392 matches found
CVE-2026-23782
The CVE-2026-23782 affects BMC Control-M/MFT 9.0.20–9.0.22. An API management endpoint can be accessed without authentication to disclose an API identifier and its secret, enabling invocation of privileged API operations and potential unauthorized access. The issue is documented across multiple s...
BMC Control-M/MFT 安全漏洞
BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities stemmed from API management endpoints that...
BMC Control-M/MFT 安全漏洞
BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input validation in the...
CVE-2026-23780
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...
CVE-2026-23782
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...
CVE-2026-23780
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...
PT-2026-31937
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...
CVE-2026-23781
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...
CVE-2026-23782
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...
PT-2026-31922
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...
CVE-2026-23781
CVE-2026-23781 affects BMC Control-M/MFT 9.0.20–9.0.22. A set of default debug user credentials is hardcoded in cleartext in the application package, and, if unchanged, could be obtained to gain unauthorized access to the MFT API debug interface. The CVSS v3.1 base score is 9.8 (CRITICAL) with ne...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: A integer overflow has been fixed in the rununpack function. The MFT record relative to the file being opened contains its runlist, an array containing information about the file’s location on the physical disk. Analys...
PT-2025-54290
3/ Cl0p gang exploits vulnerabilities like CVE-2023-22962 in GoAnywhere MFT. Their focus on data exfiltration has impacted global companies. Cl0p InfoSec...
EUVD-2022-55857
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...
UBUNTU-CVE-2022-50841
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...
CVE-2022-50841
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...
CVE-2022-50841 fs/ntfs3: Add overflow check for attribute size
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...
CVE-2022-50841
CVE-2022-50841 affects the Linux kernel, specifically ntfs3 attribute-size handling. The vulnerability arises from an overflow when adding offset during MFT attribute parsing, allowing an attribute with a very large size (e.g., 0xffffff7f) to bypass the used-size check and potentially trigger out...
PT-2025-53959
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0+ Description The Linux kernel contained a flaw in the NTFS3 file system implementation. A calculation involving attribute sizes could result in an integer overflow, potentially leading to out-of-bounds...
SUSE CVE-2023-54077
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...