CVE-2023-41790

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773...

Path traversal

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772...

Path traversal

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41790 Traversal Path on PHP file

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41790

CVE-2023-41790 is a path traversal vulnerability in Pandora FMS (versions 700–773) that allows access to server configuration files via an uncontrolled search path element, potentially compromising the database. Public descriptions consistently cite traversal through get_file.php as the root caus...

CVE-2023-41787 Arbitrary File Read

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772...

CVE-2023-41787

CVE-2023-41787 is an Uncontrolled Search Path Element vulnerability in Pandora FMS affecting versions 700–772. The issue arises from insecure search-path handling, enabling an attacker to access files containing sensitive information by manipulating configuration/file search paths. Documents cons...

Oracle Linux 8 : fwupd (ELSA-2023-7189)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7189 advisory. 1.7.8-2.0.1 - Modify %prep to correctly apply downstream patches - Align sections to 512 bytes Orabug: 35265981 - Use objcopy to build arm/aarch64 binaries if...

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 CVSS score: 10.0, the vulnerability is a remote code execution bug that could permit a threat actor to run...

PT-2023-29273 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.16 Apache ActiveMQ versions prior to 5.16.7 Apache ActiveMQ versions prior to 5.17.6 Apache ActiveMQ versions prior to 5.18.3 Description: A new PoC exploit for the Apache ActiveMQ vulnerability allows...

CVE-2023-44319

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.0, SCALANCE...

Design/Logic Flaw

Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration...

CVE-2023-44319

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.0, SCALANCE...

The vulnerability of the Grub configuration file, related to default access rights settings, allows a perpetrator to gain access to confidential data.

The vulnerability of the Grub configuration file is related to the default access rights settings. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

RHEL 9 : cups (RHSA-2023:6596)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6596 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups...

Fedora 39 : python-configobj (2023-64b2965699)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-64b2965699 advisory. Fixes an issue in configobj: CVE-2023-26112 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Rocky Linux 8 : spamassassin (RLSA-2021:4315)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4315 advisory. - In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this,...

Remote code execution

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

PT-2023-29927 · Microsoft · Vscode

Name of the Vulnerable Software and Affected Versions: Cody AI VSCode extension versions 0.10.0 through 0.14.0 Description: The issue concerns Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.jso...

The vulnerability of the software development environment of Totally Integrated Automation Portal (Portal TIA) relates to the possibility of bypassing the path, allowing a intruder to execute arbitrary code.

The vulnerability of the Totally Integrated Automation Portal Portal TIA software development environment relates to the possibility of bypassing the access path. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted...