CVE-2021-3478

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability...

CVE-2020-26192

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISIPRIVLOGINCONSOLE or ISIPRIVLOGINSSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no...

Privilege escalation

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISIPRIVJOBENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service...

Privilege escalation

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISIPRIVLOGINCONSOLE or ISIPRIVLOGINSSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no...

CVE-2020-26192

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISIPRIVLOGINCONSOLE or ISIPRIVLOGINSSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no...

CVE-2020-26192

Dell EMC PowerScale OneFS versions 8.2.0–9.1.0 contain a local privilege-escalation vulnerability. A non-admin user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH could potentially read arbitrary data, tamper with system software, or cause a denial of service. Affected products/versions and pr...

Cisco Firepower System Software Detection Engine DoS (cisco-sa-20181003-fp-smb-snort)

According to its self-reported version, Cisco FTD Software is affected by a Denial of Service DoS vulnerability within the Server Message Block Version 2 SMBv2 and Version 3 SMBv3 protocol implementation due to incorrect header validation. An an unauthenticated, remote attacker can cause the devi...

Denial of Service Vulnerability in ZDCC VisualField VFRemoteCmdImpl.dll Component

VisualField VF for short system software is a software package for control system configuration and monitoring for the ECS-700 system. A denial-of-service vulnerability exists in the VisualField VFRemoteCmdImpl.dll component of ZDCC, which can be exploited by an attacker to cause the RPC service ...

CVE-2020-3517

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service DoS condition on an affected device. The attack vector is configuration dependent and...

CVE-2020-3234

A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated but low-privileged, local attacker to log in to the Virtual...

CVE-2019-19339

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure...

Amazon Linux 2 : kernel (ALAS-2019-1366)

A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : linux-firmware Vulnerability (NS-SA-2019-0204)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has linux-firmware packages installed that are affected by a vulnerability: - Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android version...

Hardcoded credentials

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system...

CVE-2019-12697 Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2019-12696

Cisco Firepower System Software Detection Engine contains bypass vulnerabilities that allow an unauthenticated, remote attacker to bypass Malware and File Policies for RTF and RAR file types. The issue is addressed by Cisco in a security advisory with software updates; apply the relevant firmware...

Dell Computer comes with system software, SupportAssist presence of a RCE vulnerability-vulnerability warning-the black bar safety net

! You use the computer what is the brand? You have on your computer system pre-installed or comes with the security of the software produced a suspect? When we talk about remote code execution vulnerability, RCE, may most people would think of it andoperating systemvulnerabilities, but there is n...

Hard-Coded Vulnerability in Telecommunications Science and Technology No.1 Institute's In-vehicle Surveillance System Software

The First Institute of Telecommunications Science and Technology hereinafter referred to as "Telecom One" is a national professional research institute in the field of communications in China, and is now one of the core enterprises of the Institute of Telecommunications Science and Technology ITS...

Linux: SELinux policy configuration

Security Enhanced Linux SELinux use the Linux Security Modules and provides Mandatory Access Control MAC. A MAC kernel protects the system from malicious apps. The SELinux policy is a set of rules that guide SELinux. The default targeted policy constraints daemons and system software only...

WebKit Assertion Failure Vulnerability in Multiple Apple Products (CNVD-2019-04706)

Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...