EUVD-2022-29673

Malicious code in bioql PyPI...

CVE-2022-29277

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.00...

Debian DLA-2980-1 : zabbix - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2980 advisory. Several security vulnerabilities have been discovered in zabbix, a network monitoring solution. An authenticated user can create a link with reflected Javascript...

CVE-2022-24918

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all th...

CVE-2022-24919

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all t...

CVE-2022-24349

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...

CVE-2022-24349

CVE-2022-24349: In Zabbix, an authenticated user can create a hosts group with a stored XSS payload that becomes available to other users. When users search groups (and similar vectors described in the Debian/SUSE advisories), the XSS payload can execute in the victim’s browser, enabling actions ...

PT-2022-6479 · Zabbix +2 · Zabbix +2

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to the lack of protection of the web page structure in Zabbix. An authenticated user can create a link with reflected Javascript code for the items' page and send it to...

CVE-2020-8030

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

Design/Logic Flaw

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

CVE-2020-8030 skuba: Insecure /tmp usage when joining node to cluster

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

CVE-2020-8030

CVE-2020-8030 affects SUSE CaaS Platform 4.5, specifically the scuba/skuba join workflow that uses insecure temporary files in /tmp. The root cause is insecure handling of temporary files, enabling a local attacker to leak the bootstrapToken or modify the configuration file before it is processed...

Micro Focus SUSE CaaS Platform Security Vulnerability

A security vulnerability exists in SUSE CaaS Platform that stems from enabling a local attacker to leak a bootstrapToken or modify a configuration file before processing it, leading to arbitrary modifications to a computer/cluster...

Cobham plc EXPLORER 710 has an unspecified vulnerability (CNVD-2019-35795)

The Cobham plc EXPLORER 710 is a portable satellite terminal from Cobham plc, UK. It provides features such as satellite communications and Internet access. A security vulnerability exists in the web application portal in the Cobham plc EXPLORER 710 using firmware version 1.07, which stems from t...

Code injection

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected...

CVE-2017-3198 GIGABYTE BRIX UEFI firmware is not cryptographically signed

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected...

CVE-2001-0047

The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server MTS packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities...