48 matches found
CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-9843
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service...
CVE-2024-9843
CVE-2024-9843 is a buffer over-read in Ivanti Secure Access Client prior to 22.7R4 that allows a local unauthenticated attacker to cause a denial of service. Connected sources confirm the issue affects Ivanti Secure Access Client and note the vulnerability is addressed by upgrading to version 22....
CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-25969
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service...
CVE-2024-25969
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service...
PT-2024-3634 · Dell · Dell Powerscale Onefs
Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 Description: The issue is related to an allocation of resources without limits or throttling, which could be exploited by a local unauthenticated attacker to cause a denial of service...
PT-2023-9323 · Dell · Dell Bsafe Crypto-C Micro Edition +1
Name of the Vulnerable Software and Affected Versions: Dell BSAFE Crypto-C Micro Edition version 4.1.5 Dell BSAFE Micro Edition Suite versions 4.0 through 4.6.1 Dell BSAFE Micro Edition Suite version 5.0 Description: The issue is related to an Out-of-bounds Read vulnerability and integer overflow...
Information Disclosure
sosreport is vulnerable to information disclosure. A local unauthenticated attacker is able to gain access to RHV admin passwords due to the flawed business logic in postproc function in ovirt.py...
CVE-2022-0686
An authorization bypass flaw was found in url-parse. While submitting a URL, a local unauthenticated attacker can add a trailing colon :, but omit the port number. This issue enables an open redirect that allows the exposure of sensitive information or spamming of infrastructure outside the...
CVE-2022-0691
An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add a backspace character \b while submitting a URL. This vulnerability can enable bypassing any hostname checks...
CVE-2021-36315
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity...
CVE-2021-36315
CVE-2021-36315 affects Dell EMC PowerScale Nodes due to a hardware design flaw that can allow a local unauthenticated user to escalate privileges. The vulnerability also impacts Compliance mode clusters, where it is listed as critical. CVSSv3.1 vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with a b...
CVE-2021-36315
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity...
CVE-2021-21587
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders...
Path traversal
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders...
CVE-2021-21587
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders...
CVE-2021-21536
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information...
CVE-2021-21537
Dell Hybrid Client exposes an information disclosure vulnerability in versions prior to 1.5. An attacker with local access (no authentication) could view and exfiltrate sensitive data from the system. Affected product: Dell Hybrid Client (prior to 1.5). Root cause: information exposure in the cli...