Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26077: GitHub - mandiant/Vulnerability-Disclosures

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.

CVE
#vulnerability#web#windows#google#git#c++

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog
  • For

    • Enterprise
    • Teams
    • Startups
    • Education

    By Solution

    • CI/CD & Automation
    • DevOps
    • DevSecOps

    Resources

    • Customer Stories
    • White papers, Ebooks, Webinars
    • Partners
    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections
  • Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches****Use saved searches to filter your results more quickly

Sign in

Sign up

mandiant / Vulnerability-Disclosures Public

  • Notifications
  • Fork 51
  • Star 146

146 stars 51 forks Activity

Star

Notifications

  • Code
  • Issues 3
  • Pull requests
  • Actions
  • Projects
  • Security
  • Insights

More

master

Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

1 branch 0 tags

Code

  • Clone

    Use Git or checkout with SVN using the web URL.

  • Open with GitHub Desktop

  • Download ZIP

Latest commit

Aaron Carreras Add Atera CVE-2023-26077 and CVE-2023-26078 for Andrew Oliveau.

79876c5

Jul 24, 2023

Add Atera CVE-2023-26077 and CVE-2023-26078 for Andrew Oliveau.

79876c5

Git stats

  • 134 commits

FilesPermalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

2022

2023

FEYE-2019-0001

FEYE-2019-0002

FEYE-2019-0003

FEYE-2019-0004

FEYE-2019-0005

FEYE-2019-0006

FEYE-2019-0007

FEYE-2019-0008

FEYE-2019-0009

FEYE-2019-0010

FEYE-2019-0011

FEYE-2019-0012

FEYE-2019-0013

FEYE-2019-0014

FEYE-2019-0015

FEYE-2020-0001

FEYE-2020-0002

FEYE-2020-0003

FEYE-2020-0004

FEYE-2020-0005

FEYE-2020-0006

FEYE-2020-0007

FEYE-2020-0008

FEYE-2020-0009

FEYE-2020-0010

FEYE-2020-0011

FEYE-2020-0012

FEYE-2020-0013

FEYE-2020-0014

FEYE-2020-0015

FEYE-2020-0016

FEYE-2020-0017

FEYE-2020-0018

FEYE-2020-0019

FEYE-2020-0020

FEYE-2021-0001

FEYE-2021-0002

FEYE-2021-0003

FEYE-2021-0004

FEYE-2021-0005

FEYE-2021-0006

FEYE-2021-0007

FEYE-2021-0008

FEYE-2021-0009

FEYE-2021-0010

FEYE-2021-0011

FEYE-2021-0012

FEYE-2021-0013

FEYE-2021-0014

FEYE-2021-0015

FEYE-2021-0016

FEYE-2021-0017

FEYE-2021-0018

FEYE-2021-0019

FEYE-2021-0020

FEYE-2021-0021

FEYE-2021-0022

FEYE-2021-0023

FEYE-2021-0024

FEYE-2021-0025

MNDT-2021-0001

MNDT-2021-0002

MNDT-2021-0003

MNDT-2021-0004

MNDT-2021-0005

MNDT-2021-0006

MNDT-2021-0007

MNDT-2021-0008

MNDT-2021-0009

MNDT-2021-0010

MNDT-2021-0011

MNDT-2021-0012

README.md

README.md

Mandiant Vulnerability Disclosures

This repository details vulnerabilities disclosed by Mandiant. These vulnerabilities were discovered by internal research, through Red Team assessments, or in use in the wild. Proof of concepts (PoCs) may or may not be provided.

The following licenses/licensing apply to this Mandiant repository:

  1. CC BY-SA 4.0 - For CVE related information not including source code (such as PoCs)
  2. MIT - For source code contained within provided CVE information

Mandiant coordinates and handles Vulnerability Disclosures in accordance with Google’s Vulnerability Disclosure Policy.

About

No description, website, or topics provided.

Resources

Readme

Activity

Stars

146 stars

Watchers

26 watching

Forks

51 forks

Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  • RonnieSalomonsen Ronnie Salomonsen
  • aaronc100 Aaron Carreras
  • attritionorg Jericho
  • ziadhany ziad hany

Languages

  • C++ 100.0%

Related news

CVE-2023-26078: Vulnerability-Disclosures/2023/MNDT-2023-0009.md at master · mandiant/Vulnerability-Disclosures

Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907