Exploit

CVE-2021-3710

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Oct 1, 2021 / Updated: 37mo ago

We have identified a vulnerability in the access control of the ACPU’s normal world (e.g. under which the Linux kernel runs) in Huawei Kirin SoCs. The overly permissive rules allow the code running in the context of a normal-world kernel to control the modem’s EDMA engine. There is a vulnerability in the Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allows the Linux kernel to bypass memory access restrictions and directly compromise multiple privileged subsystems of the SoC.

The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. This security alert impacts software or systems such as Ubuntu .

Original release date: October 11, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info archibus — web_central ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the testers to modify the application logic. It is also possible to set the value of the session token, client-side, simply by making an unauthenticated GET Request to the Home Page and adding an arbitrary value to the JSESSIONID field. The application, following the login, does not assign a new token, continuing to keep the inserted one, as the identifier of the entire session. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020. 2021-10-05 7.5 CVE-2021-41553 MISC aviatorscript_project — aviatorscript AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA.

Original release date: October 11, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info archibus -- web_central ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the testers to modify the application logic. It is also possible to set the value of the session token, client-side, simply by making an unauthenticated GET Request to the Home Page and adding an arbitrary value to the JSESSIONID field. The application, following the login, does not assign a new token, continuing to keep the inserted one, as the identifier of the entire session. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020. 2021-10-05 7.5 CVE-2021-41553 MISC aviatorscript_project -- aviatorscript AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).