Daniel Svartman

**Name of the Vulnerable Software and Affected Versions** Sixnet SixView Manager version 2.4.1 **Description** A directory traversal issue allows remote attackers to read arbitrary files by including a .. (dot dot) in an HTTP GET request to TCP port 18081. **Recommendations** For Sixnet SixView Manager version 2.4.1, consider restricting access to TCP port 18081 until a patch is available. As a temporary workaround, avoid using the HTTP GET request to access sensitive files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sudo versions prior to 1.8.15 **Description** The issue allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers. This can be demonstrated by a path such as "/home/*/*/file.txt". **Recommendations** For versions prior to 1.8.15, update to version 1.8.15 or later to resolve the issue. As a temporary workaround, consider restricting access to sudoedit until a patch is available. Avoid using multiple wildcards in /etc/sudoers file paths to minimize the risk of exploitation.