Skip to content

Latest Security Vulnerabilities

  • CVE-2022-42299
    on October 3, 2022 at 12:00 am

    An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. (CVSS:0.0) (Last Update:2022-10-04)

  • CVE-2022-42247
    on October 3, 2022 at 12:00 am

    pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name. […]

  • CVE-2022-42301
    on October 3, 2022 at 12:00 am

    An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. (CVSS:0.0) (Last Update:2022-10-04)

  • CVE-2022-42300
    on October 3, 2022 at 12:00 am

    An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the […]

  • CVE-2022-42303
    on October 3, 2022 at 12:00 am

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. (CVSS:0.0) […]

  • CVE-2022-42302
    on October 3, 2022 at 12:00 am

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. (CVSS:0.0) (Last Update:2022-10-03)

  • CVE-2022-42304
    on October 3, 2022 at 12:00 am

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. (CVSS:0.0) (Last Update:2022-10-04)

  • CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivated
    on October 4, 2022 at 7:14 pm

    Posted by Jedidiah Cunningham on Oct 04Description: In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API. Credit: The Apache Airflow PMC would […]

  • Django CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
    on October 4, 2022 at 1:28 pm

    Posted by Carlton Gibson on Oct 04Django security releases issued: 4.1.2, 4.0.8, and 3.2.16https://www.djangoproject.com/weblog/2022/oct/04/security-releases/ In accordance with `our security release policy […]

  • Announce: OpenSSH 9.1 released
    on October 4, 2022 at 10:44 am

    Posted by Damien Miller on Oct 04OpenSSH 9.1 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server […]

  • CreativeDream software arbitrary file upload
    on October 3, 2022 at 4:19 pm

    Posted by Larry Cashdollar on Oct 03Title: CreativeDream software arbitrary file upload Author: Larry W. Cashdollar Date: 2022-09-08 CVE-ID:[CVE-2022-40721] Download Site: https://github.com/CreativeDream Vendor: CreativeDream Vendor Notified: […]

  • Re: MySQL Cluster 8.0.30 overflow
    on October 3, 2022 at 4:13 pm

    Posted by Alex Gaynor on Oct 03Was this previously disclosed to the MySQL team (Oracle, I suppose) and is it fixed upstream, or is this the initial disclosure? Alex

  • MySQL Cluster 8.0.30 overflow
    on October 3, 2022 at 4:08 pm

    Posted by Evgeny Legerov on Oct 03Hi, There is a heap overflow in ndbd. Bug details: void Dbdih::execSTART_MECONF(Signal* signal) {   jamEntry();   StartMeConf * const startMe = (StartMeConf *)&signal->theData[0];   Uint32 nodeId = […]