CVE-2024-36075

CVE-2024-36075 affects CoSoSys Endpoint Protector (up to version 5.9.3) and CoSoSys Unify agent (up to version 7.0.6). The vulnerability arises from how an archive obtained from the Endpoint Protector/Unify server is extracted on the endpoint, enabling an attacker who can modify the server archiv...

CVE-2024-36075

The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the...

PT-2024-26884 · Cososys · Cososys Endpoint Protector

Name of the Vulnerable Software and Affected Versions: CoSoSys Endpoint Protector versions 5.9.3 and earlier Unify agent versions 7.0.6 and earlier Description: The issue is related to the extraction of an archive obtained from the server on the endpoint, which can lead to arbitrary code executio...

CVE-2024-36074

CVE-2024-36074 affects Netwrix CoSoSys Endpoint Protector (versions 5.9.3 and earlier) and CoSoSys Unify (versions 7.0.6 and earlier). Root cause: remote code execution arising from how the EasyLock dependency is acquired from the server, enabling an admin with server access to cause a client to ...

CVE-2024-36074

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint...

PT-2024-26882 · Cososys +1 · Cososys Unify +1

Name of the Vulnerable Software and Affected Versions: Netwrix CoSoSys Endpoint Protector versions 5.9.3 and earlier CoSoSys Unify versions 7.0.6 and earlier Description: The issue allows an attacker with administrative access to the server to overwrite sensitive configuration and subsequently...

CVE-2024-36072

The CVE-2024-36072 entry covers Netwrix CoSoSys Endpoint Protector (versions up to and including 5.9.3) and CoSoSys Unify (up to and including 7.0.6). A remote code execution flaw is located in the logging component of the Endpoint Protector/Unify server, allowing an unauthenticated attacker to s...

PT-2024-26883 · Cososys +1 · Cososys Unify +1

Name of the Vulnerable Software and Affected Versions: Netwrix CoSoSys Endpoint Protector versions 5.9.3 and earlier CoSoSys Unify versions 7.0.6 and earlier Description: The issue concerns a remote code execution vulnerability in the Endpoint Protector and Unify agent. This vulnerability arises...

CVE-2024-36073

Netwrix CoSoSys Endpoint Protector (v5.9.3 and earlier) and CoSoSys Unify (v7.0.6 and earlier) contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector/Unify agent. An attacker with administrative access to the Endpoint Protector or Unify server can overw...

EulerOS Virtualization 3.0.6.0 : gcc (EulerOS-SA-2024-1680)

According to the versions of the gcc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an...

SUSE: Security Advisory (SUSE-SU-2024:1462-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-2026

The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contentprotector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-18638 · WordPress · Passster

Name of the Vulnerable Software and Affected Versions: Passster plugin for WordPress versions up to, and including, 4.2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's content protector shortcode due to insufficient input sanitization and output escaping on...

EulerOS Virtualization 2.11.1 : gcc (EulerOS-SA-2024-1412)

According to the versions of the gcc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an...

Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2024-1412)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2024-1265)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : gcc (EulerOS-SA-2024-1265)

According to the versions of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer...

openSUSE: Security Advisory for gcc12 (SUSE-SU-2023:3661-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-26586 mlxsw: spectrum_acl_tcam: Fix stack corruption

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a...

CVE-2024-26586 mlxsw: spectrum_acl_tcam: Fix stack corruption

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a...