Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-21876: TALOS-2021-1315 || Cisco Talos Intelligence Group

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

CVE
Open in Source
#vulnerability#web#windows#apple#cisco
CVE-2021-21881: TALOS-2021-1325 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21888: TALOS-2021-1332 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21873: TALOS-2021-1314 || Cisco Talos Intelligence Group

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21882: TALOS-2021-1326 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21883: TALOS-2021-1327 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21884: TALOS-2021-1328 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21923: TALOS-2021-1365 || Cisco Talos Intelligence Group

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery.

CVE-2021-21915: TALOS-2021-1363 || Cisco Talos Intelligence Group

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

CVE-2021-21918: TALOS-2021-1364 || Cisco Talos Intelligence Group

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.