Aviatrix Controller Unrestricted Upload of File (CVE-2021-40870)

While the Aviatrix UI requires authentication, many API calls do not enforce a check for authentication. Some of these API calls allow an unauthenticated attacker to upload arbitrary files, including .php scripts, to the filesystem. These uploaded scripts will be processed by the web frontend,...

Aviatrix Controllers < 7.1.4191 / 7.2 < 7.2.4996 RCE

The version of Aviatrix Controller installed on the remote host is prior to 7.1.4191 for 7.1.x or prior to 7.2.4996 for 7.2.x. It is, therefore, affected by an OS command injection vulnerability caused by improper neutralization of special elements in API input. An unauthenticated attacker can se...

EUVD-2020-19093

Malware in sbrugna...

EUVD-2020-20076

Malware in sbrugna...

EUVD-2020-5668

Malware in sbrugna...

EUVD-2020-19098

Malware in sbrugna...

EUVD-2020-5667

Malware in sbrugna...

EUVD-2020-5669

Malware in sbrugna...

EUVD-2020-19094

Malware in sbrugna...

EUVD-2020-5666

Malware in sbrugna...

EUVD-2020-5670

Malware in sbrugna...

EUVD-2020-19095

Malware in sbrugna...

EUVD-2020-19097

Malware in sbrugna...

EUVD-2020-19096

Malware in sbrugna...

EUVD-2025-18898

Malicious code in bioql PyPI...

EUVD-2025-18917

Malicious code in bioql PyPI...

CVE-2025-2171

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN...

CVE-2025-2172

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames...

CVE-2025-2171

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN...

CVE-2025-2172

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames...