CVE-2026-35070

CVE-2026-35070 affects Dell SmartFabric Storage Software prior to 1.4.5. It is an Improper Neutralization of Special Elements used in a Command (Command Injection) vulnerability, enabling a high-privileged, local attacker to potentially gain filesystem access. The connected documents do not provi...

Brocade SANnav DataBase password in plain text is logged in failover logs (CVE-2025-12680)

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby Brocade SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read th...

QNAP Systems QTS和QNAP Systems QuTS hero 路径遍历漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems of Taiwan, China. A path traversal vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from path traversal and could result in reading...

QNAP Systems QTS和QNAP Systems QuTS hero 代码问题漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems of Taiwan, China. A code issue vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that stems from a null pointer dereference and could lead to a denial of...

QNAP Systems QTS和QNAP Systems QuTS hero 缓冲区错误漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both a software with data storage and management capabilities from QNAP Systems, Inc. of Taiwan, China. A buffer error vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from an out-of-bounds read and could result in...

QNAP Systems QuTS hero和QNAP Systems QTS 代码问题漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems, a Taiwan, China-based company. A code issue vulnerability exists in QNAP Systems QuTS hero and QNAP Systems QTS that stems from a null pointer dereference and could lead ...

CVE-2025-68919

Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express DX / AF Management Software before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and...

Pure Storage PX Enterprise 安全漏洞

Pure Storage PX Enterprise is a data storage software from the US-based Pure Storage. A security vulnerability exists in Pure Storage PX Enterprise that stems from the possibility of logging sensitive information under certain conditions...

EUVD-2023-47491

Malicious code in bioql PyPI...

PT-2025-31585 · Openexr · Openexr

Name of the Vulnerable Software and Affected Versions: OpenEXR versions 3.3.0 through 3.3.2 Description: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. A heap-based buffer overflow occurs during a...

Important: Red Hat Security Advisory: RHODF-4.14-RHEL-9 security update

An updated images are now available for RHODF-4.14-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

Security Bulletin: Vulnerability in node.js package affects IBM Storage Scale GUI (CVE-2023-42282)

Summary There is a vulnerability in node.js package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a...

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2023-28466)

Summary There is a vulnerability in the Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details CVEID:CVE-2023-28466 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the lack of a locksock call in dotlsgetsockopt in...

Advisory ROSA-SA-2023-2248

software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...

Dell SmartFabric Storage Software HTML Injection Vulnerability

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software version 1.4 suffers from an HTML injection vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

Dell SmartFabric Storage Software Path Traversal Vulnerability

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. A path traversal vulnerability exists in Dell SmartFabric Storage Software, which arises from the program failing to properly filter for specific elements in a resource or file path. An attacker could use...

Dell SmartFabric Storage Software OS Command Injection Vulnerability (CNVD-2023-77962)

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands with root privileges on the system...

CVE-2023-32485

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user...

CVE-2023-43073

Dell SmartFabric Storage Software v1.4 and earlier contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...