CVE-2024-21840

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...

CVE-2024-20348

A vulnerability in the Out-of-Band OOB Plug and Play PnP feature of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this...

CVE-2024-22250

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

CVE-2024-42187

BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks...

CVE-2024-42186 HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support

BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation...

CVE-2024-42184 HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme...

CVE-2024-42182 HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery SSRF vulnerability. It may allow the application to download files from an internally hosted server on localhost...

PT-2025-2633 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue is related to an insecure protocol support in BigFix Patch Download Plug-ins, which can lead to improper handling of SSL certificates validation. This may...

PT-2025-2630 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue concerns an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation o...

PT-2025-2632 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue is related to an insecure package in BigFix Patch Download Plug-ins that is susceptible to XML injection attacks. This allows an attacker to inject maliciou...

PT-2025-2631 · Ibm · Bigfix Patch Download Plug-Ins

The BigFix Patch Download Plug-ins are affected by insecure support for the file URI scheme, which could allow a malicious operator to attempt to download files using the file:// URI scheme. This issue is related to the handling of URI schemes in the plug-ins. An exploit could be used to take...

PT-2025-2629 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It may allow the application to download files from an internally hosted server on localhost...

CVE-2025-21389

Uncontrolled resource consumption in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to deny service over a network...

CVE-2025-21300

Windows Universal Plug and Play UPnP Device Host Denial of Service Vulnerability...

Microsoft Windows UPnP 资源管理错误漏洞

Microsoft Windows UPnP is a device agent from Microsoft Corporation USA. Providing a proxy allows Windows network connections to recognize the IP address of ZoneDirector. A resource management error vulnerability exists in Microsoft Windows UPnP. An attacker could exploit this vulnerability to...

DEBIAN-CVE-2024-55642

In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned block device always execute a zone report whenever a write BIO to a zone fails. The intent of this i...

CVE-2024-55642

CVE-2024-55642: In the Linux kernel, the zone write plug error recovery could deadlock if a device queue freeze occurred while BIOs were plugged and a write failed. The automatic use of report zones after a failed write was removed, and recovery now relies on the user/driver to perform report zon...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility that Sample Data Buffers SDBs may be released prematurely during CPU hot-plug removal...

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

CVE-2025-22352 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows Blind SQL Injection.This issue affects ELEX...