- CVE-2022-42299on October 3, 2022 at 12:00 am
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. (CVSS:0.0) (Last Update:2022-10-04)
- CVE-2022-42247on October 3, 2022 at 12:00 am
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name. […]
- CVE-2022-42301on October 3, 2022 at 12:00 am
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. (CVSS:0.0) (Last Update:2022-10-04)
- CVE-2022-42300on October 3, 2022 at 12:00 am
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the […]
- CVE-2022-42303on October 3, 2022 at 12:00 am
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. (CVSS:0.0) […]
- CVE-2022-42302on October 3, 2022 at 12:00 am
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. (CVSS:0.0) (Last Update:2022-10-03)
- CVE-2022-42304on October 3, 2022 at 12:00 am
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. (CVSS:0.0) (Last Update:2022-10-04)
- CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivatedon October 4, 2022 at 7:14 pm
Posted by Jedidiah Cunningham on Oct 04Description: In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API. Credit: The Apache Airflow PMC would […]
- Django CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLson October 4, 2022 at 1:28 pm
Posted by Carlton Gibson on Oct 04Django security releases issued: 4.1.2, 4.0.8, and 3.2.16https://www.djangoproject.com/weblog/2022/oct/04/security-releases/ In accordance with `our security release policy […]
- Announce: OpenSSH 9.1 releasedon October 4, 2022 at 10:44 am
Posted by Damien Miller on Oct 04OpenSSH 9.1 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server […]
- CreativeDream software arbitrary file uploadon October 3, 2022 at 4:19 pm
Posted by Larry Cashdollar on Oct 03Title: CreativeDream software arbitrary file upload Author: Larry W. Cashdollar Date: 2022-09-08 CVE-ID:[CVE-2022-40721] Download Site: https://github.com/CreativeDream Vendor: CreativeDream Vendor Notified: […]
- Re: MySQL Cluster 8.0.30 overflowon October 3, 2022 at 4:13 pm
Posted by Alex Gaynor on Oct 03Was this previously disclosed to the MySQL team (Oracle, I suppose) and is it fixed upstream, or is this the initial disclosure? Alex
- MySQL Cluster 8.0.30 overflowon October 3, 2022 at 4:08 pm
Posted by Evgeny Legerov on Oct 03Hi, There is a heap overflow in ndbd. Bug details: void Dbdih::execSTART_MECONF(Signal* signal) { Â jamEntry(); Â StartMeConf * const startMe = (StartMeConf *)&signal->theData[0]; Â Uint32 nodeId = […]
VulDB Updates Updates
- CVE-2016-7421 | QEMU hw/scsi/vmw_pvscsi.c pvscsi_ring_pop_req_descr resource management (USN-3125-1 / Nessus ID 94669)by vuldb.com on October 5, 2022 at 9:05 am
A vulnerability, which was classified as problematic, was found in QEMU. Affected is the function pvscsi_ring_pop_req_descr of the file hw/scsi/vmw_pvscsi.c. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2016-7421. Attacking locally is a […]
- CVE-2016-7170 | QEMU hw/display/vmware_vga.c vmsvga_fifo_run cursor.mask[]/cursor.image[] out-of-bounds write (DLA 1599-1 / Nessus ID 93970)by vuldb.com on October 5, 2022 at 8:53 am
A vulnerability, which was classified as problematic, has been found in QEMU. This issue affects the function vmsvga_fifo_run of the file hw/display/vmware_vga.c. The manipulation of the argument cursor.mask[]/cursor.image[] leads to out-of-bounds write. The identification of this vulnerability […]
- CVE-2016-7157 | QEMU hw/scsi/mptconfig.c mptsas_config_manufacturing_1/mptsas_config_ioc_0 input validation (USN-3125-1 / Nessus ID 94669)by vuldb.com on October 5, 2022 at 8:46 am
A vulnerability classified as problematic was found in QEMU. This vulnerability affects the function mptsas_config_manufacturing_1/mptsas_config_ioc_0 of the file hw/scsi/mptconfig.c. The manipulation leads to improper input validation. This vulnerability was named CVE-2016-7157. An attack has […]
- CVE-2016-7156 | QEMU hw/scsi/vmw_pvscsi.c pvscsi_convert_sglist resource management (USN-3125-1 / Nessus ID 94669)by vuldb.com on October 5, 2022 at 8:35 am
A vulnerability classified as problematic has been found in QEMU. This affects the function pvscsi_convert_sglist of the file hw/scsi/vmw_pvscsi.c. The manipulation leads to improper resource management. This vulnerability is uniquely identified as CVE-2016-7156. The attack needs to be […]
- CVE-2016-7155 | QEMU Page Count hw/scsi/vmw_pvscsi.c out-of-bounds (USN-3125-1 / Nessus ID 94669)by vuldb.com on October 5, 2022 at 8:23 am
A vulnerability was found in QEMU. It has been rated as problematic. Affected by this issue is some unknown functionality of the file hw/scsi/vmw_pvscsi.c of the component Page Count Handler. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2016-7155. It is […]
- CVE-2016-7116 | QEMU Export hw/9pfs/9p.c path traversal (USN-3125-1 / Nessus ID 94669)by vuldb.com on October 5, 2022 at 8:11 am
A vulnerability was found in QEMU. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file hw/9pfs/9p.c of the component Export Handler. The manipulation with the input .. leads to path traversal. This vulnerability is known as CVE-2016-7116. […]
- CVE-2016-6888 | QEMU hw/net/net_tx_pkt.c net_tx_pkt_init integer overflow (USN-3125-1 / Nessus ID 94669)by vuldb.com on October 5, 2022 at 8:04 am
A vulnerability was found in QEMU. It has been classified as problematic. Affected is the function net_tx_pkt_init of the file hw/net/net_tx_pkt.c. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2016-6888. Local access is required to approach this attack. There […]