16 matches found
CVE-2024-11944
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...
CVE-2024-11946
iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...
CVE-2024-11946
iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...
CVE-2024-11944
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...
CVE-2024-11944
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...
CVE-2024-11946 iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...
CVE-2024-11946
The CVE-2024-11946 entry concerns iXsystems TrueNAS CORE. The flaw exists in firmware update handling, caused by using an insecure protocol to deliver updates, enabling network-adjacent attackers to tamper with firmware update files on affected installations. Authentication is not required to exp...
CVE-2024-11946 iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...
CVE-2024-11944 iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...
CVE-2024-11944 iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...
CVE-2024-11944
CVE-2024-11944 affects iXsystems TrueNAS CORE (tarfile.extractall). The flaw is lack of validation of a user-supplied path in tarfile.extractall, enabling directory traversal and remote code execution with root privileges on affected installations, exploitable by network-adjacent attacker without...
iXsystems TrueNAS CORE 安全漏洞
iXsystems TrueNAS CORE is an open source storage software from iXsystems. A security vulnerability exists in iXsystems TrueNAS CORE version 13.3-RELEASE, which stems from the use of an insecure protocol for transferring update files when processing firmware updates, which could result in the...
iXsystems TrueNAS CORE 路径遍历漏洞
iXsystems TrueNAS CORE is an open source storage software from iXsystems. A path traversal vulnerability exists in iXsystems TrueNAS CORE version 13.3-RELEASE, which stems from a lack of proper validation of user-supplied paths in the tarfile.extractall method, which could lead to directory...
(Pwn2Own) iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tarfile.extractall method. The issue results from the lack of...
PT-2024-17358 · Ixsystems · Ixsystems Truenas Core
Name of the Vulnerable Software and Affected Versions: iXsystems TrueNAS CORE affected versions not specified Description: This issue allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. The specific flaw exists within the...
PT-2024-10212 · Ixsystems · Truenas Core
Name of the Vulnerable Software and Affected Versions: iXsystems TrueNAS CORE versions prior to 13.0-U6.3 Description: The issue is related to the tarfile.extractall method, which lacks proper validation of a user-supplied path prior to using it in file operations. This allows network-adjacent...