Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone Cannot Deliver

By Waqas Web3, the next evolution of the internet, requires a truly decentralized infrastructure that goes beyond what IPFS (InterPlanetary File System) can offer on its own. This is a post from HackRead.com Read the original post: Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone Cannot Deliver

HackRead
Open in Source
#web#git#auth#dell
CVE-2023-24568: DSA-2023-059: Dell NetWorker Security Update for an Improper Validation Vulnerability

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.

CVE-2023-28079: DSA-2023-154: PowerPath Windows Security Update for Security Update for Multiple Vulnerabilities

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

CVE-2023-26130: CRLF Injection in cpp-httplib@v0.12.3

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVE-2023-25537: DSA-2023-098: Security Update for Dell PowerEdge 14G Server BIOS for an Out of Bounds Write Vulnerability

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

CVE-2023-31757: vul_report/XSS.md at main · sleepyvv/vul_report

DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'

CVE-2023-28045: DSA-2023-165: Dell CloudIQ Collector Security Update for Missing Encryption of Sensitive Data Vulnerability

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.

CVE-2023-31890: XML Deserialization vulnerability in BeanXMLByteCoder · Issue #709 · glazedlists/glazedlists

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.

CVE-2023-28076: DSA-2023-121: Dell CloudLink Security Update for AES-GCM Ciphers Vulnerability

CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.