23 matches found
EUVD-2021-9045
Malicious code in bioql PyPI...
EUVD-2021-9044
Malicious code in bioql PyPI...
EUVD-2021-9046
Malicious code in bioql PyPI...
CVE-2021-21875
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21874
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21873
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21874
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21875
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21875
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21873
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21874
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21873
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Cross site request forgery (csrf)
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Cross site request forgery (csrf)
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Cross site request forgery (csrf)
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21875
Lantronix PremierWave 2050 has OS command injection vulnerabilities in its Web Manager SSL Credential Upload feature. CVE-2021-21875 specifically allows authenticated attackers to inject commands via the EC keypasswd parameter, leading to arbitrary code execution with root privileges. The confirm...
CVE-2021-21875
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21874
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21874
Lantronix PremierWave 2050 Web Manager SSL Credential Upload contains OS command injection vulnerabilities, including CVE-2021-21874 (DSA keypasswd). TALOS-2021-1314 documents multiple authenticated HTTP POST parameter injections (keypasswd) that inject into OpenSSL commands and execute with root...
CVE-2021-21873
CVE-2021-21873 affects Lantronix PremierWave 2050 Web Manager, where an authenticated HTTP request to the SSL credential upload endpoint can inject commands via the RSA keypasswd parameter. Talos details show multiple OS command injection vulnerabilities in the Web Manager’s SSL/Credentials page,...