Privilege escalation

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

CVE-2023-27168

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

CVE-2023-27168

CVE-2023-27168 affects Xpand IT Write-back Manager, version 2.3.1. The vulnerability is an arbitrary file upload that allows attackers to execute arbitrary code via a crafted JSP file. The connected PT-2024-12123 entry confirms the affected product/version and provides a practical workaround: res...

PT-2024-12123 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back Manager version 2.3.1 Description: An arbitrary file upload issue allows attackers to execute arbitrary code via a crafted jsp file. Recommendations: For Xpand IT Write-back Manager version 2.3.1, consider restricting file...

Xpand IT Write-back manager security vulnerability

Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into a database. A security vulnerability exists in Xpand IT Write-back manager version v2.3.1 that originates from a vulnerability that allows attackers to execute arbitrary...

CVE-2023-27168

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file...

CVE-2024-0562

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

CVE-2024-0562

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

Design/Logic Flaw

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

CVE-2024-0562

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

CVE-2024-0562

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

CVE-2023-27172

CVE-2023-27172 affects Xpand IT Write-back Manager v2.3.1. The issue is the use of weak (hardcoded/guessable) JWT signing keys, enabling brute-force recovery of the signing key and impersonation of users. The vulnerability enables potential unauthorized access with high impact on confidentiality ...

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

PT-2023-20989 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back Manager version 2.3.1 Description: The issue is related to the use of weak secret keys to sign JWT tokens, allowing attackers to obtain the secret key via a bruteforce attack. Recommendations: For Xpand IT Write-back Manag...

Xpand IT Write-Back Manager Security Vulnerability

Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into the database. A security vulnerability exists in Xpand IT Write-Back Manager version v2.3.1, which stems from the use of a weak key for signing JWT tokens, where an...

SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:4654-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4654-1 advisory. - Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds...

SUSE CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine VM memory integrity...