CVE-2022-43936

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

CVE-2022-43936 Brocade Fabric OS switch passwords when debugging is enabled

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

CVE-2022-43936 Brocade Fabric OS switch passwords when debugging is enabled

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

Broadcom SANnav 日志信息泄露漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A log information disclosure vulnerability exists in Broadcom SANnav versions prior to 2.3.0 and 2.2.2, which stems from the recording of sensitive fields in logs when debugging is enabled, which could lead to t...

Broadcom SANnav 日志信息泄露漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A log information disclosure vulnerability exists in Broadcom SANnav versions prior to 2.2.2, which originates from logging Fabric OS switch passwords when debugging is enabled, which could lead to the disclosur...

Local File Inclusion (LFI)

symfony/runtime is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper handling of the argv values in non-SAPI PHP runtimes, where the registerargvargc directive is set to on, allowing attackers to craft query strings that modify the environment or debug settings used by...

CVE-2022-20648 Cisco Redundancy Configuration Manager Debug Information Disclosure Vulnerability

A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted. This vulnerability exists because of a debug service that...

CVE-2024-48970

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure...

Intel SDP Tool 安全漏洞

Intel SDP Tool is a server debugging and configuration tool from Intel Corporation USA. A security vulnerability exists in Intel SDP Tool that stems from incorrect default permissions. An attacker can exploit the vulnerability to elevate privileges...

kernel: cxl/region: Avoid null pointer dereference in region lookup

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxldpatoregion looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it...

SoftBank Mesh Wi-Fi router RP562B 安全漏洞

SoftBank Mesh Wi-Fi router RP562B is a router from SoftBank Japan. A security vulnerability exists in SoftBank Mesh Wi-Fi router RP562B version 1.0.2 and earlier, which stems from an active debugging code vulnerability that could allow an attacker to obtain or change the settings of the device...

gcc-toolset-14-dwz bug fix and enhancement update

An update is available for gcc-toolset-14-dwz. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dwz package contains a program that attempts to optimize DWARF...

Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...

ABB Cylon Aspect 3.08.01 Active Debug Data Exposure Vulnerability

ABB Cylon Aspect version 3.08.01 is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information. ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page:...

ABB Cylon Aspect 3.08.01 Active Debug Data Exposure

ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: 3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

This Week in Spring - October 22nd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring. I write this to you in an Uber speeding down the autobahn near Frankfurt, Germany. What a time to be alive! At the rate this driver's going, I won't have much time to write this before we've arrived, so let's dive right into...

CVE-2024-49884 ext4: fix slab-use-after-free in ext4_split_extent_at()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4splitextentat+0xba8/0xcc0 Read of...

CVE-2024-47735

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of spinlockirq/spinunlockirq when spinlockirqsave/spinlockirqrestore was hold. This was discovered through the lock debugging, and the corresponding log is a...