A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.
In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.
Summary - The certificate used to identify Orchestrator to EdgeConnect devices is not validated Details: The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Product affected - All versions affected prior to Silver Peak Unity ECOSâ„¢ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestratorâ„¢ 8.9.2+ 1. Silver Peak product(s)…