CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

CVE-2023-20572

CVE-2023-20572 describes a timing discrepancy in the ASP that could enable a local attacker to brute-force the hash message authentication code, risking data integrity. The connected AMD bulletin AMD-SB-4012 references potential vulnerabilities on AMD Client Processor platforms affecting ASP and ...

EUVD-2023-60598

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

CVE-2023-20540

CVE-2023-20540 describes a timing discrepancy in the AMD Secure Processor (ASP) that could enable a privileged attacker to brute-force the hash-based MAC, potentially compromising data integrity. Affected component: AMD Secure Processor / ASP in AMD client/server platforms using ASP. Root cause: ...

CVE-2026-49506

Dell Wyse Management Suite before version 5.5 HF1 is affected by CVE-2026-49506: an improper limitation of a pathname to a restricted directory (path traversal) could allow a high-privilege attacker with remote access to achieve remote code execution. Affected product: Dell Wyse Management Suite;...

CVE-2026-44272

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

CVE-2026-44273

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A flaw was discovered in the XFRM subsystem of the Linux kernel. The specific flaw occurs during the processing of state filters, which can lead to a read of data beyond the end of an allocated buffer. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read,...

Astra Linux – Vulnerability in amd64-microcode

Incomplete system memory cleanup in the SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A flaw was discovered in the Netfilter subsystem of the Linux kernel. The xtu32 module failed to validate the fields within the xtu32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value that exceeds the bounds of the...

CVE-2026-54219

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

CVE-2026-55748

A flaw was found in OpenStack Horizon. This vulnerability allows a highly privileged remote attacker, with user interaction, to craft a project name containing shell metacharacters. When scripts for OpenStack RC file downloading are produced, these metacharacters may be processed, potentially...

CVE-2026-35069

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

CVE-2026-35069

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

CVE-2026-35069

Dell PowerFlex Manager is affected by an SQL Injection due to improper neutralization of special elements. The issue affects Dell PowerFlex Manager versions unspecified in the document; an attacker with adjacent network access and low privileges could potentially trigger script injection. Documen...

CVE-2026-35068

The CVE-2026-35068 entry affects Dell PowerFlex Manager and describes an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. A low-privileged attacker with adjacent network access could potentially exploit this to achieve an information disclosure. P...

EUVD-2026-37736

Dell PowerFlex Manager, versions Versions, contains an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

CVE-2026-35067

Technical details (affected product/component/version, root cause, impact, fixes) are not publicly available in the provided documents. Monitor for updates from Dell and CVE trackers.

CVE-2026-35162

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service...