CVE-2023-48246

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48245

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48242

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-31446

In Cassia Gateway firmware XC10002.1.1.2303082218 and XC20002.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup...

CVE-2024-0213

A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service DoS, through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event...

Buffer overflow

A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service DoS, through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event...

CVE-2024-0213

A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service DoS, through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event...

CVE-2024-0213

CVE-2024-0213 concerns Trellix Agent (formerly McAfee ePO Agent) and the TA service on Linux and macOS, prior to version 5.8.1. A memory corruption-based buffer overflow in the TA service, which runs as root, allows a local attacker to gain elevated privileges or cause a DoS and may disable event...

Remote code execution

Google Nest WiFi Pro root code-execution & user-data compromise...

CVE-2023-49228

An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...

CVE-2023-49226

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root...

Command injection

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root...

CVE-2023-49226

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root...

Ceph: Root Privilege Escalation

Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details. Impact The ceph-crash.service runs the ceph-crash...

CentOS 7 : insights-client (RHSA-2023:6795)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6795 advisory. - A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and...

Linux Kernel nf_tables_expr_destroy Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nftablesexprdestroy...

CVE-2023-6071

An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source...

Trellix Enterprise Security Manager < 11.6.9 Command Injection

The version of Trellix Enterprise Security Manager running on the remote web server is prior to 11.6.9. It is, therefore, affected by a command injection vulnerability. Due to improper neutralization of special elements, a remote attacker, authenticated as an administrator, can execute code as...

[slackware-security] vim

New vim packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/vim-9.0.2127-i586-1slack15.0.txz: Upgraded. Fixed security issues. Thanks to marav for the heads-up. For more information, see:...

Cisco AppDynamics PHP Agent Elevation of Privilege Vulnerability

Cisco AppDynamics PHP Agent is an agent program from Cisco USA for monitoring the performance of PHP applications. An elevation of privilege vulnerability exists in the Cisco AppDynamics PHP Agent that stems from insufficient privileges being set on the PHP Agent installation directory. An attack...