CVE-2021-33724
https://notcve.org/view.php?id=CVE-2021-33724
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). El sistema afectado contiene una vulnerabilidad de Eliminación de Archivos Arbitrarios que posiblemente permite eliminar un archivo o directorio arbitrario bajo una ruta controlada por el usuario • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-33723
https://notcve.org/view.php?id=CVE-2021-33723
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). Un atacante autenticado podría cambiar el perfil de usuario de cualquier usuario sin la debida autorización. • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-285: Improper Authorization •
CVE-2021-33722
https://notcve.org/view.php?id=CVE-2021-33722
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). El sistema afectado presenta una vulnerabilidad de Salto de Ruta cuando se exporta un contenedor de firmware. • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-40438 – Apache HTTP Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. • https://github.com/sixpacksecurity/CVE-2021-40438 https://github.com/xiaojiangxl/CVE-2021-40438 https://github.com/Kashkovsky/CVE-2021-40438 https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit https://github.com/BabyTeam1024/CVE-2021-40438 https://github.com/gassara-kys/CVE-2021-40438 https://github.com/Cappricio-Securities/CVE-2021-40438 https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt https://cert-portal.siemens.com/productcert/pdf/ • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •