1001 matches found
Dell SmartFabric OS10 Command Injection Vulnerability
Dell SmartFabric OS10 is a software-defined network operating system from Dell Networking, based on Linux and open source technologies, designed to enable flexible management and automated deployment of data center network resources. A command injection vulnerability exists in Dell SmartFabric...
Dell SmartFabric OS10 Command Injection Vulnerability (CNVD-2025-15191)
Dell SmartFabric OS10 is a software-defined network operating system from Dell Networking, based on Linux and open source technologies, designed to enable flexible management and automated deployment of data center network resources. Dell SmartFabric OS10 suffers from a command injection...
Avid NEXIS 安全漏洞
Avid NEXIS is a software-defined storage platform designed for media storage and management from Avid. It is used by media organizations to accelerate production, improve efficiency, and support co-production. A security vulnerability exists in Avid NEXIS versions prior to 2024.6.0 that stems fro...
Cross-Site Scripting (XSS)
dom-expressions is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the use of .replace with special replacement patterns $' or $\ in user-defined attributes of the Meta tag, allows an attackers can exploit this by injecting malicious payloads into meta tags, potentially...
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...
GHSA-HW62-58PR-7WC5 DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...
CVE-2024-6975
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34...
CVE-2024-6973
Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.3 Bug Fix Update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.17.3 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...
CVE-2024-9310
By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories RAs...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.13 Bug Fix Update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.13 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...
Privilege Escalation
github.com/openshift/must-gather is vulnerable to Privilege Escalation. The vulnerability is due to improper access controls and lack of validation in the MustGather.managed.openshift.io Custom Defined Resource CRD, which allows a non-privileged user to craft objects that misuse the most privileg...
CVE-2024-13058 Authenticated, non-admin users can create storage pools via the sifi API
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products such ...
CVE-2024-13058
CVE-2024-13058 affects SoftIron HyperCloud and related software (e.g., VM Squared) versions 2.3.0 up to but before 2.5.0. The issue allows authenticated, non-admin users to create data pools, potentially impacting the performance and availability of the backend software-defined storage subsystem....
TeamPass 安全漏洞
TeamPass is an open source password manager from the individual developer Nils Laumaillé. A security vulnerability exists in versions prior to TeamPass 3.1.3.1, which stems from the inability to properly check whether a folder is located in an administrator-defined list of user-allowed folders wh...
CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code
Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...
PT-2024-35695 · Rizin · Rizin
Name of the Vulnerable Software and Affected Versions: Rizin versions prior to 0.7.4 Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. A code snippet in rizin.c suffered a command injection due to the usage of rz core cmdf to invoke the command m which was...
CVE-2024-55554
Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet...
BIT-NODE-MIN-2023-39331
A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...
CVE-2024-55554
Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. Affected component: portal server web UI; root cause: input in portlet not properly sanitized. Impact: cross-site scripting with network access, requiring user interaction; CVSSv3.1 base score 5.4 (MEDIUM). Remediation: up...