CVE-2022-36174

FreshService Windows Agent 2.11.0 and FreshService macOS Agent 4.2.0 and FreshService Linux Agent 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service...

CVE-2022-36173

FreshService macOS Agent 4.4.0 and FreshServce Linux Agent 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service...

CVE-2022-36174

CVE-2022-36174 affects FreshService agents: Windows < 2.11.0, macOS < 4.2.0, Linux

PT-2022-23243 · Freshservice · Freshservice Linux Agent +1

Name of the Vulnerable Software and Affected Versions: FreshService macOS Agent versions 4.4.0 FreshService Linux Agent versions 3.4.0 Description: The issue allows for TLS Man-in-The-Middle attacks via the FreshAgent client and scheduled update service. Recommendations: For FreshService macOS...

Freshworks FreshService 安全漏洞

Freshworks FreshService is a cloud-based IT help desk and service management solution from Freshworks, Inc. It enables organizations to streamline their IT operations. A security vulnerability exists in Freshworks FreshService Windows Agent versions prior to 2.11.0, FreshService macOS Agent...

PT-2022-23244 · Freshservice · Freshservice Linux Agent +2

Name of the Vulnerable Software and Affected Versions: FreshService Windows Agent versions prior to 2.11.0 FreshService macOS Agent versions prior to 4.2.0 FreshService Linux Agent versions prior to 3.3.0 Description: The issue is related to broken integrity checking via the FreshAgent client and...

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux

Overview Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Directory Traversal CWE-22 - CVE-2022-23119 Code Injection CWE-94 - CVE-2022-23120 As of 2022 January 24, a Proof-of-Concept PoC code...

CVE-2022-23120

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in...

CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...

CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...

CVE-2022-23120

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in...

CVE-2021-36795

A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges...

CVE-2021-36795

A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges...

Design/Logic Flaw

A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges...

CVE-2021-36795

CVE-2021-36795 affects the Cohesity Linux agent, with privilege-escalation possible in versions 6.5.1b–6.5.1d-hotfix10 and 6.6.0a–6.6.0b-hotfix1. The underprivileged Linux user order to meet certain environment criteria could gain additional privileges due to a permission issue. The connected doc...

Cohesity Linux agent 安全漏洞

Cohesity Linux agent is used in different installer packages to provide support for multiple Linux distributions. A security vulnerability exists in Cohesity Linux agent, which stems from the product's lack of an effective privilege management mechanism. The vulnerability can be exploited to gain...

System Center 2012 Operations Manager SP1 Update Rollup 5

System Center 2012 Operations Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Operations Manager Service Pack 1 SP1. Additionally, this article contains the installation instructions for Update Rollup 5...

WALinuxAgent: swapfile created with weak permissions

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'...

The software for interacting between Linux and FreeBSD virtual machines with the Azure Windows Azure Linux Agent is vulnerable due to incorrect permission assignments for download files. This allows an intruder to gain unauthorized access to sensitive information.

The vulnerability of the software for interacting between Linux and FreeBSD virtual machines with the Azure Windows Azure Linux Agent is related to the improper assignment of permissions to download files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

CVE-2019-0804

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'...