CVE

Security Onion V2 (prior to v2.3.10) has an incorrect sudo configuration, which allows local users to obtain root access by editing and executing /home/USERNAME/SecurityOnion/setup/so-setup without supplying a password.

QuickBox CE <= v2.5.5 and QuickBox Pro <= 2.1.8 are both affected by an authenticated remote code execution (RCE) and privilege escalation vulnerability. A low-privileged user can execute arbitary commands on the server with the privileges of the user running the web server...