Lucene search
K

392 matches found

CVE
CVE
added 2026/04/10 12:0 a.m.9 views

CVE-2026-23782

The CVE-2026-23782 affects BMC Control-M/MFT 9.0.20–9.0.22. An API management endpoint can be accessed without authentication to disclose an API identifier and its secret, enabling invocation of privileged API operations and potential unauthorized access. The issue is documented across multiple s...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.5 views

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities stemmed from API management endpoints that...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input validation in the...

8.8CVSS6.3AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 12:0 a.m.29 views

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

0.00401EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 12:0 a.m.5 views

CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

5.8AI score0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 12:0 a.m.1 views

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

6.2AI score0.00401EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31937

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

5.8AI score0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 12:0 a.m.3 views

CVE-2026-23781

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

5.8AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 12:0 a.m.32 views

CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.10 views

PT-2026-31922

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

5.8AI score0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 12:0 a.m.9 views

CVE-2026-23781

CVE-2026-23781 affects BMC Control-M/MFT 9.0.20–9.0.22. A set of default debug user credentials is hardcoded in cleartext in the application package, and, if unchanged, could be obtained to gain unauthorized access to the MFT API debug interface. The CVSS v3.1 base score is 9.8 (CRITICAL) with ne...

9.8CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: A integer overflow has been fixed in the rununpack function. The MFT record relative to the file being opened contains its runlist, an array containing information about the file’s location on the physical disk. Analys...

6.2AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.4 views

PT-2025-54290

3/ Cl0p gang exploits vulnerabilities like CVE-2023-22962 in GoAnywhere MFT. Their focus on data exfiltration has impacted global companies. Cl0p InfoSec...

7.1AI score
Exploits0References1
EUVD
EUVD
added 2025/12/30 3:30 p.m.6 views

EUVD-2022-55857

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...

5.9AI score0.00217EPSS
Exploits0References5
OSV
OSV
added 2025/12/30 1:15 p.m.11 views

UBUNTU-CVE-2022-50841

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...

5.8AI score0.00217EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/12/30 1:15 p.m.6 views

CVE-2022-50841

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...

5.8AI score0.00217EPSS
Exploits0References6
OSV
OSV
added 2025/12/30 12:10 p.m.4 views

CVE-2022-50841 fs/ntfs3: Add overflow check for attribute size

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...

6.3AI score0.00217EPSS
Exploits0References7
CVE
CVE
added 2025/12/30 12:10 p.m.19 views

CVE-2022-50841

CVE-2022-50841 affects the Linux kernel, specifically ntfs3 attribute-size handling. The vulnerability arises from an overflow when adding offset during MFT attribute parsing, allowing an attribute with a very large size (e.g., 0xffffff7f) to bypass the used-size check and potentially trigger out...

6AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.7 views

PT-2025-53959

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0+ Description The Linux kernel contained a flaw in the NTFS3 file system implementation. A calculation involving attribute sizes could result in an integer overflow, potentially leading to out-of-bounds...

6.4AI score0.00217EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/12/25 12:56 a.m.7 views

SUSE CVE-2023-54077

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...

6.5AI score0.00175EPSS
Exploits0References3
Rows per page
Query Builder