Security Advisories (formerly Vulnerability Notices)

Blog Articles

SA-2023-102 - Privilege escalation via forged HTTP request (CVE-2023-43120)

Summary It is possible to escalate permissions from a user with “read-only” permissions to an administrator “read-write” permissions by using the telnet tool may be used to forge an HTTP request to ob...

SA-2023-101 - Chalet directory traversal vulnerability (CVE-2023-43121)

Summary A directory traversal vulnerability in the Chalet application in EXOS allows any file on the system to be read. Extreme Networks acknowledges and thanks David Yesland of Rhino Security Labs fo...

SA-2023-100 - TLS handshake vulnerability in Java client (CVE-2023-21930)

Summary Some Oracle Java SE, Oracle GraalVM Enterprise Edition, OpenJDK, and Corretto versions are vulnerable to attacks via certain TLS handshakes. The vulnerability affects Java client deployments r...