RHEL 7 : Red Hat Gluster Storage Web Administration (RHSA-2019:0265)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0265 advisory. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into...
6.1CVSS
6.2AI Score
0.01EPSS
7.8CVSS
8.5AI Score
0.001EPSS
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...
5.9CVSS
5.8AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ...
4.6CVSS
7.7AI Score
0.0004EPSS
CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...
6.5CVSS
6.7AI Score
0.001EPSS
NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability,...
5.7CVSS
5.9AI Score
0.0005EPSS
Exploit for Use of Hard-coded Credentials in Dlink Dns-320L Firmware
Unauthenticated RCE Backdoor authentication...
8.2AI Score
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials with....
8.8CVSS
8.8AI Score
0.062EPSS
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to...
5.1CVSS
7.2AI Score
0.0004EPSS
7.8CVSS
8.3AI Score
0.0005EPSS
CVE-2024-21826 Huks has an insecure storage of sensitive information vulnerability
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure...
4.3CVSS
4.7AI Score
0.0004EPSS
Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity:...
6.5CVSS
5.2AI Score
0.001EPSS
Checkpoint POC Exploit for testing purposes to retrieve...
8.6CVSS
6.2AI Score
0.945EPSS
8.6AI Score
0.0004EPSS
7.8CVSS
8.3AI Score
0.0005EPSS
CVE-2024-26618 arm64/sme: Always exit sme_alloc() early with existing storage
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the...
7.6AI Score
0.0004EPSS
7CVSS
8.4AI Score
0.0004EPSS
8.2CVSS
9.2AI Score
0.0004EPSS
Mirth Connect deserialization vulnerability
Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...
9.8CVSS
8AI Score
0.956EPSS
Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
Citrix ShareFile StorageZones (aka storage zones) Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read...
7.5CVSS
7.5AI Score
0.803EPSS
Zabbix Setup Configuration Authentication Bypass
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix...
5.3CVSS
5.1AI Score
0.718EPSS
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity:...
8.8CVSS
8.1AI Score
0.003EPSS
7.8CVSS
8.3AI Score
0.0005EPSS
7.8CVSS
8.3AI Score
0.0005EPSS
Check Point Security Gateway Arbitrary File Read
This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...
8.6CVSS
7.4AI Score
0.945EPSS
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher...
9.9CVSS
8.8AI Score
0.001EPSS
7CVSS
8.4AI Score
0.0004EPSS
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome...
9.6CVSS
9.4AI Score
0.002EPSS
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is...
5.4CVSS
7.1AI Score
0.0004EPSS
Eaton Xpert Meter SSH Private Key Exposure Scanner
Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and...
7.5AI Score
Janitza Multiple UMG Devices Remote Debug Interface RCE
The remote host has an unprotected debug interface. An unauthenticated, remote attacker can exploit this to execute system commands and JASIC...
7AI Score
CVE-2022-30212 Windows Connected Devices Platform Service Information Disclosure Vulnerability
...
4.7CVSS
6.7AI Score
0.0005EPSS
Mirth Connect deserialization vulnerability
Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...
9.8CVSS
9.9AI Score
0.956EPSS
Summary Vulnerabilities in netty-codec-http2 and commons-compress affect the Transparent Cloud Tiering function in IBM Storage Virtualize products. CVE-2023-44487, CVE-2024-25710, CVE-2024-26308. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the...
8.1CVSS
7.6AI Score
0.732EPSS
scikit-learn sensitive data leakage vulnerability
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...
4.7CVSS
6.5AI Score
0.0004EPSS
Unexpected Snapshot Deletion Failures in the Job Sessions for ONTAP 9.13.1
Due to a change in ONTAP 9.13.1, cloned volumes in this version fall into the recovery queue for 12 hours by default. The parent snapshot receives a 'busy' state and cannot be deleted before the clone leaves the queue and is removed completely from...
6.8AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ...
4.6CVSS
5.3AI Score
0.0004EPSS
Huawei Versatile Security / Storage Platform Version Detection
The remote host is running Huawei Versatile Security / Storage Platform (VSP), an operating system for Huawei storage and security devices. It is possible to read the VSP version number by logging into the device via SSH or via the SNMP...
1.8AI Score
Hashicorp Vault may expose sensitive log information
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use...
6.5CVSS
6.3AI Score
0.001EPSS
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher...
9.9CVSS
6.3AI Score
0.066EPSS
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended...
5.3AI Score
0.03EPSS
IBM Tivoli Storage Manager FastBack Server Detection
The remote host is running IBM Spectrum Protect for Workstations, a backup and data protection server. This product was formerly known as IBM Tivoli Storage Manager...
2.3AI Score
OpenEMR <5.0.2 - Local File Inclusion
OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory...
8.8CVSS
8.4AI Score
0.796EPSS
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, <...
5.5CVSS
6.4AI Score
0.0005EPSS
Exploit for Use After Free in Google Android
Bad Spin: Android Binder LPE Author: Moshe Kol Privilege...
7AI Score
CVE-2024-29952 Clear text storage of sensistive information by manipulating command variables
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command...
5.5CVSS
5.7AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-3742 Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...
7.5CVSS
7.7AI Score
0.0004EPSS
CVE-2024-3742 Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...
7.5CVSS
6.8AI Score
0.0004EPSS
Updated python-scikit-learn packages fix security vulnerability
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...
4.7CVSS
6.6AI Score
0.0004EPSS