CVE-2021-42094: Security Advisory ZAA-2021-18 | Zammad

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.

An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.

An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.

An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.

An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.

An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.

An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.

An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.

A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.