6 matches found
EUVD-2024-34368
Malicious code in bioql PyPI...
CVE-2024-11946
iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...
CVE-2024-11946
The CVE-2024-11946 entry concerns iXsystems TrueNAS CORE. The flaw exists in firmware update handling, caused by using an insecure protocol to deliver updates, enabling network-adjacent attackers to tamper with firmware update files on affected installations. Authentication is not required to exp...
CVE-2024-11946 iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...
CVE-2024-11944
CVE-2024-11944 affects iXsystems TrueNAS CORE (tarfile.extractall). The flaw is lack of validation of a user-supplied path in tarfile.extractall, enabling directory traversal and remote code execution with root privileges on affected installations, exploitable by network-adjacent attacker without...
(Pwn2Own) iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tarfile.extractall method. The issue results from the lack of...