Title John Deere Account Portal - Information Disclosure - Rate Limitless Username Enumeration Via Unauthenticated Availability Look-ups. CVE ID Not...

CVE-2021-29662 – Perl module Data::Validate::IP – Improper Input Validation of octal literals in Perl Data::Validate::IP v0.29 and below results in indeterminate SSRF & RFI vulnerabilities.

by Sick Codes

March 31, 2021 - Updated on April 8, 2021

Title Perl module Data::Validate::IP - Improper Input Validation of octal literals in Perl Data::Validate::IP v0.29 and below results in indeterminate...

Page 2 of 4 Prev 1 2 3 4 Next

No Result

View All Result

Security

CVE-2022-36123 – A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution

CVE-2022-35414 – QEMU 4.1.50 through QEMU 7.0.0 – address_space_translate_for_iotlb allows a guest user to crash a host resulting in a denial of service.

Sick Codes @ DEF CON 30 August 11-14 2022!

CVE-2021-33318 IpMatcher v1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2. incorrectly validates octal & hexadecimal input data, leading to indeterminate SSRF, LFI, RFI, and DoS vectors.

Sick Codes @ DEF CON 29 August 5-8 2021!

CVE-2021-27616 – SAP Business One Hana (Chef Cookbook) – Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary File Storage.

CVE-2021-27614 – SAP Business One Hana (Chef Cookbook) – Incorrect Permission Assignment for Critical Resources – Root Privilege Escalation Vulnerability

CVE-2021-27613 – SAP Business One Hana (Chef Cookbook) – Insecure Temporary File For Incoming & Outgoing Payroll Data – SAP Business One Chef Cookbook.

CVE-2021-27231 – Hestia Control Panel 1.4.0 and below – Subdomain Takeover – Improper Privilege Management

CVE-2021-29921 – python stdlib “ipaddress” – Improper Input Validation of octal literals in python 3.8.0 thru v3.10 results in indeterminate SSRF & RFI vulnerabilities. — “ipaddress leading zeros in IPv4 address”

Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cade.

SICK-2021-031 – John Deere Operations Center – Improper Authorization Allows Exposure of Sensitive Information to an Unauthorized Actor via Farming Equipment VIN API – iOS 5.1.2 and below, Android 5.1.4 and below, Web App

SICK-2021-012 – John Deere Account Portal – Information Disclosure – Rate Limitless Username Enumeration Via Unauthenticated Availability Look-ups.

CVE-2021-29662 – Perl module Data::Validate::IP – Improper Input Validation of octal literals in Perl Data::Validate::IP v0.29 and below results in indeterminate SSRF & RFI vulnerabilities.

@sickcodes

@sickcodes

@sickcodes

Discord Server

sickcodes.slack.com

t.me/sickcodeschat

./contact_form