CVEs

Warp Terminal

Read my full technical breakdown

CVE IDDescription
CVE-2024-41997Warp Protocol Handler RCE (Command Injection)

OpenText NetIQ iManager

Read my full technical breakdown

CVE IDDescription
CVE-2024-4429iManager CSRF Validation Bypass
CVE-2024-3970iManager Create eGuide Blind SSRF
CVE-2024-3969iManager Unsafe Stylesheet Parsing RCE
CVE-2024-3968iManager Plugin Studio Installer RCE
CVE-2024-3967iManager Email Config Deserialization RCE
CVE-2024-3488iManager Autoparse Arbitrary File Upload
CVE-2024-3487iManager fw_authState Authentication Bypass
CVE-2024-3486iManager ModulesToInstall XXE
CVE-2024-3485iManager Multiple data handler directory traversal file disclosure
CVE-2024-3484iManager OctetStringUpload path traversal -> privesc + file disclosure
CVE-2024-3483iManager checkForLocaleDirectory command injection RCE

Ivanti Endpoint Manager

Read my full technical breakdown

CVE IDDescription
CVE-2023-28323Ivanti EPM Unsafe Deserialization Leading to RCE
CVE-2023-28324Ivanti EPM Insufficient Client Validation Leading to Privilege Escalation
CVE-2023-38343Ivanti EPM XXE Leading to File Disclosure and SSRF
CVE-2023-38344Ivanti EPM Authenticated Arbitrary File Read

PrinterLogic

Read my full technical breakdown

CVE IDDescription
CVE-2021-42631Printerlogic Object Injection leading to RCE
CVE-2021-42635Printerlogic Hardcoded APP_KEY leading to RCE
CVE-2021-42638Printerlogic Misc command injections leading to RCE
CVE-2021-42633Printerlogic SQLi may disclose audit logs
CVE-2021-42637Printerlogic Blind SSRF
CVE-2021-42639Printerlogic Misc reflected XSS
CVE-2021-42640Printerlogic Driver assignment IDOR
CVE-2021-42641Printerlogic Username/email info disclosure
CVE-2021-42642Printerlogic Printer console username/password info disclosure

Apple ImageIO

CVE IDDescription
CVE-2022-26711ImageIO Integer Overflow leading to Remote Code Execution
ZDI Advisory
Apple Security Update

ruby-jss

CVE IDDescription
CVE-2021-33575Pixar ruby-jss gem Arbitrary Code Exec

Obsidian

CVE IDDescription
CVE-2021-38148Obsidian remote code exec