EUVD-2022-29432

Malicious code in bioql PyPI...

CVE-2023-24064

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk...

CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

CVE-2023-33206

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk...

CVE-2023-24063

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk...

CVE-2023-28865

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories e.g., ensuring the expected hash sum during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who...

CVE-2023-24063

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk...

CVE-2023-33206

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk...

CVE-2023-24062

Diebold Nixdorf Vynamic Security Suite (VSS) is affected by CVE-2023-24062. The vulnerability arises from a failure to validate the directory structure of the root filesystem during Pre-Boot Authorization (PBA). Affected versions are VSS before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01. ...

CVE-2023-33206

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk...

CVE-2023-24063

CVE-2023-24063 affects Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 3.3.0 SR10. The root issue is failure to validate /etc/mtab during Pre-Boot Authorization (PBA), enabling a physical attacker who can alter the system disk contents to bypass or defeat the authorization process....

CVE-2023-24062

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents...

CVE-2023-40261

Diebold Nixdorf Vynamic Security Suite (VSS) is affected by CVE-2023-40261 due to failure to validate file attributes during Pre-Boot Authorization (PBA). Affected versions are VSS before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02. The underlying issue is improper validation o...

CVE-2023-24064

Diebold Nixdorf Vynamic Security Suite (VSS) is affected up to version 3.3.0 SR4. The vulnerability arises because /etc/initab is not validated during Pre-Boot Authorization, enabling a physical attacker with access to the disk to manipulate contents. Remediation is to upgrade to version 3.3.0 SR...

CVE-2023-24064

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk...

Low: udisks2 security and bug fix update

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks2: insecure defaults in user-accessible mount helpers allow for a DoS CVE-2021-3802 For more details about the security issues, including the impact,...

[SECURITY] Fedora 28 Update: udisks2-2.7.6-2.fc28

The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies...

Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems

A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate...