CVE-2022-43867

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437...

IBM Spectrum Scale 操作系统命令注入漏洞

IBM Spectrum Scale is a suite of scalable data and file management solutions from International Business Machines IBM based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping customers reduce storage costs while improvin...

Security Bulletin: A vulnerability in IBM Spectrum Scale that could allow a local attacker which has access to the GUI pod can ssh to the core pods as a privileged user (CVE-2021-29708)

Summary A security vulnerability has been identified in IBM Spectrum Scale CNSA that could allow a local attacker which has access to the GUI pod can ssh to the core pods as a privileged user . A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2021-29708 DESCRIPTION: IBM...

CVE-2021-29671

CVE-2021-29671 affects IBM Spectrum Scale 5.1.0.1, where a local attacker could bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM’s bulletin confirms the affected product and provides a fix: upgrade to IBM Spectrum Scale 5.1.0.2 or later (FixCentral). No exploi...

Security Bulletin: A vulnerability in IBM Spectrum Scale allows to inject malicious content into log files (CVE-2020-4851)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale HDFS Transparency that could allow a local attacker to inject malicious content into log files. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4851 DESCRIPTION: IBM Spectrum...

Hybris Commerce Software Suite 5.x File Disclosure / Traversal

Advisory: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite During a penetration test, RedTeam Pentesting discovered a Directory Traversal vulnerability in hybris Commerce software suite. This vulnerability allows attackers to download arbitrary files of any size...

CVE-2012-1429

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway formerly Webwasher 2010.1C, and...

CVE-2010-3924

SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Aipo vulnerable to SQL injection

Overview Aipo contains SQL injection vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution...

JVN#50704770: Aipo vulnerable to SQL injection

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution Update the Software Update to the latest version...