3 matches found
CVE-2021-35064
Kramer VIAware (VIAware web interface) is affected by CVE-2021-35064 with concrete details in connected sources: misconfigured sudoers permissions grant privilege escalation by allowing dangerous commands (e.g., unzip, systemctl, dpkg), enabling possible remote code execution patterns. Nuclei tem...
CVE-2021-36356
KRAMER VIAware (through Aug 2021) is vulnerable to remote code execution via ajaxPages/writeBrowseFilePathAjax.php which accepts arbitrary executable pathnames, enabling unauthenticated attackers to upload and execute code. The issue stems from an incomplete fix for CVE-2019-17124. Reports in CVE...
CVE-2019-17124
CVE-2019-17124 affects Kramer VIAware; multiple connected sources (Red Hat CVE-2021-36356, CVE lists) indicate the issue persists via an incomplete fix and allows remote code execution through ajaxPages/writeBrowseFilePathAjax.php by accepting arbitrary pathnames. The advisory notes this is an af...