QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability arises from command injections, whic...

CVE-2026-35070

CVE-2026-35070 affects Dell SmartFabric Storage Software prior to 1.4.5. It is an Improper Neutralization of Special Elements used in a Command (Command Injection) vulnerability, enabling a high-privileged, local attacker to potentially gain filesystem access. The connected documents do not provi...

Brocade SANnav DataBase password in plain text is logged in failover logs (CVE-2025-12680)

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby Brocade SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read th...

QNAP Systems QTS和QNAP Systems QuTS hero 路径遍历漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems of Taiwan, China. A path traversal vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from path traversal and could result in reading...

QNAP Systems QuTS hero和QNAP Systems QTS 代码问题漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems, a Taiwan, China-based company. A code issue vulnerability exists in QNAP Systems QuTS hero and QNAP Systems QTS that stems from a null pointer dereference and could lead ...

QNAP Systems QTS和QNAP Systems QuTS hero 代码问题漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems of Taiwan, China. A code issue vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that stems from a null pointer dereference and could lead to a denial of...

QNAP Systems QTS和QNAP Systems QuTS hero 缓冲区错误漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both a software with data storage and management capabilities from QNAP Systems, Inc. of Taiwan, China. A buffer error vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from an out-of-bounds read and could result in...

CVE-2025-68919

Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express DX / AF Management Software before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and...

Pure Storage PX Enterprise 安全漏洞

Pure Storage PX Enterprise is a data storage software from the US-based Pure Storage. A security vulnerability exists in Pure Storage PX Enterprise that stems from the possibility of logging sensitive information under certain conditions...

EUVD-2023-47491

Malicious code in bioql PyPI...

PT-2025-31585 · Openexr · Openexr

Name of the Vulnerable Software and Affected Versions: OpenEXR versions 3.3.0 through 3.3.2 Description: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. A heap-based buffer overflow occurs during a...

Important: Red Hat Security Advisory: RHODF-4.14-RHEL-9 security update

An updated images are now available for RHODF-4.14-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

The vulnerability of the B44Compressor component of the image storage software for OpenEXR, which has a wide dynamic range of brightness levels, allows a hacker to trigger a service failure.

The vulnerability of the B44Compressor component of the OpenEXR image storage software, which handles images with wide dynamic range of brightness, is related to buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created...

Security Bulletin: Vulnerability in node.js package affects IBM Storage Scale GUI (CVE-2023-42282)

Summary There is a vulnerability in node.js package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a...

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2023-28466)

Summary There is a vulnerability in the Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details CVEID:CVE-2023-28466 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the lack of a locksock call in dotlsgetsockopt in...

The vulnerability of software for managing data storage on Dell EMC PowerEdge MX Dell SmartFabric Storage lies in insufficient validation of arguments passed to commands, allowing an attacker to execute arbitrary commands.

The vulnerability of the software for managing data storage on Dell EMC PowerEdge MX Dell SmartFabric Storage lies in insufficient checking of arguments passed in commands. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

Advisory ROSA-SA-2023-2248

software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...

Dell SmartFabric Storage Software OS Command Injection Vulnerability (CNVD-2023-77962)

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands with root privileges on the system...

Dell SmartFabric Storage Software HTML Injection Vulnerability

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software version 1.4 suffers from an HTML injection vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

Dell SmartFabric Storage Software Path Traversal Vulnerability

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. A path traversal vulnerability exists in Dell SmartFabric Storage Software, which arises from the program failing to properly filter for specific elements in a resource or file path. An attacker could use...