Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family (CVE-2012-6354)

Problem Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family CVE-2012-6354 Resolving The Problem Security Bulletin --- Summary --- Administrative access to the system via the GUI may be obtained without supplying proper credentials. Vulnerability...

CVE-2023-26358 Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability

Creative Cloud version 5.9.1 and earlier is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources...

K30215839: F5 iRules vulnerability CVE-2019-6685

Security Advisory Description Users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution. CVE-2019-6685 Impact BIG-IP iRules manager roles are able to access data stored on other...

CVE-2022-34446

PowerPath Management Appliance with versions 3.3 & 3.2 contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges e.g., of role Monitoring can exploit this issue and gain access to sensitive information, and modify the configuration...

PT-2023-13406 · Dell · Powerpath Management Appliance

Name of the Vulnerable Software and Affected Versions: PowerPath Management Appliance versions 3.2 through 3.3 Description: The issue allows an authenticated remote user with limited privileges, such as those with the Monitoring role, to bypass authorization and gain access to sensitive...

Buffalo Trust Management Issue Vulnerability

Buffalo firmware is a network device from Buffalo, a Japanese company. Buffalo Wi-Fi devices are vulnerable to a trust management issue that stems from the use of hard-coded credentials, which can be exploited by an attacker on a neighboring network to modify the device's configuration...

Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family (CVE-2012-6354)

Abstract Administrative access to the system via the GUI may be obtained without supplying proper credentials. Content VULNERABILITY DETAILS CVEID: CVE-2012-6354 DESCRIPTION: The vulnerability can be exploited by a user with access to the system's management IP interface. If successful the user c...

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)

Abstract Administrative access to the system via the IP interface may be obtained without authentication. Content VULNERABILITY DETAILS: CVEID: CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 DESCRIPTION: The vulnerabilities can be exploited by a...

CVE-2022-37025

An improper privilege management vulnerability in McAfee Security Scan Plus MSS+ before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execute arbitrary...

CVE-2022-24025

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

CVE-2022-24013

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

CVE-2022-30997

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware...

McAfee Consumer Product Removal Tool 代码问题漏洞

McAfee Consumer Product Removal Tool is a McAfee, Inc. designed to completely remove McAfee Security products in order to reinstall or install different antivirus software. A code issue vulnerability exists in versions prior to McAfee Consumer Product Removal Tool 10.4.128, which stems from an...

Carrier LenelS2 HID Mercury access panels

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier LenelS2 Equipment: HID Mercury access panels sold by LenelS2 Vulnerabilities: Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, OS Command Injection 2...

Improper Input Validation in Jenkins

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without...

Design/Logic Flaw

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated...

CVE-2020-14504

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings...

Caldera Access Control Error Vulnerability (CNVD-2022-08044)

Caldera is a suite of software from Caldera France that provides color management, imaging and processing solutions for printer devices. Caldera suffers from an Access Control Error vulnerability in version 2.8.1 and earlier, which stems from the software's failure to properly segregate user...

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of...

CVE-2021-40112

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol i...