CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

Code injection

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

CVE-2023-28089

CVE-2023-28089 affects HPE OneView appliances. Affected component: the OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Root cause details are not provided in the supplied documents. Impact stated: exposure of FTP credentials; CVSS metrics indicate high confidenti...

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

PT-2023-21548 · Hewlett Packard · Hpe Oneview

Name of the Vulnerable Software and Affected Versions: HPE OneView affected versions not specified Description: The issue concerns an HPE OneView appliance dump that may expose FTP credentials for c7000 Interconnect Modules. Recommendations: At the moment, there is no information about a newer...

cc.zhaoac:faith-core-boot (>=1.0.0 <=1.0.1), cc.zhaoac:faith-core-launch (>=1.0.0 <=1.0.1) +1019 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.7.0 <=2.7.10)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.7.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0 - cc.zhaoac:faith-tool-boot =1.1.0 - cc.zhaoac:faith-tool-common =1.1.0 - cc.zhaoac:faith-tool-launch =1.1.0 - cc.zhaoac:faith-tool-log =1.1.0 -...

DRUPAL-CORE-2023-005

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

CVE-2023-30547

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...

Code injection

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...

CVE-2023-30547 Sandbox Escape in vm2

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...

CVE-2023-30547 Sandbox Escape in vm2

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...

Node.js: Dependency Policy Bypass via process.binding

The use of the deprecated API process.binding allowed for the bypassing of the policy mechanism in Node.js, potentially enabling the execution of arbitrary code outside the defined limits in a policy.json file. This vulnerability affected all users utilizing the experimental policy feature in...

Design/Logic Flaw

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentia...

CVE-2023-24509 On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentia...

Siemens SCALANCE M-800 & S615 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-2016-7090)

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. This...

NewStart CGSL CORE 5.05 / MAIN 5.05 : rsyslog Vulnerability (NS-SA-2023-0028)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is use...

Metasploit Weekly Wrap-Up

The tide rolls in and out. The flood of new modules last week crested leaving ample time for documentation updates this week. The team and the community seem to have focused on getting those sweet sprinkles of information that help everyone understand Metasploit out to the world. Enhancements and...

CVE-2023-29017 vm2 Sandbox Escape vulnerability

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code...