Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2021-40085: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts — OpenStack Security Advisories 0.0.1.dev251 documentation

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

CVE
#vulnerability#rce#buffer_overflow#auth
CVE-2021-29907: Security Bulletin: IBM OpenPages with Watson has addressed a remote code execution vulnerability (CVE-2021-29907)

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

CVE-2021-21678: Jenkins Security Advisory 2021-08-31

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

CVE-2021-21679: Jenkins Security Advisory 2021-08-31

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

CVE-2021-34565: VDE-2021-027 | CERT@VDE

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.

CVE-2021-36981: Security Advisory

In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.

CVE-2020-19001: SImiik <=v1.6.2.1 xss + rce · Issue #123 · tankywoo/simiki

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'.

CVE-2021-21827: TALOS-2021-1291 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-0417: August 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.

CVE-2021-21825: TALOS-2021-1290 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.