GHSA-W2H3-VVVQ-3M53 Pipelines do not validate child UIDs

Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs...

SICK EventCam 访问控制错误漏洞

SICK EventCam is an industrial photoelectric sensor from SICK. A security vulnerability exists in SICK EventCam that stems from a lack of API authentication, allowing an attacker to modify and access configuration settings on the program...

CVE-2023-34257

CVE-2023-34257 affects IBM BMC Patrol up to version 23.1.00. The agent’s configuration can be remotely modified, and by default authentication is not required. SNMP-related fields (e.g., masterAgentName, masterAgentStartLine) can trigger code execution when the agent restarts. Vendor note: authen...

PT-2023-24779 · Bmc · Bmc Patrol

Name of the Vulnerable Software and Affected Versions: BMC Patrol versions through 23.1.00 Description: An issue was discovered where the agent's configuration can be remotely modified, and by default, authentication is not required. Some configuration fields related to SNMP, such as...

CVE-2023-22913

A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...

Command injection

A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...

Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family (CVE-2012-6354)

Problem Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family CVE-2012-6354 Resolving The Problem Security Bulletin --- Summary --- Administrative access to the system via the GUI may be obtained without supplying proper credentials. Vulnerability...

CVE-2023-26358 Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability

Creative Cloud version 5.9.1 and earlier is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources...

The vulnerability of the MKLogic-500 PLI configuration protocol, due to deficiencies in the encryption algorithm, allows attackers to decrypt the configuration protocol and modify the device’s configuration.

The vulnerability of the MKLogic-500 PLB protocol lies in the transmission of information sufficient to recover encryption keys in an open form. Exploiting this vulnerability allows a malicious actor to decrypt the PLB protocol and modify the device’s configuration...

K30215839: F5 iRules vulnerability CVE-2019-6685

Security Advisory Description Users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution. CVE-2019-6685 Impact BIG-IP iRules manager roles are able to access data stored on other...

CVE-2022-34446

PowerPath Management Appliance with versions 3.3 & 3.2 contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges e.g., of role Monitoring can exploit this issue and gain access to sensitive information, and modify the configuration...

PT-2023-13406 · Dell · Powerpath Management Appliance

Name of the Vulnerable Software and Affected Versions: PowerPath Management Appliance versions 3.2 through 3.3 Description: The issue allows an authenticated remote user with limited privileges, such as those with the Monitoring role, to bypass authorization and gain access to sensitive...

Buffalo Trust Management Issue Vulnerability

Buffalo firmware is a network device from Buffalo, a Japanese company. Buffalo Wi-Fi devices are vulnerable to a trust management issue that stems from the use of hard-coded credentials, which can be exploited by an attacker on a neighboring network to modify the device's configuration...

Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family (CVE-2012-6354)

Abstract Administrative access to the system via the GUI may be obtained without supplying proper credentials. Content VULNERABILITY DETAILS CVEID: CVE-2012-6354 DESCRIPTION: The vulnerability can be exploited by a user with access to the system's management IP interface. If successful the user c...

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)

Abstract Administrative access to the system via the IP interface may be obtained without authentication. Content VULNERABILITY DETAILS: CVEID: CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 DESCRIPTION: The vulnerabilities can be exploited by a...

CVE-2022-37025

An improper privilege management vulnerability in McAfee Security Scan Plus MSS+ before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execute arbitrary...

CVE-2022-24025

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

CVE-2022-24013

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

CVE-2022-30997

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware...

McAfee Consumer Product Removal Tool 代码问题漏洞

McAfee Consumer Product Removal Tool is a McAfee, Inc. designed to completely remove McAfee Security products in order to reinstall or install different antivirus software. A code issue vulnerability exists in versions prior to McAfee Consumer Product Removal Tool 10.4.128, which stems from an...