David Lisa Gnedt

**Name of the Vulnerable Software and Affected Versions** CloudLinux CageFS versions 7.1.1-1 and below **Description** The issue allows local users to view the authentication token via the process list and gain code execution as another user, because the authentication token is passed as a command line argument. This can occur in certain configurations. **Recommendations** For CloudLinux CageFS versions 7.1.1-1 and below, consider restricting access to the process list to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CloudLinux CageFS versions 7.0.8-2 and below **Description** The issue allows local users to read and write arbitrary files of certain file formats outside the CageFS environment due to insufficient restrictions on file paths supplied to the sendmail proxy command. **Recommendations** For CloudLinux CageFS versions 7.0.8-2 and below, consider restricting access to the sendmail proxy command as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MOKOSmart MKGW1 BLE Gateway versions 1.1.1 and before **Description** An issue in the session management component of the administrative web interface allows a remote attacker to escalate privileges. **Recommendations** For versions 1.1.1 and before, consider restricting access to the administrative web interface until a fix is available. As a temporary workaround, consider disabling the session management component of the administrative web interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.