8 matches found
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-380113)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-380113 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dmaalloccoherent is...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-50189)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50189 advisory. - In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed...
CVE-2023-1305
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...
CVE-2023-1306
An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...
CVE-2023-1304
An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...
Code injection
An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...
Design/Logic Flaw
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...
CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access
An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...