Privilege escalation in easyappointments

The Easy!Appointments API authorization is checked against the user's existence, without validating the permissions. As a result, a low privileged user (eg. provider) can create a new admin user via t ...

Continue Reading
Improper Input Validation in k8s.io/ingress-nginx

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io ...

Continue Reading
SQL injetction

# Description SQL injection exists in the camptocamp/terraboard. Among all APIs there is an API routed to `/api/search/attribute`, whose corresponding method is [api.SearchAttribute](https://github.co ...

Continue Reading
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. * The attacker creates a workflow that produces a HTML artifact that contains a HTML fi ...

Continue Reading
OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of t ...

Continue Reading
CVE-2021-43162

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagno ...

Continue Reading
CVE-2021-43161

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. ...

Continue Reading
CVE-2021-43160

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnos ...

Continue Reading

Back to Main

Subscribe for the latest news: