PT-2023-20208 · Zxcloud · Zxcloud Irai

Name of the Vulnerable Software and Affected Versions: ZXCLOUD iRAI affected versions not specified Description: The issue is related to weak folder permissions in the ZXCLOUD iRAI product, allowing an attacker with ordinary user privileges to construct a fake DLL to execute commands and escalate...

ZTE ZXCLOUD iRAI Security Vulnerability

ZTE ZXCLOUD iRAI is a virtualization device from ZTE Corporation ZTE, China. A security vulnerability exists in the ZTE ZXCLOUD iRAI that stems from a weak folder privilege vulnerability...

CVE-2020-28369

In BeyondTrust Privilege Management for Windows aka PMfW through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp...

CVE-2023-49964

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI Server-Side Template Injection attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE...

Alfresco Community Edition Security Vulnerability

Alfresco Community Edition is the U.S. Alfresco's set of open source enterprise content management system community edition. The system includes document management, office collaboration, and other features. A security vulnerability exists in Alfresco Community Edition 7.2.0 and earlier versions,...

PT-2023-8222 · Hyland · Hyland Alfresco Community Edition

Name of the Vulnerable Software and Affected Versions: Hyland Alfresco Community Edition versions through 7.2.0 Description: The issue exists due to the failure to neutralize special elements in the folder.get.html.ftl component of the Hyland Alfresco Community Edition content management system...

AZL-32127 CVE-2023-2861 affecting package qemu for versions less than 6.2.0-23

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

DEBIAN-CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

AZL-35167 CVE-2023-2861 affecting package qemu for versions less than 8.2.0-1

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called...

CVE-2023-39257

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege...

CVE-2023-39256

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation o...

CVE-2023-39256

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation o...

Dell Rugged Control Center 安全漏洞

Dell Rugged Control Center is an application from Dell USA. It allows a range of settings to be configured on the ruggedized device, such as application settings, keyboard backlight settings, night mode settings, stealth mode settings, window settings, antenna switch settings and GPS settings. An...

Dell Rugged Control Center 安全漏洞

Dell Rugged Control Center is an application from Dell USA. It allows a range of settings to be configured on the ruggedized device, such as application settings, keyboard backlight settings, night mode settings, stealth mode settings, window settings, antenna switch settings and GPS settings. An...

PT-2023-26852 · Dell · Dell Rugged Control Center

Name of the Vulnerable Software and Affected Versions: Dell Rugged Control Center versions prior to 4.7 Description: The issue is related to improper access control. A local malicious standard user could potentially exploit this to modify content in an unsecured folder when product installation...

PT-2023-26851 · Dell · Dell Rugged Control Center

Name of the Vulnerable Software and Affected Versions: Dell Rugged Control Center versions prior to 4.7 Description: The issue is related to improper access control. A local malicious standard user could potentially exploit this to modify content in an unsecured folder during product installation...

MGASA-2023-0332 Updated roundcubemail packages fix XSS security vulnerabilities

Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting XSS vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download CVE-2023-47272 Fix cross-site scripting XSS vulnerability in handling of SVG in HTML messages. CVE-2023-5631 Some...