Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

CVE-2023-32494: DSA-2023-269: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

CVE
Open in Source
#vulnerability#dos#apache#auth#ssh#dell
CVE-2023-39659: Prompt injection which leads to arbitrary code execution · Issue #7700 · langchain-ai/langchain

An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.

CVE-2023-33242: Lindell17 Abort Vulnerability [CVE-2023-33242]: Technical Report - Fireblocks

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System

CVE-2023-4009: Ops Manager Server Changelog — MongoDB Ops Manager 5.0

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.

CVE-2022-34453: DSA-2022-290: Dell XtremIO X2 Security Update for a XMS GUI Vulnerability

Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.

CVE-2023-32450: DSA-2023-181: Dell Power Manager Security Update for an Improper Access Control Vulnerability

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

CVE-2023-32468: DSA-2023-254: Security Update for Dell ECS Streamer sensitive data exposure Vulnerability.

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.

CVE-2023-32476: DSA-2023-258: Dell Hybrid Client Update for a Hard Coded Secret Vulnerability

Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.

CVE-2023-32455: DSA-2023-247: Dell ThinOS Security Update for Multiple Vulnerabilities

Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.