Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2047)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2047)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BF...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2058)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-31838 Command injection through environment variable in MVISION EDR

A command injection vulnerability in MVISION EDR MVEDR prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'...

Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF

The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server Side Request Forgery and RFI Remote File Inclusion vulnerabilities on...

EulerOS 2.0 SP8 : binutils (EulerOS-SA-2021-1976)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with...

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the...

Integer overflow

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can...

Command injection

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device...

CVE-2021-33537

CVE-2021-33537 affects Weidmueller Industrial WLAN devices. The vulnerability is a remote code execution in the iw_webs configuration parsing function. A specially crafted username entry can cause an overflow of an error message buffer, enabling RCE. An attacker can send commands while authentica...

CVE-2021-33528 WEIDMUELLER: WLAN devices affected by privilege escalation vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iwconsole functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker...

CVE-2021-32704

DHIS 2 SQL injection (CVE-2021-32704) affects the API endpoint /api/trackedEntityInstances in DHIS2 versions 2.34.4, 2.35.2, 2.35.3, 2.35.4, and 2.36.0. The vulnerability is a SQL injection that can be exploited by a logged-in DHIS2 user, potentially allowing reading, editing, and deleting data w...

CVE-2021-29954

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210428201255...

CVE-2021-29954

CVE-2021-29954 concerns a proxy vulnerability in Hubs Cloud’s Reticulum that permits access to internal URLs, including the metadata service. The affected product/version is Hubs Cloud ≤ mozillareality/reticulum/1.0.1/20210428201255. The connected documents describe the root cause as a misbehavin...

CVE-2021-25652

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

Information disclosure

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

CVE-2021-25652 Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

CVE-2021-25652

CVE-2021-25652 affects Avaya Aura Appliance Virtualization Platform Utilities (AVPU). The vulnerability is an information-disclosure issue in the directory and file management that could allow any local user to access system functionality and configuration information intended for privileged user...

CVE-2021-25649 Avaya Utility Services Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user...

PT-2021-16730 · Avaya · Avaya Aura Appliance Virtualization Platform Utilities

Name of the Vulnerable Software and Affected Versions: Avaya Aura Appliance Virtualization Platform Utilities AVPU versions 8.0.0.0 through 8.1.3.1 Description: An information disclosure issue was discovered in the directory and file management of AVPU, potentially allowing any local user to acce...