#ssh

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.

The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.

Backdoor.Win32.Cafeini.b malware suffers from a man-in-the-middle vulnerability.

In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.

In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.