Turn the Tables: Supply Chain Defense Needs Some Offense, Fortinet Says
From DHS/US-CERT’s National Vulnerability Database CVE-2021-33790
PUBLISHED: 2021-05-31
The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation mig…
CVE-2021-30461
PUBLISHED: 2021-05-29
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
CVE-2021-31702
PUBLISHED: 2021-05-29
Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.
CVE-2021-31703
PUBLISHED: 2021-05-29
Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user.
CVE-2021-33564
PUBLISHED: 2021-05-29
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandl…
Read More HERE