnerable Software and Affected Versions: NVIDIA Jetson Linux Driver Package affected versions not specified Description: The issue is related to a buffer overflow in the Cboot module tegrabl cbo.c of the NVIDIA Jetson Linux Driver Package. If TFTP is enabled, a local attacker with...

PT-2022-16877 · Statamic · Statamic

Name of the Vulnerable Software and Affected Versions: Statamic versions prior to 3.2.39 Statamic versions prior to 3.3.2 Description: The issue allows an attacker to confirm a single character of a user's password hash using a specially crafted regular expression filter in the "users" endpoint o...

Wire 数据伪造问题漏洞

Wire is a chat program from the German company Wire. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. A data forgery vulnerability exists in Wire Wire-server, which stems from the...

CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

Shopware 授权问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. Shopware is vulnerable to an access control error that stems from not properly setting sensitive HTTP headers to non-cacheable, which could be exploited by an attacker to enable HTTP caching and then have...

Design/Logic Flaw

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

Icinga Web 2 安全漏洞

Icinga Web 2 is an application software.Icinga Web 2 is the next generation open source monitoring web interface, framework and command line interface developed by the Icinga Project to support Icinga 2, Icinga Core and any other IDO database compatible monitoring backend. A security vulnerabilit...

PT-2022-16823 · Icinga +1 · Icinga Web 2 +2

Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.8.6 Icinga Web 2 versions prior to 2.9.6 Icinga Web 2 versions prior to 2.10 Description: Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga ...

CVE-2022-22946

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates...

PT-2022-16832 · Shescape · Shescape

Name of the Vulnerable Software and Affected Versions: shescape versions 1.4.0 through 1.5.1 Description: The issue allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Oth...

DEBIAN-CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succee...

CVE-2022-25319

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled...