Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

CVE-2022-33935: DSA-2022-107: Dell Data Protection Advisor Security Update for Stored Cross Site Scripting Vulnerability

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVE
Open in Source
#xss#vulnerability#web#java#dell
CVE-2022-31232: DSA-2022-156: Dell SmartFabric Storage Software Security Update for Multiple Component Vulnerabilities

SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.

Capital One Joins Open Source Security Foundation

OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.

Exploits and TrickBot disrupt manufacturing operations

Categories: Threat Intelligence September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021. (Read more...) The post Exploits and TrickBot disrupt manufacturing operations appeared first on Malwarebytes Labs.

CVE-2022-37070: vuln/H3C/GR-1200W/19 at main · Darry-lang1/vuln

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

CVE-2022-36509: vuln/readme.md at main · Darry-lang1/vuln

H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

CVE-2022-36510: vuln/H3C/GR2200/1 at main · Darry-lang1/vuln

H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

CVE-2022-31238: DSA-2022-149: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.

CVE-2022-33932: DSA-2022-149: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.

Business Services industry targeted across the country for backdoor access

Categories: Threat Intelligence High detections of hacking tools for the Business Services industry shows that attackers likely sought to infect businesses and install backdoors for future access to their customers. (Read more...) The post Business Services industry targeted across the country for backdoor access appeared first on Malwarebytes Labs.