CVE-2024-46916

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file. This can allow code execution and, ...

PT-2025-35243

Name of the Vulnerable Software and Affected Versions: Diebold Nixdorf Vynamic Security Suite versions through 4.3.0 SR01 Description: Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of the /root directory during integrity validation. Th...

CVE-2024-46917

The CVE-2024-46917 entry concerns Diebold Nixdorf Vynamic Security Suite up to version 4.3.0 SR01. The vulnerability arises because integrity validation does not validate file attributes or the contents of the /root directory, enabling malicious actions. Reported impact includes code execution, r...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot (CVE-2019-1589)

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key

It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption...

CVE-2019-1589

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

PT-2019-4929 · Ceph +3 · Ceph +3

Name of the Vulnerable Software and Affected Versions: Ceph versions prior to 13.2.4 Description: The issue is related to an authorization procedure error in the Ceph storage system. This error can be exploited by a remote attacker to gain unauthorized access to dm-crypt encryption keys used in...

QNAP crypto keys logged on unencrypted disk partition in world accessible files

Affected devices: ================= Probably all QNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804. Verified on TS-453S Pro and TVS-471, both with Firmware 4.1.4 Build 0522. Probably fixed with Firmware 4.1.4 Build 0804 incriminating message gone, thou...