5 matches found
Design/Logic Flaw
A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows...
Remote Code Execution
tailscale is vulnerable to remote code execution. The library does not have host header verification, which allows an attacker-controlled coordination server to send malicious URL responses to the client, including pushing executables or installing an SMB share...
CVE-2022-41924 Tailscale Windows daemon is vulnerable to RCE via CSRF
A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows...
Tailscale Windows daemon is vulnerable to RCE via CSRF
A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. Affected platforms: Windows Patched Tailscale client versions: v1.32.3 or later, v1.33.257 or later unstable What...
Debian DLA-1801-1 : zookeeper security update
It was discovered that there was an information disclosure vulnerability in zookeeper, a distributed co-ordination server. Users who were not authorised to read data were able to view the access control list. For Debian 8 'Jessie', this issue has been fixed in zookeeper version 3.4.9-3+deb8u2. We...