PT-2024-23572 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: A issue was discovered that allows remote attackers to cause a denial of service DoS in the ROS2 nodes. Recommendations: For ROS2 Galactic Geochelone versio...

PT-2024-23549 · Unknown · Ros Melodic Morenia

Name of the Vulnerable Software and Affected Versions: ROS Melodic Morenia versions where ROS VERSION is 1 and ROS PYTHON VERSION is 3 Description: An unauthorized access issue has been discovered, potentially allowing a malicious user to gain unauthorized information access to multiple ROS nodes...

PT-2024-10098 · Drupal · Node Access Rebuild Progressive

Name of the Vulnerable Software and Affected Versions: Node Access Rebuild Progressive versions 7.X-1.0 through 7.X-1.2 Description: The issue is related to improper ownership management in Node Access Rebuild Progressive, allowing target influence via framing. This can be exploited by a remote...

Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010

This module provides an alternative mean of rebuilding the Content Access table. The module doesn't sufficiently reset the state of content access when the module is uninstalled...

PT-2024-10354 · Drupal · Node Access Rebuild Progressive

Name of the Vulnerable Software and Affected Versions: Node Access Rebuild Progressive versions 0.0.0 through 2.0.1 Node Access Rebuild Progressive version prior to 2.0.2 can be simplified to the above range, so it is omitted to avoid duplication. Description: The issue is related to improper...

ADM DR Node Only Accessible by Default Username/Password

The nsroot password that is configured on our Primary/Secondary ADM hosts did not appear to be replicated to the DR node. When accessing the DR node over the VSphere console we can only log into it with the default nsrecover/nsroot username/password. If I update the password for the nsroot and...

DRUPAL-CONTRIB-2023-018

This module provides social media share & follow buttons. The module doesn't sufficiently check access to a node when retrieving the label of an AddToAny block. This vulnerability is mitigated by the fact it requires the node ID to be passed via the route, requiring another module or specific...

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

AZL-34902 CVE-2023-26484 affecting package kubevirt for versions less than 1.2.0-1

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to...

xCAT 安全漏洞

xCAT is a toolset that provides complete management for HPC clusters, render farms, grids, web farms, online gaming infrastructures, clouds, and data centers. A security vulnerability exists in xCAT versions prior to 2.16.5, which stems from the fact that if a zone is configured for cluster...

DRUPAL-CONTRIB-2023-008

This module enables you to associate Forums as Group 1.x content and use Group access permissions. Previous versions of the module incorrectly set node access on creation, and did not correctly restrict access to lists of forum topics...

Group control for forums - Critical - Access bypass - SA-CONTRIB-2023-008

This module enables you to associate Forums as Group 1.x content and use Group access permissions. Previous versions of the module incorrectly set node access on creation, and did not correctly restrict access to lists of forum topics...

SUSE CVE-2017-6930

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

PT-2023-33776 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue concerns the RDMA/core component of the Linux Kernel, where the ib port is not properly validated when accessing a sysfs node. The actual impact and attack plausibility have not ye...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the...

DEBIAN-CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...

DEBIAN-CVE-2022-42318

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

Security Bulletin: IBM Spectrum Protect 8.1.14.000 Server is vulnerable to bypass of security restrictions (CVE-2022-22394)

Summary IBM Spectrum Protect 8.1.14.000 Server could allow a remote attacker to bypass security restrictions due to improper enforcement of access controls. Vulnerability Details CVEID: CVE-2022-22394 DESCRIPTION: The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass...

Drupal improper access restrictions

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page...

GHSA-96VX-QF28-6F8M Drupal Access Control Bypass

Drupal 7.x before 7.3 allows remote attackers to bypass intended nodeaccess restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table...