176 matches found
PT-2024-34697 · Dell · Dell Ecs
Name of the Vulnerable Software and Affected Versions: Dell ECS versions prior to 3.8.1.3 Description: The issue is related to an arithmetic overflow vulnerability in the retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could...
Understanding the New Windows Secure Kernel Mode Elevation of Privilege Vulnerability (CVE-2024-21302)
On August 7, 2024, Microsoft disclosed a significant security vulnerability affecting Windows-based systems, known as CVE-2024-21302. This zero-day vulnerability allows attackers with administrator privileges to elevate their access by replacing current versions of Windows system files with...
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Summary: As of July 10, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...
CVE-2023-34277
D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...
CVE-2023-34275
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...
Path traversal
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...
Sielco PolyEco1000 Security Vulnerability
Sielco PolyEco1000 is an environmental monitoring and control system from Sielco designed to monitor and control data on water quality, meteorology, gas concentrations, energy management, and environmental parameters. A security vulnerability exists in Sielco PolyEco1000 that stems from a...
Ivanti Endpoint Manager Security Vulnerability
Ivanti Endpoint Manager is a suite of endpoint security managers from Ivanti USA.Contents is a product analytics solution and innovation enabler for the Countly Team team. Helps teams track product performance, customer journeys and behaviors across mobile, web and desktop applications. A securit...
Zope AccessControl Information Disclosure Vulnerability
Zope AccessControl is a generic security framework used in Zope from the Zope Foundation. An information disclosure vulnerability exists in Zope AccessControl that stems from allowing a person controlling a format string to read accessible recursive objects via attribute access and subscription o...
CVE-2023-30989
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017...
IBM i 安全漏洞
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.2, 7.3, 7.4, and 7.5, which can be exploited by an attacker to elevate privileges and gain access to all objects in...
USN-6199-1 php7.4, php8.1 vulnerability
It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information...
PT-2023-3002
Name of the Vulnerable Software and Affected Versions D-Link DIR-2150 affected versions not specified Description This issue allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. The specific flaw exists within the SOAP API interface, whi...
Fedora 37 : pcs (2023-cb2e422088)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-cb2e422088 advisory. - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was...
Fedora 38 : pcs (2023-4d546e6b4b)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4d546e6b4b advisory. - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was...
Fedora 36 : pcs (2023-5993ffa09a)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-5993ffa09a advisory. - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was...
Rocky Linux 9 : pcs (RLSA-2023:1591)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:1591 advisory. - Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a proper...
Oracle Linux 9 : pcs (ELSA-2023-12235)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12235 advisory. 0.11.3-4.el91.3 - Fixed a vulnerability in pcs-web-ui-node-modules - Resolves: rhbz2179900 Tenable has extracted the preceding description block directly from...
AlmaLinux 9 : pcs (ALSA-2023:1591)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1591 advisory. - Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property...
RHEL 9 : pcs (RHSA-2023:1591)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1591 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: webpack: avoid cross-realm...