CVE-2022-30310

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30311

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30309

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30308

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

The vulnerability of the TGA file syntax analysis implementation in the Autodesk Design Review software lies in the ability to write beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the TGA file syntax analysis implementation in the Autodesk Design Review software relates to the writing beyond buffer boundaries in memory during DWG file syntax analysis. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context o...

GHSA-HR8G-F6R6-MR22 Buffer over-flow in Pillow

When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow. Opening an image...

GHSA-Q5RG-WG7H-73M5 LibreNMS Information Disclosure

An issue was discovered in LibreNMS through 1.47. The scripts that handle graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

Artifex MuJS 代码问题漏洞

Artifex Software Artifex MuJS is a lightweight JavaScript interpreter from Artifex Software, which is used to embed into other software to provide script execution functionality. vulnerability, which stems from the existence of a null pointer dereference in jsPdumpsyntax in jsdump.c. An attacker...

The vulnerability of the ClamAV antivirus software library and the Cisco AMP security tool for end devices allows a perpetrator to trigger a service failure.

The vulnerability of the ClamAV antivirus software library and the Cisco AMP tool for protecting against malicious software in end devices is related to resource management errors during CHM file syntax analysis. Exploiting this vulnerability can allow a remote attacker to cause service...

[SECURITY] Fedora 36 Update: curl-7.82.0-5.fc36

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

GHSA-H7MF-QRM9-2848 OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...

The vulnerability in the implementation of regular expression checks (regex for Rust) in web browsers Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to trigger a service failure.

The vulnerability of the regular expression validation implementation in Firefox web browsers, Firefox ESR, and Thunderbird email client is related to errors in syntax analysis of input data. Exploiting this vulnerability allows an attacker to cause service interruptions using specially crafted...

[SECURITY] Fedora 35 Update: fish-3.4.1-1.fc35

fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure...

[SECURITY] Fedora 36 Update: fish-3.4.1-1.fc36

fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure...

[SECURITY] Fedora 34 Update: gitit-0.13.0.0-5.1.fc34

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line too ls or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

Nuclei-Burp-Plugin - Nuclei Plugin For BurpSuite

A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are...

OPENSUSE-SU-2022:0061-1 Security update for mc

This update for mc fixes the following issues: Midnight Commander 4.8.27: Core - Reimplement version detection 3603, 4249 - Significantly reduce rebuilt time after version change 2252, 4266 - Drop automatic migration of configuration from /.mc to XDG-based directories 3682 - zsh: support custom...

Scientific Linux Security Update : openldap on SL7.x i686/x86_64 (2022:0621)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0621-1 advisory. - openldap: assertion failure in Certificate List syntax validation CVE-2020-25709 - openldap: assertion failure in CSN normalization with invali...

openldap security update

2.4.44-25 - Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation 2040539 - Fix CVE-2020-25710 openldap: assertion failure in CSN normalization with invalid input 2040538...

openldap: assertion failure in Certificate List syntax validation

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability...