Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20126: Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 - Research Advisory | Tenable®

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVE
Open in Source

Related news

Red Hat Security Advisory 2021-4058-01

Red Hat Security Advisory 2021-4058-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2021-3988-01

Red Hat Security Advisory 2021-3988-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

CVE-2021-20123: Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 - Research Advisory | Tenable®

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

CVE-2021-20124: Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 - Research Advisory | Tenable®

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

CVE-2021-20129: Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 - Research Advisory | Tenable®

An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.

CVE-2021-20125: Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 - Research Advisory | Tenable®

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges.

CVE-2021-20127: Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 - Research Advisory | Tenable®

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.

CVE-2021-20791: JVN#81658818: Multiple vulnerabilities in RevoWorks Browser

Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE