Unity Linux 20.1070e Security Update: velocity-tools (UTSA-2026-016718)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016718 advisory. The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an X...

CVE-2026-43178

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

PT-2026-37518

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the procfs component within the do procmap query function. When a user provides an incorrectly sized buffer for the build ID during a PROCMAP QUERY, the system returns a...

EUVD-2026-22122

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...

PT-2026-32532

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...

CVE-2024-0778

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to...

SUSE CVE-2019-15794

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

GHSA-FH63-4R66-JC7V Cross-site scripting (XSS) in Apache Velocity Tools

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

DEBIAN-CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

UBUNTU-CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

Nagios XI 安全漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php in Nagios XI...

PT-2021-7665 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version xi-5.7.5 Description: The issue is related to OS command injection due to improper sanitization of authenticated user-controlled input by a single HTTP request. This can lead to OS command injection on the Nagios XI server...

DEBIAN-CVE-2019-15794

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

Restore a deleted vCenter Server Appliance (VCSA) with High Availability (HA) enabled

Challenge You need to restore a vCenter Server Appliance VCSA with the original name and to the original location. Before the VCSA got corrupted or was deleted, High Availability HA was enabled in the VMware cluster. If HA remains active at the ESXi host level during the restore process, HA can...

Sensitive data types in Veeam Backup & Replication and Veeam Backup for Microsoft 365 log files

Challenge When you open a support ticket, Veeam Customer Support specialists may request log files. These log files may contain information to which the terms of the data protection laws or internal company policies apply. Veeam Backup & Replication Veeam Backup & Replication log files may includ...

Failed to open VM attachment

Challenge Veeam ONE generates "Failed to open VM attachment" alarm. Cause Veeam ONE triggers " Failed to open VM attachment" alarm when the following Windows events are registered on the Hyper-V host: 12290 Microsoft-Windows-Hyper-V-Worker 12290 Microsoft-Windows-Hyper-V-SynthStor 12290...

PT-2009-2739 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.24.1 Description: The issue allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm file structure member, and the mmap region and do munmap functions...