Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
storage vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-32726
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. Th...
Nextcloud Nextcloud Server
9.8
CVSSv3
CVE-2021-33221
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Unauthenticated API Endpoints.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-32520
Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows malicious users to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
Qsan Storage Manager
9.8
CVSSv3
CVE-2021-32521
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local malicious users to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
Qsan Sanos
Qsan Storage Manager
Qsan Xevo
9.8
CVSSv3
CVE-2021-32522
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote malicious users to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in...
Qsan Sanos
Qsan Storage Manager
Qsan Xevo
9.8
CVSSv3
CVE-2021-32513
QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated malicious users to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
Qsan Storage Manager
9.8
CVSSv3
CVE-2021-32512
QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated malicious users to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
Qsan Storage Manager
9.8
CVSSv3
CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Apache Http Server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Secure Backup
Netapp Cloud Backup -
1 Github repository
9.8
CVSSv3
CVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this...
Lz4 Project Lz4 1.8.3
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Oracle Zfs Storage Appliance Kit 8.8
Oracle Communications Cloud Native Core Policy 1.14.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
9.8
CVSSv3
CVE-2021-20236
A flaw was found in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentia...
Zeromq Zeromq
Redhat Enterprise Linux 7.0
Redhat Ceph Storage 2.0
Fedoraproject Fedora 33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »