133 matches found
CVE-2020-26553
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree...
CVE-2020-26549
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...
CVE-2020-26550
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key...
CVE-2020-26550
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key...
CVE-2020-26552
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...
CVE-2020-26552
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...
CVE-2020-26551
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...
CVE-2020-26551
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...
CVE-2020-26553
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree...
CVE-2020-26548
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...
CVE-2020-26548
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...
CVE-2020-26549
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...
Design/Logic Flaw
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...
Design/Logic Flaw
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree...
Remote file inclusion
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...
Design/Logic Flaw
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...
Design/Logic Flaw
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...
Design/Logic Flaw
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key...
CVE-2020-26553
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree...
CVE-2020-26553
CVE-2020-26553 affects Aviatrix Controller prior to R6.0.2483. Multiple APIs allow arbitrary files to be uploaded to the web tree, enabling remote code execution as described in connected CNVD/NVD records. Affected product: Aviatrix Controller; vulnerability root cause: file upload in API functio...