52 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Media: Staging: Zoran: Calculate the correct buffer number for zoranreapstatcom. When tmpdcim=1, the index of the buffer is calculated incorrectly. This can lead to a NULL pointer derefrence later on. Therefore, we need to correc...
PT-2026-22426
Name of the Vulnerable Software and Affected Versions openDCIM versions through 23.04 commit 4467e9c4 Description The software contains a SQL injection issue in the Config::UpdateParameter function. The install.php and container-install.php handlers directly incorporate user-provided input into S...
CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...
CVE-2025-66238
CVE-2025-66238 affects Sunbird DCIM dcTrack. An authenticated user with access to the appliance’s virtual console can misuse remote access features to redirect network traffic, potentially accessing restricted services or data on the host. The Red Hat/NVD/CISA entries corroborate a high-severity ...
CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...
CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-338-01 Mitsubishi Electric GX Works2 ICSA-25-338-02 MAXHUB Pivot ICSA-25-338-03 Johnson Controls OpenBlue...
Sunbird DCIM dcTrack 信任管理问题漏洞
Sunbird DCIM dcTrack is an asset monitoring management software from Sunbird DCIM, Inc. A trust management issue vulnerability exists in Sunbird DCIM dcTrack that stems from the use of default and hard-coded credentials, which could lead to database management or system command execution...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988731)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988731 advisory. In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoranreapstatcom On the case...
CVE-2025-10253 openDCIM SVG File uploadifive.php cross site scripting
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2024-37776
A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...
CVE-2024-37774
A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...
CVE-2024-37773
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...
CVE-2024-37776
A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...
CVE-2024-37774
A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...
CVE-2024-37775
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check...
CVE-2024-37773
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...
CVE-2024-37775
Sunbird DCIM dcTrack 9.1.2 contains an access-control flaw that allows an attacker to create or update a ticket with a location while bypassing RBAC checks. The issue is documented across multiple sources (Red Hat and NVD/CNNVD entries) with the same vulnerability description: faulty access contr...
CVE-2024-37774
A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...
CVE-2024-37773
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...