CVE-2021-35505
published 2021-10-05CVE-2021-35505: Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.73%
84.2th percentile
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| afian | filerun | <= 2021.03.26 | — |
| qemu | qemu | >= 0 < 1:2.11+dfsg-1ubuntu7.37 | 1:2.11+dfsg-1ubuntu7.37 |
| qemu | qemu | >= 0 < 1:4.2-3ubuntu6.17 | 1:4.2-3ubuntu6.17 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv2.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h2q6-wc4j-c6gm: Afian FileRun 2021
ghsa_unreviewed·2022-05-24
CVE-2021-35505 [HIGH] CWE-74 GHSA-h2q6-wc4j-c6gm: Afian FileRun 2021
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
OSV
qemu vulnerabilities
osv·2021-07-15·CVSS 2.3
CVE-2020-15469 qemu vulnerabilities
qemu vulnerabilities
Lei Sun discovered that QEMU incorrectly handled certain MMIO operations.
An attacker inside the guest could possibly use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2020-15469)
Wenxiang Qian discovered that QEMU incorrectly handled certain ATAPI
commands. An attacker inside the guest could possibly use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 21.04. (CVE-2020-29443)
Cheolwoo Myung discovered that QEMU incorrectly handled SCSI device
emulation. An attacker inside the guest could possibly use this issue to
cause QEMU to crash, resulting in a denial of service. (CVE-2020-35504,
CVE-2020-35505, CVE-2021-3392)
Alex Xu discovered that QEMU incorrectly handled the virtio-fs shared f
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-05
Published