Monthly Archives: August 2023

Advisories

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit
Advisory ID: KL-001-2023-003
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-003.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product:…

Read More

Advisories

KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump
Advisory ID: KL-001-2023-002
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-002.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product: ThousandEyes…

Read More

Advisories

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig

Read Time:21 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig
Advisory ID: KL-001-2023-001
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-001.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product: ThousandEyes…

Read More

Advisories

USN-6299-1: poppler vulnerabilities

Read Time:14 Second

It was discovered that poppler incorrectly handled certain malformed PDF
files. If a user or an automated system were tricked into opening a
specially crafted PDF file, a remote attacker could possibly use this
issue to cause a denial of service. (CVE-2020-36023, CVE-2020-36024)

Read More

Advisories

USN-6294-2: HAProxy vulnerability

Read Time:15 Second

USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the
corresponding updates for Ubuntu 20.04 LTS.

Original advisory details:

Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length
headers. A remote attacker could possibly use this issue to manipulate the
payload and bypass certain restrictions.

Read More

Advisories

USN-6298-1: ZZIPlib vulnerabilities

Read Time:25 Second

Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2018-7727)

YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2020-18442)

Read More