Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40345

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

CVE
#ios

Related news

CVE-2021-38847: GitHub - bousalman/S-Cart-Arbitrary-File-Upload: Arbitrary File Upload Vulnerability

S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.

CVE-2021-25742: [Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

CVE-2021-40344

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.

CVE-2020-36485

Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.

CVE-2020-23037

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

CVE-2020-23043

Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.

CVE-2021-42556: Open source conversational AI

Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.

CVE-2021-40720: Adobe Security Bulletin

Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.

CVE-2021-34814: Security Advisories | Proofpoint US

Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.

CVE-2021-39304: Security Advisories | Proofpoint US

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.

CVE-2021-42084: Security Advisory ZAA-2021-11 | Zammad

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.

CVE-2021-42088: Security Advisory ZAA-2021-12 | Zammad

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.

CVE-2021-42090: Security Advisory ZAA-2021-14 | Zammad

An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.

CVE-2021-42085: Security Advisory ZAA-2021-17 | Zammad

An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.

CVE-2021-42091: Security Advisory ZAA-2021-08 | Zammad

An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.

CVE-2021-42087: Security Advisory ZAA-2021-15 | Zammad

An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.

CVE-2021-42086: Security Advisory ZAA-2021-09 | Zammad

An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.

CVE-2021-42089: Security Advisory ZAA-2021-13 | Zammad

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.

CVE-2021-42094: Security Advisory ZAA-2021-18 | Zammad

An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.

CVE-2021-42093: Security Advisory ZAA-2021-10 | Zammad

An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.

CVE-2021-42092: Security Advisory ZAA-2021-16 | Zammad

An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.

CVE-2021-25476: Samsung Mobile Security

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

CVE-2021-3848

An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2021-38822: IceHrm Vulnerabilities | Navid Kagalwalla

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.

CVE-2021-40708: Adobe Security Bulletin

Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this vulnerability.

CVE-2021-32466: ZDI-21-1112

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CVE-2021-39827: Adobe Security Bulletin

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.

CVE-2021-39826: Adobe Security Bulletin

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.

CVE-2021-39828: Adobe Security Bulletin

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.

FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539

The critical authentication bypass vulnerability exists in Zoho ManageEngine ADSelfService Plus, officials report.

CVE-2021-40870: Unrestricted upload of file with dangerous type in Aviatrix allows an authenticated user to execute arbitrary code — Tradecraft

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

CVE-2021-25454: Samsung Mobile Security

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

CVE-2021-25455: Samsung Mobile Security

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

CVE-2021-25456: Samsung Mobile Security

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

CVE-2020-12006: Advantech WebAccess Node | CISA

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.

CVE-2020-12010: Advantech WebAccess Node | CISA

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.

CVE-2019-15599: HackerOne

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

CVE-2019-15597: HackerOne

A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.

CVE-2018-10929: 1612660 – (CVE-2018-10929) CVE-2018-10929 glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.

CVE-2018-10926: 1613143 – (CVE-2018-10926) CVE-2018-10926 glusterfs: Device files can be created in arbitrary locations

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

CVE-2018-10904: Gerrit Code Review

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907