GHSA-8GMG-3W2Q-65F4 OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR

Summary A flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is running with elevated privileges. The injector trusted TMPDIR from the target process and used unsafe file creation...

PT-2023-24819 · American Megatrends International · Ami Bmc

Name of the Vulnerable Software and Affected Versions: AMI BMC affected versions not specified Description: The issue is related to a vulnerability in the SPX REST API of AMI BMC, where an attacker with the required privileges can inject arbitrary shell commands. This may lead to code execution,...