Dell PowerStore 参数注入漏洞

Dell PowerStore is a scalable all-flash array storage from Dell USA. The Dell PowerStore suffers from a parameter injection vulnerability that originates from improper parameter delimiter neutralization, which can be exploited by an attacker to modify arbitrary system files...

PT-2024-34696 · Dell · Dell Powerstore

Name of the Vulnerable Software and Affected Versions: Dell PowerStore affected versions not specified Description: The issue is related to an Improper Neutralization of Argument Delimiters in a Command, also known as 'Argument Injection'. This could allow an attacker with low privileges and loca...

CVE-2024-31892 IBM Storage Scale SQL injection

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements...

CVE-2024-31892 IBM Storage Scale SQL injection

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements...

Cisco NX-OS Permissions, Privileges, and Access Controls (CVE-2012-4121)

Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed 1 r and 2 w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

ansible-core: Ansible-core user may read/write unauthorized content

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

ansible-core Incorrect Authorization vulnerability

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-44252

Summary: CVE-2024-44252 describes a logic issue in Apple's backup/file handling that could allow restoration of a maliciously crafted backup to modify protected system files. The vulnerability is addressed in Apple security updates across multiple platforms, with fixes in iOS 18.1, iPadOS 18.1, i...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44258

CVE-2024-44258 affects Apple’s ManagedConfiguration framework and the profiled daemon. The issue arises during backup restoration when the destination path’s symlink status is not validated, potentially allowing written files to migrate into restricted, protected areas and modify system files. A ...

About the security content of tvOS18.1

About the security content of tvOS18.1 This document describes the security content of tvOS 18.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Rece...

The vulnerability of the Manage Bank Statement Handler component of the SAP S/4HANA software platform allows a malicious individual to gain access to modify or delete files.

The vulnerability of the Manage Bank Statement Handler component in the SAP S/4HANA software platform is related to the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify...

Command Block IDE 安全漏洞

Command Block IDE is a command line program for arm32x personal developers. A security vulnerability exists in Command Block IDE version 0.4.9 and earlier, which stems from a lack of authorization and allows any user to modify the function file used by the game when installed on a dedicated serve...

PT-2024-42: Insufficient authorization in MediaCMS

The vulnerability was identified in MediaCMS, versions 4.1.0. The discovered vulnerability can be exploited by an authorized attacker to delete any directory in the file system knowing its absolute path, as well as substitute the contents of any user file. Vulnerability status: Confirmed by vendo...

PYSEC-2024-248

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...

DEBIAN-CVE-2024-9407

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

The vulnerability of the Gogs self-managed Git repository creation software lies in its use of files and directories accessible from external parties, allowing a malicious actor to delete or modify any files they wish.

The vulnerability of the Gogs self-managed Git repository creation software relates to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a malicious actor to delete or modify any files at will...

CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

CVE-2024-39916

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the...

CVE-2024-39546

A Missing Authorization vulnerability in the Socket Intercept SI command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privile...