Author: Cyberthreat Blog

picocom before 2.0 has a command injection vulnerability in the ‘send and receive file’ command because the command line is executed by /bin/sh unsafely.

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

Gajim through 0.16.7 unconditionally implements the “XEP-0146: Remote Controlling Clients” extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a...

A potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the...