RSS Feed
Contents
x
Product Documentation
Architecture Diagrams
Download Center
FAQs
CTERA Support Documents
How-tos
Troubleshooting
Security Advisories
Videos
Powered by
Security Advisories
9 Articles
in this category
Share this
Print
Share
Contents
Security Advisories
9 Articles
in this category
Share
CTERA Portal Nessus False Positive: CVE-2024-41110 AuthZ Bypass
Vulnerability Description This advisory addresses a false positive identified by Nessus regarding CVE-2024-41110 in CTERA Portal. According to the security advisory, CVE-2024-41110 involves an authorization (AuthZ) bypass and privilege escalati...
CTERA Edge Filer Cross-site Request Forgery (CSRF) Vulnerability
Vulnerability Description A vulnerability has been identified in the CTERA Edge Filer user interface, involving a Cross-site Request Forgery (CSRF) attack vector that allows privilege escalation. The likelihood of exploiting this vulnerability...
OpenSSH Vulnerability CVE-2024-6387 (regreSSHion)
Vulnerability Description An unauthenticated Remote Code Execution (RCE) vulnerability has been discovered in OpenSSH’s server (sshd), affecting glibc-based Linux systems. This critical vulnerability, designated CVE-2024-6387...
Edge Filer Security Vulnerability
Vulnerability Description A vulnerability has been identified in the CTERA Edge Filer administrative interface that allows authenticated users to escalate their privileges. This vulnerability has been assessed by CTERA to hav...
Samba Vulnerability CVE-2021-44142
Vulnerability Description CVE-2021-44142 is a privilege escalation vulnerability that allows remote attackers to execute arbitrary code on affected installations of Samba. Access as a user that has write access to a file's e...
Security Vulnerability CVE-2021-4034 (Polkit (Pwnkit))
Vulnerability Description A memory corruption vulnerability has been found in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows an...
Security Vulnerability CVE-2021-44228 (Log4Shell)
The information in this article is correct as of December 16th 2021. Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled L...
Security Vulnerability CVE-2022-0847 (Dirty Pipe ) and CVE-2022-0001 (Spectre-BHI )
Vulnerability Description The Dirty Pipe vulnerability in the Linux kernel has been around since version 5.8 and is tracked as CVE-2022-0847. This flaw discovered by Max Kellermann, abuses how the Kernel manages pages in pip...
Security Vulnerability CVE-2022-22965 and CVE-2022-22963 (Spring4Shell Zero-Day Vulnerability)
Vulnerability Description A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WA...