Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2021-1459: Cisco Security Advisory: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability.

CVE
#vulnerability#web#cisco#perl#auth
CVE-2021-28927: Libretro – A crossplatform application API, powering the crossplatform gaming platform RetroArch

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.

CVE-2021-21641: Jenkins Security Advisory 2021-04-07

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.

CVE-2021-28940: magpierss/Snoopy.class.inc at 04d2a88b97fdba5813d01dc0d56c772d97360bb5 · kellan/magpierss

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.

CVE-2021-21773: TALOS-2021-1227 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-3478: 1939160 – (CVE-2021-3478) CVE-2021-3478 OpenEXR: Out-of-memory in ScanLineInputFile

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.

CVE-2020-25217: Vulnerability-Disclosures/FEYE-2021-0001.md at master · mandiant/Vulnerability-Disclosures

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.

CVE-2021-21372: nimble/changelog.markdown at master · nim-lang/nimble

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.

CVE-2021-1352: Cisco Security Advisory: Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability

A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

CVE-2021-1281: Cisco Security Advisory: Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user.