Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
storage vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-25985
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration t...
Darwin Factor
9.8
CVSSv3
CVE-2021-41266
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and ...
Min Minio Console
9.8
CVSSv3
CVE-2021-26588
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts comp...
Hpe 3par Os 3.3.1 Mp5 P156
Hpe 3par Os 3.3.1 Mu1
Hpe 3par Os 3.3.1 Mu2 P157
Hpe 3par Os 3.3.2 Ga P 01
Hpe Primera 630 Firmware
Hpe Primera 650 Firmware
Hpe Primera 670 Firmware
Hpe Alletra 9060 Firmware
Hpe Alletra 9080 Firmware
9.8
CVSSv3
CVE-2021-36745
A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote malicious user to bypass authentication on affected i...
Trendmicro Serverprotect 5.8
Trendmicro Serverprotect 6.0
9.8
CVSSv3
CVE-2021-22941
Improper Access Control in Citrix ShareFile storage zones controller prior to 5.11.20 may allow an unauthenticated malicious user to remotely compromise the storage zones controller.
Citrix Sharefile Storagezones Controller
1 Github repository
9.8
CVSSv3
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http Server
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Cloud Backup -
Netapp Storagegrid -
Netapp Clustered Data Ontap -
Oracle Http Server 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Server 14.0
Siemens Sinec Nms
9.8
CVSSv3
CVE-2021-34345
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows malicious users to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expans...
Qnap Ej1600 Firmware
Qnap Tl-r1620sdc Firmware
Qnap Tl-r1620sep-rp Firmware
Qnap Tl-r1220sep-rp Firmware
Qnap Tl-d1600s Firmware
Qnap Tl-d800s Firmware
Qnap Tl-d400s Firmware
Qnap Tl-r1200s-rp Firmware
Qnap Tl-r400s Firmware
Qnap Tl-r1200c-rp Firmware
Qnap Tl-d800c Firmware
Qnap Tr-004 Firmware
Qnap Tr-002 Firmware
Qnap Tr-004u Firmware
9.8
CVSSv3
CVE-2021-34346
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows malicious users to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expans...
Qnap Nvr Storage Expansion Firmware
9.8
CVSSv3
CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" paramete...
Openssl Openssl
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Santricity Smi-s Provider -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Manageability Software Development Kit -
Netapp Storage Encryption -
Netapp E-series Santricity Os Controller
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Jd Edwards World Security A9.4
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Session Border Controller 8.4
Oracle Enterprise Communications Broker 3.2.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Peoplesoft Enterprise Peopletools 8.59
1 Github repository
1 Article
9.8
CVSSv3
CVE-2021-38306
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated malicious user to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.
Lg N1t1 Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »