SUSE CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

SUSE CVE-2022-21296

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

The vulnerability of the SAP NetWeaver AS for Java software platform, related to access control deficiencies, allows an intruder to gain read-only access to data.

The vulnerability of the SAP NetWeaver AS for Java software platform is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data...

UBUNTU-CVE-2021-21200

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chrome security severity: Low...

CVE-2022-23536

A local file inclusion vulnerability exists in Cortex. This issue could allow a malicious actor to remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API...

cortex 安全漏洞

cortex is a software application. It provides horizontally scalable, high-availability, multi-tenant long-term storage. A security vulnerability exists in cortex versions 1.13.0, 1.13.1, and 1.14.0. An attacker exploits the vulnerability to remotely read local files by parsing a maliciously...

PT-2022-6765 · 3S Smart Software Solutions · Codesys

Name of the Vulnerable Software and Affected Versions: CODESYS products affected versions not specified Description: The issue is related to insufficient input validation, allowing an unauthorized, remote attacker to read from invalid addresses, leading to a denial of service. This can be exploit...

PT-2022-6786 · Google +1 · Blink +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 108.0.5359.71 Description: The issue is related to an inappropriate implementation in Blink, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. This is due to a use-after-free...

CVE-2022-31255

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files...

SUSE Linux Enterprise Server 路径遍历漏洞

SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from SUSE Germany. A path traversal vulnerability exists in SUSE Linux Enterprise Server. A remote attacker could use this vulnerability to read the files of a user running a process. The following produc...

PT-2022-5168 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.29 and prior Description: The issue exists due to insufficient input validation in the MySQL Server's encryption component. This allows a remote attacker to disclose protected...

CVE-2022-27620

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors...

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and backup protection of environmental data such as metadata and virtual environments. A security...

OpenJDK: class compilation issue (Hotspot, 8281859)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

OpenJDK: class compilation issue (Hotspot, 8281859)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

OpenJDK: class compilation issue (Hotspot, 8281859)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

The vulnerability of the SEPCOS Single Package control and protection system, allowing a hacker to read confidential files and write to remotely executable directories.

The vulnerability of the SEPCOS Single Package control system, a microcontroller-based control system for security and protection devices, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to remotely read confidential files and write to remotely...

Improper path sanitization allows remote read of sensitive system resources

In pufferpanel/files.go there is an EnsureAccess method that accepts a source string and prefix argument. This function attempts to validate that the path being requested is within the scope of the server's operating directory. However, there is a logic bug in this function that improperly passes...

CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

Secheron SEPCOS Control and Protection Relay 访问控制错误漏洞

The Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.The Secheron SEPCOS Control and Protection Relay is vulnerable to a...