PT-2021-7227 · Intel · Intel Processors

Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Description: The issue is related to an out-of-bounds write in the BIOS authenticated code module for some IntelR Processors. This may allow a privileged user to potentially enable escalation ...

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in the Jira Server for Slack plugin. An authenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code on the Jira server. No CVE number has yet been disclosed for the vulnerability. disclosed. Jira installations tha...

Access Control Error Vulnerability in Multiple Cisco Products

Cisco RV016 Multi-WAN VPN Router is a VPN Virtual Private Network router. RV042 Dual WAN VPN Router is a VPN Virtual Private Network router. The RV042G Dual Gigabit WAN VPN Router is a VPN Virtual Private Network router. An access control error vulnerability exists in the Cisco Small Business...

Access Control Error Vulnerability in Multiple Cisco Products

Cisco RV016 Multi-WAN VPN Router is a VPN Virtual Private Network router. RV042 Dual WAN VPN Router is a VPN Virtual Private Network router. The RV042G Dual Gigabit WAN VPN Router is a VPN Virtual Private Network router. An access control error vulnerability exists in the Cisco Small Business...

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0 when running with Python 3.6 or later allows remote authenticated users to execute arbitrary code leading to privilege escalation.

...

UBUNTU-CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

Code injection

rConfig 3.9.4 and earlier allows authenticated code execution of system commands by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php...

CVE-2020-13778

rConfig 3.9.4 and earlier allows authenticated code execution of system commands by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php...

CVE-2020-13778

CVE-2020-13778 concerns rConfig (open source network device configuration utility). Affected are rConfig versions 3.9.4 and earlier. The root cause is remote code execution: an authenticated attacker can trigger system command execution by sending a forged GET request to lib/ajaxHandlers/ajaxAddT...

CVE-2020-26124

OpenMediaVault is affected by CVE-2020-26124: authenticated PHP code injection via the sortfield POST parameter to rpc.php, caused by missing json_encode_safe in config/databasebackend.inc. Successful exploitation allows arbitrary root command execution. Affected versions: OpenMediaVault before 4...

CVE-2020-16148

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

Code injection

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

CVE-2020-16148

Summary: CVE-2020-16148 relates to Telmat AccessLog, where the ping page of the administration panel on versions before 6.0 (TAL_20180415) can be abused to perform authenticated code injection over the network, potentially granting root shell privileges. This vulnerability is described across mul...

CVE-2020-16148

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

CVE-2020-14079

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action autoupfw or autouplp with a sufficiently long updatefilename key...

CVE-2020-14074

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kickbanwifimacallow with a sufficiently long qcawifi.wifi0vap0.maclist key...

CVE-2019-19699

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...

Debian DLA-2129-1 : firebird2.5 security update

An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0. As UDFs can be used for a remote authenticated code execution as user firebird, UDFs have been disabled in the default configuration which will be used for new installations there is no change for existing configurations,...

WordPress Divi Builder plugin <= 4.0.9 - Authenticated Code Injection vulnerability

Authenticated Code Injection vulnerability found in WordPress Divi Builder plugin versions = 4.0.9. Solution Update the WordPress Divi Builder plugin to the latest available version at least 4.0.10...

CVE-2019-15813

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...