eXtplorer <= 2.1.14 - Authentication Bypass & Remote Code Execution Exploit

Exploit Title: eXtplorer= 2.1.14 - Authentication Bypass & Remote Code Execution RCE Exploit Author: ErPaciocco Author Website: https://erpaciocco.github.io Vendor Homepage: https://extplorer.net/ Vendor: ============== extplorer.net Product: ================== eXtplorer = v2.1.14 eXtplorer is a...

CVE-2023-28444

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

bsv-wasm (>=0.0.0 <=1.2.0-beta.3), cargo-screeps (>=0.3.3 <=0.4.0) +11 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.40)

openssl CARGO version =0.10.22, =0.0.0, =0.3.3, =0.6.25, =0.1.24, =0.1.22, =0.1.24, =0.1.0, =0.10.4, =0.10.3, =0.21.0 - roaring-landmask =0.4.0 - twetch-sdk =0.0.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0023...

bsv-wasm (>=0.0.0 <=1.2.0-beta.3), cargo-screeps (>=0.3.3 <=0.4.0) +11 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.40)

openssl CARGO version =0.10.22, =0.0.0, =0.3.3, =0.6.25, =0.1.24, =0.1.22, =0.1.24, =0.1.0, =0.10.4, =0.10.3, =0.21.0 - roaring-landmask =0.4.0 - twetch-sdk =0.0.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0024...

Privilege Escalation

github.com/cilium/cilium-cli is vulnerable to Privilege Escalation. The vulnerability exists due to the incorrect mount point specification in the generateDeployment function of clustermesh.go, which overwrites the permissions specified in the initContainer when using cilium-cli to configure a...

SUSE CVE-2023-28114

cilium-cli is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster...

CVE-2023-21030

In Confirmation of keystorecliv2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

CVE-2023-20035

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit...

Input validation

A vulnerability in Cisco access points AP software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker...

CVE-2023-20097 Cisco Access Point Software Command Injection Vulnerability

A vulnerability in Cisco access points AP software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker...

CVE-2023-20056

CVE-2023-20056 affects Cisco Access Point software management CLI. The issue stems from insufficient input validation of user commands, allowing an authenticated, local attacker to trigger a reload and DoS on the device. Exploitation details are not provided in the documents; no explicit affected...

CVE-2023-20056 Cisco Access Point Software Denial of Service Vulnerability

A vulnerability in the management CLI of Cisco access point AP software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could...

CVE-2023-20056 Cisco Access Point Software Denial of Service Vulnerability

A vulnerability in the management CLI of Cisco access point AP software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could...

CVE-2023-20097 Cisco Access Point Software Command Injection Vulnerability

A vulnerability in Cisco access points AP software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker...

CVE-2023-28114

cilium-cli is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster...

Design/Logic Flaw

cilium-cli is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster...

CVE-2023-28114 `cilium-cli` disables etcd authorization for clustermesh clusters

cilium-cli is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster...

CVE-2023-28114

CVE-2023-28114 affects the cilium-cli tool (pre-0.13.2). An incorrect mount point specification can cause the initContainer configuration that manages etcd users/permissions to be overwritten when configuring a clustermesh, potentially removing authorization enforcement on the etcd store used for...

CVE-2023-28114 `cilium-cli` disables etcd authorization for clustermesh clusters

cilium-cli is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster...

CVE-2023-28114 `cilium-cli` disables etcd authorization for clustermesh clusters

cilium-cli is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster...