CVE-2024-46622

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion...

Dell PowerStore Parameter Injection Vulnerability

Dell PowerStore is a scalable all-flash array storage from Dell USA. The Dell PowerStore suffers from a parameter injection vulnerability that originates from improper parameter delimiter neutralization, which can be exploited by an attacker to modify arbitrary system files...

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2024-51532

CVE-2024-51532 affects Dell PowerStore with a vulnerability described as improper neutralization of argument delimiters (parameter injection). The issue can be exploited by a low-privilege attacker with local access to modify arbitrary system files, tied to the PowerStore component handling comma...

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

PT-2024-34696 · Dell · Dell Powerstore

Name of the Vulnerable Software and Affected Versions: Dell PowerStore affected versions not specified Description: The issue is related to an Improper Neutralization of Argument Delimiters in a Command, also known as 'Argument Injection'. This could allow an attacker with low privileges and loca...

Dell PowerStore 参数注入漏洞

Dell PowerStore is a scalable all-flash array storage from Dell USA. The Dell PowerStore suffers from a parameter injection vulnerability that originates from improper parameter delimiter neutralization, which can be exploited by an attacker to modify arbitrary system files...

CVE-2024-31892 IBM Storage Scale SQL injection

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements...

CVE-2024-31892 IBM Storage Scale SQL injection

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements...

Cisco NX-OS Permissions, Privileges, and Access Controls (CVE-2012-4121)

Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed 1 r and 2 w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

ansible-core: Ansible-core user may read/write unauthorized content

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

ansible-core Incorrect Authorization vulnerability

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-44252

Summary: CVE-2024-44252 describes a logic issue in Apple's backup/file handling that could allow restoration of a maliciously crafted backup to modify protected system files. The vulnerability is addressed in Apple security updates across multiple platforms, with fixes in iOS 18.1, iPadOS 18.1, i...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44258

CVE-2024-44258 affects Apple’s ManagedConfiguration framework and the profiled daemon. The issue arises during backup restoration when the destination path’s symlink status is not validated, potentially allowing written files to migrate into restricted, protected areas and modify system files. A ...

About the security content of tvOS18.1

About the security content of tvOS18.1 This document describes the security content of tvOS 18.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Rece...

The vulnerability of the Manage Bank Statement Handler component of the SAP S/4HANA software platform allows a malicious individual to gain access to modify or delete files.

The vulnerability of the Manage Bank Statement Handler component in the SAP S/4HANA software platform is related to the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify...

Command Block IDE 安全漏洞

Command Block IDE is a command line program for arm32x personal developers. A security vulnerability exists in Command Block IDE version 0.4.9 and earlier, which stems from a lack of authorization and allows any user to modify the function file used by the game when installed on a dedicated serve...

PT-2024-42: Insufficient authorization in MediaCMS

The vulnerability was identified in MediaCMS, versions 4.1.0. The discovered vulnerability can be exploited by an authorized attacker to delete any directory in the file system knowing its absolute path, as well as substitute the contents of any user file. Vulnerability status: Confirmed by vendo...