Remote code execution

Azure Sphere Unsigned Code Execution Vulnerability...

CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability

...

CVE-2021-28460

Azure Sphere contains an unsigned code execution vulnerability (CVE-2021-28460). The issue is described as a local, low-complexity vulnerability that requires no authentication and can impact confidentiality, integrity, and availability. Several connected sources (NVD entry and Microsoft advisory...

Azure Sphere Unsigned Code Execution Vulnerability

...

Microsoft Azure Sphere 安全漏洞

Microsoft Azure Sphere is an appliance from Microsoft Corporation USA that is used to provide security in cloud environments. A security vulnerability exists in Microsoft Azure Sphere that originates from unsigned code execution...

Microsoft Azure Sphere mount namespace unsigned code execution vulnerability

Summary An unsigned code execution vulnerability exists in the mount namespace functionality of Microsoft Azure Sphere 21.01. A specially crafted shellcode could allow an adversary to execute an arbitrary binary in a tmpfs mount, leading to unsigned code execution. An attacker can switch to a new...

Microsoft Azure Sphere Linux namespace ptrace unsigned code execution vulnerability

Summary An unsigned code execution vulnerability exists in the Linux namespace ptrace functionality of Microsoft Azure Sphere 21.01. Specially crafted shellcode could allow an adversary to execute unsigned code. An attacker can change the namespace and use ptrace to modify the code of a running...

Cisco IOS XE Software ROM Monitor for Industrial Switches Command Injection (cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw)

According to its self-reported version, IOS-XE is affected by a command injection vulnerability due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set. An unauthenticated, physical attacker can exploit this by setting malicious...

OESA-2021-1110 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

MGASA-2021-0158 Updated fwupd packages fix a security vulnerability

A PGP signature bypass was found in fwupd, which could lead to possible installation of unsigned firmware CVE-2020-10759...

OSV-2021-573 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32555 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int OT::RangeRecord::intersects...

Cisco IOS XE Fast Reload Vulnerability (CNVD-2021-50584)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. Cisco IOS XE suffers from a fast reload vulnerability that can be exploited by an attacker to execute arbitrary code on the underlying operating system, install and boot a malware...

Cisco IOS XE OS Command Injection Vulnerability

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An OS command injection vulnerability exists in ROMMON of Cisco IOS XE. The vulnerability stems from incorrect validation of specific function parameters passed to the startup...

CVE-2021-1375

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

CVE-2021-1376

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

Input validation

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

CVE-2021-1375 Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

CVE-2021-1376 Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

CVE-2021-1452

A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...

CVE-2021-1453

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code functi...