![]() ![]() A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /CGI-BIN/OTNE_1-14/runBatch.cgi via the file HTTP POST parameter, /CGI-BIN/OTNE_1-14/getRadioTLs.cgi via the context HTTP POST parameter, /CGI-BIN/OTNE_1-14/runRouteReport.cgi via the file HTTP POST parameter or /CGI-BIN/RemoteCommandManager.cgi via the command HTTP POST parameter. ![]() Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 ![]() Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328 Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312Ī function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819 However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. When curl pagearray) With the current PoC this crashes as an OOB read. Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \\controller\\Config.php, which can be exploited via the addqq() method.ĭepending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \\controller\\point.php, which can be exploited via the add() method. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3 20.3 versions prior to 20.3R2 20.4 versions prior to 20.4R2.Ĭommand Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'.Īn issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. For more information about these vulnerabilities, see the Details section of this advisory. Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. There are no known workarounds for this issue. Users are advised to upgrade to 7.3.0 or higher. The impact is increased by this as described before. by injecting malware into the docker images that are built and pushed to Docker Hub. Since has the right preconditions for this to be exploited by remote attackers, it could have been used to hijack builds of OneDev itself, e.g. Attackers need to have an account (or be able to register one) and need permission to create a project. This issue allows regular (non-admin) users to potentially take over the build infrastructure of a OneDev instance. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. var/run/docker.sock on Linux) is mounted into each Docker step. When using Docker-based job executors, the Docker socket (e.g. Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. ![]()
0 Comments
Leave a Reply. |