Toshiba Electronic Devices & Storage Corporation Security Vulnerabilities

RHEL 7 : Red Hat Gluster Storage Web Administration (RHSA-2019:0265)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0265 advisory. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into...

Exploit for CVE-2023-36664

Ghostscript command injection vulnerability PoC...

CVE-2021-43767

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...

CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ...

CVE-2023-46739

CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...

CVE-2023-27370 NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability

NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability,...

Exploit for Use of Hard-coded Credentials in Dlink Dns-320L Firmware

Unauthenticated RCE Backdoor authentication...

CVE-2023-28434

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials with....

CVE-2024-31216

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to...

CVE-2021-26441 Storage Spaces Controller Elevation of Privilege Vulnerability

...

CVE-2024-21826 Huks has an insecure storage of sensitive information vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure...

CVE-2022-4913

Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity:...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Checkpoint POC Exploit for testing purposes to retrieve...

CVE-2020-1490 Windows Storage Service Elevation of Privilege Vulnerability

...

CVE-2021-40488 Storage Spaces Controller Elevation of Privilege Vulnerability

...

CVE-2024-26618 arm64/sme: Always exit sme_alloc() early with existing storage

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the...

CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability

...

CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability

...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...

Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read

Citrix ShareFile StorageZones (aka storage zones) Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read...

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix...

CVE-2022-3195

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity:...

CVE-2021-40489 Storage Spaces Controller Elevation of Privilege Vulnerability

...

CVE-2021-40478 Storage Spaces Controller Elevation of Privilege Vulnerability

...

Check Point Security Gateway Arbitrary File Read

This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...

CVE-2022-43757

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher...

CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability

...

CVE-2022-1312

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome...

CVE-2024-37897

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is...

Eaton Xpert Meter SSH Private Key Exposure Scanner

Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and...

Janitza Multiple UMG Devices Remote Debug Interface RCE

The remote host has an unprotected debug interface. An unauthenticated, remote attacker can exploit this to execute system commands and JASIC...

CVE-2022-30212 Windows Connected Devices Platform Service Information Disclosure Vulnerability

...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...

Security Bulletin: Vulnerabilities in Transparent Cloud Tiering affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in netty-codec-http2 and commons-compress affect the Transparent Cloud Tiering function in IBM Storage Virtualize products. CVE-2023-44487, CVE-2024-25710, CVE-2024-26308. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the...

scikit-learn sensitive data leakage vulnerability

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

Unexpected Snapshot Deletion Failures in the Job Sessions for ONTAP 9.13.1

Due to a change in ONTAP 9.13.1, cloned volumes in this version fall into the recovery queue for 12 hours by default. The parent snapshot receives a 'busy' state and cannot be deleted before the clone leaves the queue and is removed completely from...

CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ...

Huawei Versatile Security / Storage Platform Version Detection

The remote host is running Huawei Versatile Security / Storage Platform (VSP), an operating system for Huawei storage and security devices. It is possible to read the VSP version number by logging into the device via SSH or via the SNMP...

Hashicorp Vault may expose sensitive log information

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use...

CVE-2021-36782

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher...

CVE-2019-15045

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended...

IBM Tivoli Storage Manager FastBack Server Detection

The remote host is running IBM Spectrum Protect for Workstations, a backup and data protection server. This product was formerly known as IBM Tivoli Storage Manager...

OpenEMR <5.0.2 - Local File Inclusion

OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory...

Sensitive Information leak via Log File in Kubernetes

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects &lt; v1.19.3, &lt; v1.18.10, &lt;...

Exploit for Use After Free in Google Android

Bad Spin: Android Binder LPE Author: Moshe Kol Privilege...

CVE-2024-29952 Clear text storage of sensistive information by manipulating command variables

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command...

CVE-2024-33004 Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

CVE-2024-3742 Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information

Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...

CVE-2024-3742 Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information

Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...

Updated python-scikit-learn packages fix security vulnerability

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...