Lucene search

K

Storage Manager Security Vulnerabilities

cve
cve

CVE-2024-0157

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application...

5.9CVSS

6.8AI Score

0.0004EPSS

2024-04-12 05:17 PM
22
cve
cve

CVE-2023-51071

An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a...

6.5CVSS

6.6AI Score

0.001EPSS

2024-01-13 04:15 AM
9
cve
cve

CVE-2023-51070

An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar...

7.5CVSS

7.5AI Score

0.001EPSS

2024-01-13 04:15 AM
9
cve
cve

CVE-2023-51068

An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted...

5.4CVSS

5.2AI Score

0.0004EPSS

2024-01-13 04:15 AM
5
cve
cve

CVE-2023-51067

An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted...

6.1CVSS

6AI Score

0.0005EPSS

2024-01-13 04:15 AM
9
cve
cve

CVE-2023-51062

An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted...

5.3CVSS

5.1AI Score

0.0005EPSS

2024-01-13 04:15 AM
9
cve
cve

CVE-2023-51065

Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar...

7.5CVSS

7.4AI Score

0.001EPSS

2024-01-13 04:15 AM
15
cve
cve

CVE-2023-51066

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute...

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-13 04:15 AM
12
cve
cve

CVE-2023-51063

QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component...

8.8CVSS

7.8AI Score

0.001EPSS

2024-01-13 04:15 AM
9
cve
cve

CVE-2023-51064

QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component...

6.1CVSS

6AI Score

0.0005EPSS

2024-01-13 04:15 AM
8
cve
cve

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...

10CVSS

9.2AI Score

0.001EPSS

2024-01-09 10:15 AM
18
cve
cve

CVE-2024-22216

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064...

10CVSS

9AI Score

0.001EPSS

2024-01-08 07:15 AM
8
cve
cve

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...

5.9CVSS

6.7AI Score

0.962EPSS

2023-12-18 04:15 PM
401
cve
cve

CVE-2023-5178

A use-after-free vulnerability was found in drivers/nvme/target/tcp.cinnvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead.....

9.8CVSS

9.4AI Score

0.025EPSS

2023-11-01 05:15 PM
244
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2890
In Wild
cve
cve

CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host...

9.8CVSS

9.7AI Score

0.001EPSS

2023-09-13 02:15 PM
60
cve
cve

CVE-2023-39250

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit...

7.8CVSS

5.2AI Score

0.0004EPSS

2023-08-16 04:15 PM
20
cve
cve

CVE-2022-2127

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan...

5.9CVSS

6.5AI Score

0.001EPSS

2023-07-20 03:15 PM
141
cve
cve

CVE-2023-22045

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS

4AI Score

0.001EPSS

2023-07-18 09:15 PM
2443
cve
cve

CVE-2023-22049

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,.....

3.7CVSS

4.3AI Score

0.001EPSS

2023-07-18 09:15 PM
160
cve
cve

CVE-2023-22036

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...

3.7CVSS

4.3AI Score

0.001EPSS

2023-07-18 09:15 PM
87
cve
cve

CVE-2023-22041

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2;...

5.1CVSS

5.5AI Score

0.001EPSS

2023-07-18 09:15 PM
106
cve
cve

CVE-2023-22006

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...

3.1CVSS

3.8AI Score

0.001EPSS

2023-07-18 09:15 PM
121
cve
cve

CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,.....

7.8CVSS

7.6AI Score

0.0004EPSS

2023-07-18 03:15 AM
32
cve
cve

CVE-2023-23588

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC84...

6.3CVSS

6AI Score

0.0004EPSS

2023-04-11 10:15 AM
20
cve
cve

CVE-2022-39399

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS

3.9AI Score

0.001EPSS

2022-10-18 09:15 PM
114
5
cve
cve

CVE-2022-21626

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable...

5.3CVSS

5.1AI Score

0.002EPSS

2022-10-18 09:15 PM
291
5
cve
cve

CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

3.7CVSS

4AI Score

0.002EPSS

2022-10-18 09:15 PM
296
7
cve
cve

CVE-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0......

5.3CVSS

5AI Score

0.002EPSS

2022-10-18 09:15 PM
296
14
cve
cve

CVE-2022-21619

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

3.7CVSS

3.9AI Score

0.002EPSS

2022-10-18 09:15 PM
266
8
cve
cve

CVE-2022-21618

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS

4.8AI Score

0.001EPSS

2022-10-18 09:15 PM
151
7
cve
cve

CVE-2009-0869

Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified...

8.4AI Score

0.025EPSS

2022-10-03 04:24 PM
19
cve
cve

CVE-2009-1178

Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command...

6.5AI Score

0.006EPSS

2022-10-03 04:23 PM
23
cve
cve

CVE-2010-4605

Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown...

6.3AI Score

0.0004EPSS

2022-10-03 04:21 PM
29
cve
cve

CVE-2010-4606

Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary...

7.8AI Score

0.024EPSS

2022-10-03 04:21 PM
19
cve
cve

CVE-2010-3058

The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified...

7.2AI Score

0.192EPSS

2022-10-03 04:20 PM
26
cve
cve

CVE-2010-3760

FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon...

6.6AI Score

0.004EPSS

2022-10-03 04:20 PM
22
cve
cve

CVE-2010-3059

Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified...

6.7AI Score

0.007EPSS

2022-10-03 04:20 PM
23
cve
cve

CVE-2010-3061

Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown...

6.7AI Score

0.004EPSS

2022-10-03 04:20 PM
17
cve
cve

CVE-2010-3761

Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-700. NOTE: this might overlap CVE-2010-3058 or...

7.4AI Score

0.192EPSS

2022-10-03 04:20 PM
23
cve
cve

CVE-2010-3060

Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown...

6.4AI Score

0.004EPSS

2022-10-03 04:20 PM
20
cve
cve

CVE-2015-7838

ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified...

7.5AI Score

0.012EPSS

2022-10-03 04:15 PM
24
cve
cve

CVE-2015-1565

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote...

5.9AI Score

0.001EPSS

2022-10-03 04:15 PM
21
cve
cve

CVE-2011-1223

Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified...

6.8AI Score

0.0004EPSS

2022-10-03 04:15 PM
25
cve
cve

CVE-2011-1222

Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified...

6.8AI Score

0.0004EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2007-2281

Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size...

7.5AI Score

0.206EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2007-2280

Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different...

7.7AI Score

0.965EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2022-34883

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to....

8.8CVSS

8.7AI Score

0.002EPSS

2022-09-06 07:15 AM
39
2
cve
cve

CVE-2022-34882

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows;...

9CVSS

6.3AI Score

0.001EPSS

2022-09-06 07:15 AM
30
2
cve
cve

CVE-2022-27618

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified...

6.8CVSS

6.1AI Score

0.001EPSS

2022-08-03 03:15 AM
36
3
Total number of security vulnerabilities595