CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly...
7.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba()....
6.6AI Score
0.0004EPSS
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at...
7.5CVSS
2.1AI Score
0.003EPSS
RHEL 7 : OpenShift Container Storage 3.11.z (RHSA-2022:0308)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0308 advisory. The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure...
6.5CVSS
7.8AI Score
0.014EPSS
Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not.....
5.3CVSS
6AI Score
0.0004EPSS
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager...
9.8CVSS
8.1AI Score
0.003EPSS
RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:3623)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3623 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
7.5CVSS
7.4AI Score
0.003EPSS
RHEL 7 : Red Hat Ceph Storage 3.3 (RHSA-2020:3504)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3504 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with...
6.5CVSS
6.8AI Score
0.003EPSS
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). -....
7AI Score
0.0004EPSS
CVE-2024-4232 Password Storage in Plaintext Vulnerability in Digisol Router
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and...
6.8AI Score
0.0004EPSS
CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the...
10CVSS
9.7AI Score
0.0004EPSS
Zabbix - SAML SSO Authentication Bypass
When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not...
9.8CVSS
9.4AI Score
0.97EPSS
CVE-2024-4232 Password Storage in Plaintext Vulnerability in Digisol Router
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and...
6.9AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...
4.4CVSS
0.0004EPSS
7CVSS
7.9AI Score
0.0004EPSS
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
7.7CVSS
7.2AI Score
0.0004EPSS
A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input alert(1) leads to cross site scripting. The attack may be initiated....
6.1CVSS
6.1AI Score
0.001EPSS
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the....
6.5CVSS
6.3AI Score
0.0005EPSS
5.5CVSS
7.6AI Score
0.0004EPSS
4.7CVSS
5.5AI Score
0.0005EPSS
Dell PowerPath - Veeam Agent for Linux Limitations
If a Linux server has Dell PowerPath devices attached, all the underlying block devices representing the network paths to the server are skipped from processing. This will result in the error "No objects to backup" or PowerPath devices missing from the backup. If non-PowerPath devices are part of.....
7.1AI Score
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use...
6.5CVSS
6.7AI Score
0.001EPSS
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...
4.4CVSS
4.2AI Score
0.0004EPSS
Exploit for Cleartext Storage of Sensitive Information in Tendacn Cp3 Firmware
CVE-2024-24488 An...
5.5CVSS
5.4AI Score
0.0004EPSS
Exploit for Improper Check for Unusual or Exceptional Conditions in Apple Ipados
CVE-2023-41993 PoC exploit for CVE-2023-41993. It's written...
9.8CVSS
9.4AI Score
0.003EPSS
RHEL 7 : Red Hat Ceph Storage (RHSA-2019:4353)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4353 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with...
6.5CVSS
6.6AI Score
0.001EPSS
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...
4.4CVSS
6.9AI Score
0.0004EPSS
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
7.7CVSS
0.0004EPSS
5.5CVSS
7.6AI Score
0.0004EPSS
CVE-2024-26197 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
...
6.5CVSS
7.7AI Score
0.0004EPSS
The remote host indicates that it is a Seagate Exos X SAN via its SLP attribute...
7AI Score
Nacos <1.4.1 - Authentication Bypass
Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is....
8.6CVSS
8.8AI Score
0.968EPSS
CVE-2024-1628 OS command injection vulnerabilities in GE HealthCare ultrasound devices
OS command injection vulnerabilities in GE HealthCare ultrasound...
8.4CVSS
7.8AI Score
0.0004EPSS
CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly...
7.5CVSS
7.7AI Score
0.0004EPSS
How to Connect to an Object Storage Repository via Azure Blob Private Endpoints
This article documents how to use Azure Blob Storage Account private endpoints (via Azure VPN or Azure ExpressRoute) for offload or to connect to an Object Storage Repository in Veeam Backup & Replication 12 or...
7.1AI Score
CVE-2024-26881 net: hns3: fix kernel crash when 1588 is received on HIP08 devices
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD_TS_VLD_B bit, so,...
5.5AI Score
0.0004EPSS
RHEL 7 / 8 : Red Hat Ceph Storage 4.1 (RHSA-2020:5325)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5325 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
8.8CVSS
8.7AI Score
0.001EPSS
CVE-2024-26197 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
...
6.5CVSS
6.8AI Score
0.0004EPSS
CVE-2021-47517 ethtool: do not perform operations on net devices being unregistered
In the Linux kernel, the following vulnerability has been resolved: ethtool: do not perform operations on net devices being unregistered There is a short period between a net device starts to be unregistered and when it is actually gone. In that time frame ethtool operations could still be...
6.8AI Score
0.0004EPSS
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...
4.4CVSS
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was in ->init() func...
7AI Score
0.0004EPSS
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
8.8CVSS
9.5AI Score
0.004EPSS
CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
6.3AI Score
0.0004EPSS
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials with....
8.8CVSS
8.8AI Score
0.062EPSS
GL.iNet Router Authentication Bypass (CVE-2023-46453) Exploit...
7.7AI Score
CVE-2021-47517 ethtool: do not perform operations on net devices being unregistered
In the Linux kernel, the following vulnerability has been resolved: ethtool: do not perform operations on net devices being unregistered There is a short period between a net device starts to be unregistered and when it is actually gone. In that time frame ethtool operations could still be...
6.4AI Score
0.0004EPSS
RHEL 8 / 9 : Red Hat Ceph Storage 6.1 (RHSA-2024:2631)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2631 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
9.8CVSS
6AI Score
0.002EPSS
CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
0.0004EPSS
NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability,...
5.7CVSS
5.4AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was in ->init()...
7AI Score
0.0004EPSS