6334 matches found
Command injection
Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system...
Path traversal
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory...
CVE-2022-34375
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory...
CVE-2022-34375
Summary: Dell Container Storage Modules 1.2 contains a path traversal vulnerability in the goiscsi and gobrick libraries. A remote authenticated attacker with low privileges could exploit this to gain unintentional access to paths outside of restricted directories. What’s affected: Dell Container...
CVE-2022-34374
Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system...
CVE-2022-34374
CVE-2022-34374 affects Dell Container Storage Modules (version 1.2). The vulnerability is an OS command injection in the goiscsi and gobrick libraries, caused by improper handling/validation of constructed commands. A remote authenticated attacker with low privileges could exploit this to execute...
Dell Container Storage Modules 操作系统命令注入漏洞
Dell Container Storage Modules is a set of modules from Dell USA. Dell Container Storage Modules version 1.2 contains an operating system command injection vulnerability, which stems from a failure to properly filter constructed command special characters, commands, etc. in the goiscsi and gobric...
PT-2022-22151 · Dell · Dell Container Storage Modules
Name of the Vulnerable Software and Affected Versions: Dell Container Storage Modules version 1.2 Description: The issue is related to an OS command injection in the goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this, leading to the executi...
PT-2022-22152 · Dell · Dell Container Storage Modules
Name of the Vulnerable Software and Affected Versions: Dell Container Storage Modules version 1.2 Description: The issue is related to a path traversal vulnerability in the goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this, leading to...
Ubuntu: Security Advisory (USN-346-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-377-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MAL-2022-1420 Malicious code in babelllugintransformes2015modulescommonjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85a16e3db18168e71a2eeec8f9190a55ae782642089ef8b41719535a6a434a82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-35113
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swfDefineLosslessBitsTagToImage at /modules/swfbits.c...
DEBIAN-CVE-2022-2503
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...
AZL-10559 CVE-2022-2503 affecting package kernel for versions less than 5.15.67.1-4
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...
CVE-2022-2503
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...
UBUNTU-CVE-2022-2503
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...
CVE-2022-2503
CVE-2022-2503 affects Linux kernels using Dm-verity/LoadPin. A device-mapper table reload can swap the target to an equivalent dm-linear target, bypassing verification until reboot and allowing root to load untrusted/unsigned kernel modules and firmware. This can enable arbitrary kernel execution...
Google Dm-verity 授权问题漏洞
Google Dm-verity is a root filesystem used to extend the root of trust to multiple distributions by Google, USA. A security vulnerability exists in Google Dm-verity. An attacker could use this vulnerability to bypass LoadPin and load untrusted and unverified kernel modules and firmware...
CVE-2022-2503 Linux Kernel LoadPin bypass via dm-verity table reload
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...