|
Il servizio offre una piattaforma che consente ai Registrar di verificare eventuali problemi di performance e sicurezza... |
Il servizio offre un sondaggio per la verifica della conformità di un’organizzazione al GDPR (General Data Protection... |
Il servizio si prefigge di individuare comportamenti tipici dei ransomware quali, ad esempio, la cifratura di una... |
Il servizio raccoglie informazioni relative ad exploit pubblici aggiornati giornalmente attraverso il repository... |
| Published | Description | |
|---|---|---|
| CVE-2021-21251 |
15-01-2021 21:15:00 |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library method leveraging Apache Commons Compress. During the untar process, there are no checks in place to prevent an untarred file from traversing the file system and overriding an existing file. For a successful exploitation, the attacker requires a valid __JobToken__ which may not be possible to get without using any of the other reported vulnerabilities. But this should be considered a vulnerability in `io.onedev.commons.utils.TarUtils` since it lives in a different artifact and can affect other projects using it. This issue was addressed in 4.0.3 by validating paths in tar archive to only allow them to be in specified folder when extracted. |
| CVE-2021-21250 |
15-01-2021 21:15:00 |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file. |
| CVE-2021-21243 |
15-01-2021 20:15:00 |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue was fixed in 4.0.3 by not using deserialization at KubernetesResource side. |
| CVE-2021-21244 |
15-01-2021 20:15:00 |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely. |
| CVE-2020-24641 |
15-01-2021 19:15:00 |
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
14-01-2021 |
Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC) | hardware | Shizhi He |
|
14-01-2021 |
Online Shopping Cart System 1.0 - 'id' SQL Injection | php | Aydın Baran Ertemir |
|
14-01-2021 |
Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated) | php | Haboob Team |
|
14-01-2021 |
Online Movie Streaming 1.0 - Admin Authentication Bypass | php | Richard Jones |
|
14-01-2021 |
Laravel 8.4.2 debug mode - Remote code execution | php | SunCSR Team |
Italiano
English