NSA Appoints Rob Joyce as Cyber Director

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-21243
PUBLISHED: 2021-01-15

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks.
This issue may lead to pre-auth RCE.
This issue …

CVE-2021-21244
PUBLISHED: 2021-01-15

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA.
This issue was fixed in 4.0.3 by disabling validation interpolation com…

CVE-2020-24638
PUBLISHED: 2021-01-15

Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.

CVE-2020-24639
PUBLISHED: 2021-01-15

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

CVE-2020-24640
PUBLISHED: 2021-01-15

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

Read More HERE

Leave a Reply