Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.
3c5b924eea85063a32d4abf12a102470e52fe008b637d8c375ec9d27c3e4f296
Cypress Solutions CTM-200/CTM-ONE suffers from a hard-coded credential remote root vulnerability via telnet and ssh.
c6e807601e506777669f00a74526a7064066038cba2f8103bedd98cb559088c8
Red Hat Security Advisory 2021-3757-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.
38c10353c3be2c00f30a90bde27cd8a37e0eff559d3b8a2e81315440a0301603
Red Hat Security Advisory 2021-3755-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.
183b7fa3104243a5b8c4805e9541c027d34d33a5d577e9978401ec54fcba0c21
Red Hat Security Advisory 2021-3756-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.
ccbdd2580dec6e85c2f4465847fb5548a68a7326e4720e5e910a0406ed7da2fb
Aviatrix Controller versions 6.x prior to 6.5-1804.1922 shell upload exploit that leverages a directory traversal vulnerability.
331dd6f8a249dbbec912d81e1ec79077faa3eae730bcac5470378fd810088b1f
Red Hat Security Advisory 2021-3754-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.
a1770e3378bc7eda415851082748f2fd9d089872f0c8a4a51af5add6d181871e