165 matches found
The vulnerability of fwupd, a daemon used for managing firmware updates in Linux-based systems, allows an attacker to access confidential information.
The vulnerability of fwupd for managing firmware updates in Linux-based systems is related to the storage of automatically generated passwords in /etc/fwupd/redfish.conf without proper restrictions. Exploiting this vulnerability allows a remote attacker to access confidential information...
Security Bulletin: This Power System update is being released to address CVE-2024-31916
Summary This affects the BMC's HTTPS-based Redfish interface. Note the BMC's web-based ASMI interface uses the Redfish interface. Vulnerability Details CVEID:CVE-2024-31916 DESCRIPTION: IBM OpenBMC's BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that...
fwupd: world readable password in /etc/fwupd/redfish.conf
A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
fwupd: world readable password in /etc/fwupd/redfish.conf
A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
RHEL 8 : fwupd (RHSA-2024:1106)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1106 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...
The vulnerability of the Redfish server of the MaxView Storage Manager allows a malicious individual to gain unauthorized access to the device.
The vulnerability of the Redfish server of the MaxView Storage Manager relates to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the device...
Dell iDRAC7 Incorrect Authorization (CVE-2018-15774)
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in th...
The vulnerability of the Redfish server of the storage manager MaxView on industrial computers SIMATIC IPC647E, SIMATIC IPC847E, and SIMATIC IPC1047E allows a perpetrator to gain unauthorized full access to the device.
The vulnerability of the Redfish server of the storage manager MaxView for industrial computers SIMATIC IPC647E, SIMATIC IPC847E, and SIMATIC IPC1047E is related to errors in processing input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized full...
CVE-2023-51438
A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...
CVE-2023-51438
A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...
CVE-2023-51438
A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...
CVE-2023-51438
A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...
CVE-2023-51438
CVE-2023-51438 affects Siemens SIMATIC IPC1047E, IPC647E, and IPC847E with maxView Storage Manager on Windows prior to 4.14.00.26068. The vulnerability arises from improper input validation in the Redfish remote-management context, enabling unauthorized access (impact: high confidentiality, integ...
CVE-2024-22216
In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...
CVE-2024-22216
In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...
Information disclosure
In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...
CVE-2024-22216
CVE-2024-22216 affects Microchip maxView Storage Manager (Adaptec Smart Storage Controllers). The vulnerability resides in the Redfish server handling in versions 3.00.23484 through 4.14.00.26064, with older builds prior to 3.07.23980 and 4.07.00.25339 also affected. The issue allows unauthorized...
CVE-2024-22216
In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...
CVE-2024-22216
In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...