CVE: CVE-2021-0254 Tested Versions: Junos OS 15.1 to 20.4R1 (Tested on Juniper MX960 device) Product URL(s): https://www.juniper.net/ Description of the vulnerability overlayd is a service that handles Overlay OAM Packet send to Juniper device. This service runs as root by default when the device starts and listens to the UDP connection on port 4789. Port 4789 is exposed to the internet, and everyone can connect to this port and send data....

CVE: CVE-2021-0255 Tested Versions: Junos OS 15.1 to 20.4R1 (Tested on Juniper MX960 device) Product URL(s): https://www.juniper.net/ Description of the vulnerability On the Juniper OS, there are a few binaries that have the setuid permission bit enabled. These binaries will run as the owner of the executable (typically as “root”) and inherit their privileges. Hence, these binary files can be used to escalate privileges to disclose sensitive information or execute arbitrary command as root....

CVE: CVE-2021-0256 Tested Versions: Junos OS 15.1 to 20.4R1 (Tested on Juniper MX960 device) Product URL(s): https://www.juniper.net/ Description of the vulnerability On the Juniper OS, there are a few binaries that have the setuid permission bit enabled. These binaries will run as the owner of the executable (typically as “root”) and inherit their privileges. Hence, these binary files can be used to escalate privileges to disclose sensitive information or execute arbitrary command as root....

CVE: CVE-2021-2321 Tested Versions: Oracle VirtualBox 6.1.18 revision r142142 Product URL(s): https://www.virtualbox.org/ Description of the vulnerability When the e1000 driver is sending data to e1000 device, it will send frame by frame, there are context frame and data frame, usually one context frame followed by one or multiple data frames. We can prepare by setting TDH (Transfer Head), TDBAL (first 32 bit physical address of frames), TDBAH (last 32 bit physical address of frame) register, We can make device doing transfer by writing TDT (Transfer Tail) register and then will call e1kXmitPending to do the transfer....

CVE: CVE-2021-3409 Tested Versions: QEMU version under 5.2.50 Product URL(s): https://www.qemu.org/ Description of the vulnerability QEMU version 5.2.50 is susceptible to vulnerabilities which, when successfully exploited, could lead to the disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). SDHCI is Secure Digital Host Controller Interface. Secure Digital is a proprietary non-volatile memory card format developed by the SD Association (SDA) for portable devices....

CVE: CVE-2021-34978 Tested Versions: NETGEAR R6260 V1.1.0.78_1.0.1 Product URL(s): https://www.netgear.com/ Description of the vulnerability This vulnerability allows for an attacker with LAN access to a NETGEAR R6260 router to execute arbitrary code. This was tested on the latest firmware available for the router, V1.1.0.78_1.0.1 at the point of writing. When setupwizard.cgi is executed via a HTTP SOAP request, specially crafted SOAP-ENV headers will cause strncpy() to produce unterminated strings in analyse_XML_namespace()....

CVE: CVE-2021-34979 Tested Versions: NETGEAR R6260 V1.1.0.78_1.0.1 Product URL(s): https://www.netgear.com/ Description of the vulnerability This vulnerability allows for an attacker with LAN access to a NETGEAR R6260 router to execute arbitrary code. This was tested on the latest firmware available for the router, V1.1.0.78_1.0.1 at the point of writing. A buffer overflow in mini_httpd.c:1768 allows for unexpectedly long environment variables to be passed to the setupwizard.cgi executable....