CVE-2023-34421

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...

CVE-2023-34421

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...

CVE-2023-34421

CVE-2023-34421 affects Lenovo XClarity Administrator (LXCA). An authenticated LXCA user with elevated privileges can potentially replace filesystem data via a specially crafted web API call due to insufficient input validation. CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H (base score 6.5). Explo...

PT-2023-24868 · Lenovo · Lenovo Xclarity Administrator

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator LXCA affected versions not specified Description: The issue allows a valid, authenticated LXCA user with elevated privileges to potentially replace filesystem data through a specifically crafted web API call due ...

kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL

A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them...

CVE-2021-34733

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive...

CVE-2021-36008

Adobe Illustrator version 25.2.3 and earlier is affected by an Use-after-free vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue...