Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
ghsa-59cf-q653-29wc (github) In Speech, there is a possible way to bypass background activity launch due to a logic error in t... 2023-10-30T18:30:25Z 2025-09-30T18:30:19Z
ghsa-wp4p-9pxh-cgx2 (github) argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload 2025-09-30T18:28:38Z 2025-09-30T18:28:38Z
ghsa-6wgj-66m2-xxp2 (github) Ray has arbitrary code execution via jobs submission API 2023-11-28T09:30:26Z 2025-09-30T18:19:55Z
ghsa-f9gq-prrc-hrhc (github) Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload 2025-09-30T18:11:59Z 2025-09-30T18:11:59Z
ghsa-g88p-r42r-ppp9 (github) Repository Credentials Race Condition Crashes Argo CD Server 2025-09-30T18:01:48Z 2025-09-30T18:01:48Z
ghsa-3hw2-h67c-wq66 (github) Uncontrolled Recursion in Akka HTTP 2022-05-24T19:19:40Z 2025-09-30T17:57:30Z
ghsa-vmg3-7v43-9g23 (github) NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path 2025-07-17T21:32:15Z 2025-09-30T17:11:03Z
ghsa-gxw4-4fc5-9gr5 (github) figma-developer-mcp vulnerable to command injection in get_figma_data tool 2025-09-30T17:01:42Z 2025-09-30T17:01:42Z
ghsa-2cpx-6pqp-wf35 (github) fs2-io skips mTLS client verification 2022-07-29T22:24:10Z 2025-09-30T16:56:23Z
ghsa-4xh5-x5gv-qwph (github) pip's fallback tar extraction doesn't check symbolic links point to extraction directory 2025-09-24T15:31:14Z 2025-09-30T16:52:22Z
ghsa-5xqm-hc45-f2g2 (github) APM Java Agent Local Privilege Escalation issue 2023-11-22T03:30:19Z 2025-09-30T16:35:24Z
ghsa-g64q-3vg8-8f93 (github) Prototype Pollution in pez 2020-09-03T15:47:10Z 2025-09-30T16:16:58Z
ghsa-xgcq-34qv-mmr7 (github) An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd0... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-hgxj-8mw3-fx8w (github) In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py i... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-c4rx-m7vw-65hg (github) Local privilege escalation due to insecure XPC service configuration. The following products are ... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-9mrx-mqmg-gwj9 (github) Issue summary: A timing side-channel which could potentially allow remote recovery of the private... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-9jr7-wh3w-2599 (github) In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/acco... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-7rv5-77pc-jr2p (github) In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-76r2-c3cg-f5r9 (github) Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-b... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-5f4v-g9pg-7q52 (github) Local privilege escalation due to DLL hijacking vulnerability. The following products are affecte... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-4gh5-vrmm-878w (github) A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-33j5-frrm-3wg2 (github) A container privilege escalation flaw was found in KServe ModelMesh container images. This issue ... 2025-09-30T15:30:30Z 2025-09-30T15:30:30Z
ghsa-qjxq-j34f-3jf2 (github) This vulnerability affects Firefox < 143.0.3. 2025-09-30T15:30:29Z 2025-09-30T15:30:29Z
ghsa-q64v-9mh2-3xcq (github) Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing... 2025-09-30T15:30:29Z 2025-09-30T15:30:29Z
ghsa-hjwh-cp6x-m9pw (github) Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)... 2025-09-30T15:30:29Z 2025-09-30T15:30:29Z
ghsa-88x2-3rjx-jxpr (github) A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of perf... 2025-09-30T15:30:29Z 2025-09-30T15:30:29Z
ghsa-7cgj-mr4w-j8w6 (github) This vulnerability affects Firefox < 143.0.3. 2025-09-30T15:30:29Z 2025-09-30T15:30:29Z
ghsa-76fp-m4vp-hxrq (github) VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A mal... 2025-09-29T18:33:13Z 2025-09-30T15:30:29Z
ghsa-3fwq-4gv2-9v92 (github) Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. 2025-09-30T12:30:51Z 2025-09-30T15:30:29Z
ghsa-2v7w-xrvr-23w3 (github) In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accoun... 2025-09-30T15:30:29Z 2025-09-30T15:30:29Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Base Score Description Vendor Product Publish Date Update Date
cve-2025-57197 (NVD) N/A In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the authentication PIN. This allows unauthorized users to change PIN without knowing the original/current PIN. n/a
 n/a
 2025-09-29T00:00:00.000Z 2025-09-30T17:24:05.044Z
cve-2025-56764 (NVD) N/A Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames. n/a
 n/a
 2025-09-29T00:00:00.000Z 2025-09-30T17:22:23.304Z
cve-2025-8877 (NVD) AffiliateWP <= 2.28.2 - Unauthenticated SQL Injection AffiliateWP
 AffiliateWP
 2025-09-30T08:25:20.251Z 2025-09-30T17:17:25.813Z
cve-2025-58021 (NVD) CVSS-v3.1: 6.5 WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability douglaskarr
 List Child Pages Shortcode
 2025-09-22T18:23:59.812Z 2025-09-30T17:17:14.306Z
cve-2025-58022 (NVD) CVSS-v3.1: 6.5 WordPress ShortCode Plugin <= 0.8.1 - Cross Site Scripting (XSS) Vulnerability maxpagels
 ShortCode
 2025-09-22T18:23:59.129Z 2025-09-30T17:16:56.712Z
cve-2025-10773 (NVD) B-Link BL-AC2100 Web Management set_delshrpath_cfg delshrpath stack-based overflow B-Link
 BL-AC2100
 2025-09-22T00:02:07.094Z 2025-09-30T17:16:38.944Z
cve-2025-57254 (NVD) N/A An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL queries, leading to unauthorized access or potential data breaches. This can result in privilege escalation, account takeover, or exposure of sensitive medical data. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T17:13:22.335Z
cve-2025-54476 (NVD) CVSS-v4.0: 4.8 Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code Joomla! Project
 Joomla! CMS
 2025-09-30T16:02:38.757Z 2025-09-30T17:12:24.696Z
cve-2025-6033 (NVD) CVSS-v3.1: 7.8 CVSS-v4.0: 8.5 Memory Corruption issue in XML_Serialize() in NI Circuit Design Suite NI
 Circuit Design Suite
 2025-09-30T16:05:53.142Z 2025-09-30T17:10:52.906Z
cve-2025-6034 (NVD) CVSS-v3.1: 7.8 CVSS-v4.0: 8.5 Out of Bounds Read in DefaultFontOptions() in NI Circuit Design Suite NI
 Circuit Design Suite
 2025-09-30T16:07:21.551Z 2025-09-30T17:09:26.111Z
cve-2025-56520 (NVD) N/A Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T17:07:19.135Z
cve-2025-7493 (NVD) CVSS-v3.1: 9.1 Freeipa: idm: privilege escalation from host to domain admin in freeipa Red Hat
Red Hat
Red Hat
Red Hat
Red Hat
Red Hat
Red Hat
Red Hat
 Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Red Hat Enterprise Linux 9.4 Extended Update Support
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
 2025-09-30T15:06:46.836Z 2025-09-30T17:01:36.196Z
cve-2025-35034 (NVD) Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id Medical Informatics Engineering
 Enterprise Health
 2025-09-29T20:01:58.419Z 2025-09-30T16:52:32.033Z
cve-2025-35033 (NVD) Medical Informatics Engineering Enterprise Health CSV injection Medical Informatics Engineering
 Enterprise Health
 2025-09-29T20:01:38.144Z 2025-09-30T16:52:03.135Z
cve-2025-35032 (NVD) Medical Informatics Engineering Enterprise Health arbitrary file upload Medical Informatics Engineering
 Enterprise Health
 2025-09-29T20:01:09.311Z 2025-09-30T16:51:39.465Z
cve-2025-35031 (NVD) Medical Informatics Engineering Enterprise Health includes session token in debug output Medical Informatics Engineering
 Enterprise Health
 2025-09-29T20:00:42.546Z 2025-09-30T16:51:17.132Z
cve-2025-35030 (NVD) Medical Informatics Engineering Enterprise Health cross site request forgery Medical Informatics Engineering
 Enterprise Health
 2025-09-29T20:00:16.950Z 2025-09-30T16:50:38.126Z
cve-2025-35042 (NVD) Airship AI Acropolis default credentials Airship AI
 Acropolis
 2025-09-22T15:57:03.528Z 2025-09-30T16:48:42.980Z
cve-2025-35041 (NVD) Airship AI Acropolis MFA insufficient rate limiting Airship AI
 Acropolis
 2025-09-22T15:56:38.084Z 2025-09-30T16:46:22.643Z
cve-2025-56207 (NVD) N/A A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721 standard. The eth address is 0x41d3d86a84c8507a7bc14f2491ec4d188fa944e7, contract name is MoneyMakingOpportunity, and compiler version is v0.8.17+commit.8df45f5f. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T16:41:21.327Z
cve-2025-35436 (NVD) CISA Thorium account verification email error handling CISA
 Thorium
 2025-09-17T16:53:47.289Z 2025-09-30T16:36:16.594Z
cve-2025-35435 (NVD) CISA Thorium download stream divide by zero CISA
 Thorium
 2025-09-17T16:53:22.388Z 2025-09-30T16:35:00.970Z
cve-2025-35434 (NVD) CISA Thorium does not validate TLS connections to Elasticsearch CISA
 Thorium
 2025-09-17T16:53:08.899Z 2025-09-30T16:32:05.835Z
cve-2025-35433 (NVD) CISA Thorium does not properly invalidate previously used tokens CISA
 Thorium
 2025-09-17T16:52:53.048Z 2025-09-30T16:29:21.231Z
cve-2025-35432 (NVD) CISA Thorium does not rate limit account verification email messages CISA
 Thorium
 2025-09-17T16:52:34.949Z 2025-09-30T16:27:11.928Z
cve-2025-58028 (NVD) CVSS-v3.1: 6.5 WordPress Designil PDPA Thailand Plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability Aum Watcharapon
 Designil PDPA Thailand
 2025-09-22T18:23:55.622Z 2025-09-30T16:19:12.546Z
cve-2025-58029 (NVD) CVSS-v3.1: 5.3 WordPress Classic Widgets with Block-based Widgets Plugin <= 1.0.1 - Broken Access Control Vulnerability Sumit Singh
 Classic Widgets with Block-based Widgets
 2025-09-22T18:23:54.917Z 2025-09-30T16:18:53.229Z
cve-2025-58030 (NVD) CVSS-v3.1: 6.5 WordPress Page-list Plugin <= 5.7 - Cross Site Scripting (XSS) Vulnerability webvitaly
 Page-list
 2025-09-22T18:23:54.215Z 2025-09-30T16:18:34.101Z
cve-2025-20352 (NVD) A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP. Cisco
Cisco
Cisco
 IOS
Cisco IOS XE Software
Cisco IOS XE Catalyst SD-WAN
 2025-09-24T17:10:42.891Z 2025-09-30T16:18:05.082Z
cve-2025-55797 (NVD) N/A An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T15:53:26.348Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Base Score Description Vendor Product Publish Date Update Date
cve-2025-56764 (NVD) N/A Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames. n/a
 n/a
 2025-09-29T00:00:00.000Z 2025-09-30T17:22:23.304Z
cve-2025-56675 (NVD) The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password. EKEN
 video doorbell T6
 2025-09-30T00:00:00.000Z 2025-09-30T18:03:58.849Z
cve-2025-56513 (NVD) N/A NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T17:26:57.824Z
cve-2025-56200 (NVD) N/A A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T17:35:15.229Z
cve-2025-54477 (NVD) N/A Joomla! Core - [20250902] User-Enumeration in passkey authentication method Joomla! Project
 Joomla! CMS
 2025-09-30T16:02:40.036Z 2025-09-30T17:43:49.599Z
cve-2025-51495 (NVD) N/A An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow. n/a
 n/a
 2025-09-29T00:00:00.000Z 2025-09-30T17:26:32.780Z
cve-2025-35027 (NVD) CVSS-v3.1: 7.3 Unitree Multiple Robotic Products Command Injection Unitree
Unitree
 Go2
G1
 2025-09-26T06:53:49.585Z 2025-09-30T18:05:04.102Z
cve-2025-23293 (NVD) CVSS-v3.1: 8.7 NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure. NVIDIA
 DLS component of NVIDIA License System
 2025-09-30T17:55:29.157Z 2025-09-30T17:55:29.157Z
cve-2025-23292 (NVD) CVSS-v3.1: 4.6 NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component). NVIDIA
 DLS component of NVIDIA License System
 2025-09-30T17:55:02.678Z 2025-09-30T17:55:02.678Z
cve-2025-23291 (NVD) CVSS-v3.1: 2.4 NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure. NVIDIA
 DLS component of NVIDIA License System
 2025-09-30T17:54:22.801Z 2025-09-30T17:54:22.801Z
cve-2025-11195 (NVD) CVSS-v3.1: 3.3 Rapid7 AppSpider Project Name Validation Bypass Rapid7
 AppSpider Pro
 2025-09-30T18:12:50.204Z 2025-09-30T18:12:50.204Z
cve-2025-10773 (NVD) B-Link BL-AC2100 Web Management set_delshrpath_cfg delshrpath stack-based overflow B-Link
 BL-AC2100
 2025-09-22T00:02:07.094Z 2025-09-30T17:16:38.944Z
cve-2025-10725 (NVD) CVSS-v3.1: 9.9 Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin Red Hat
Red Hat
 Red Hat OpenShift AI (RHOAI)
Red Hat OpenShift AI (RHOAI)
 2025-09-30T17:47:08.577Z 2025-09-30T17:47:08.577Z
cve-2025-2594 (NVD) N/A User Registration & Membership < 4.1.3 - Authentication Bypass Unknown
 User Registration & Membership
 2025-04-22T06:00:06.896Z 2025-08-27T12:00:51.368Z
cve-2025-5692 (NVD) Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions smackcoders
 Lead Form Data Collection to CRM
 2025-07-02T02:03:53.387Z 2025-08-27T13:46:51.184Z
cve-2025-3600 (NVD) CVSS-v3.1: 7.5 Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX Progress Software
 Telerik UI for ASP.NET AJAX
 2025-05-14T13:21:40.770Z 2025-08-27T14:54:22.319Z
cve-2024-24731 (NVD) CVSS-v3.1: 7.5 Silicon Labs Gecko OS http_download Stack-based Buffer Overflow Silicon Labs
 Gecko OS
 2025-01-30T23:25:00.944Z 2025-08-27T15:37:51.986Z
cve-2024-29169 (NVD) CVSS-v3.1: 5.4 Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. Dell
Dell
 Secure Connect Gateway-Application
Secure Connect Gateway-Appliance
 2024-06-13T15:13:44.030Z 2025-08-27T15:52:36.412Z
cve-2024-2125 (NVD) The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. dattateccom
 EnvíaloSimple: Email Marketing y Newsletters
 2024-04-09T18:58:40.060Z 2025-08-27T15:54:23.661Z
cve-2024-36911 (NVD) N/A hv_netvsc: Don't free decrypted memory Linux
Linux
 Linux
Linux
 2024-05-30T15:29:09.475Z 2025-05-04T09:11:54.805Z
cve-2024-2165 (NVD) The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. rainbowgeek
 SEOPress – On-site SEO
 2024-04-09T18:58:47.412Z 2025-08-27T15:54:56.670Z
cve-2024-2822 (NVD) DedeCMS vote_edit.php cross-site request forgery n/a
 DedeCMS
 2024-03-22T17:00:08.031Z 2025-08-27T20:58:33.386Z
cve-2024-36909 (NVD) N/A Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Linux
Linux
 Linux
Linux
 2024-05-30T15:29:08.339Z 2025-05-04T09:11:52.458Z
cve-2024-41349 (NVD) N/A unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. n/a
 n/a
 2024-08-29T00:00:00.000Z 2025-03-13T18:31:23.259Z
cve-2025-43375 (NVD) N/A The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. Apple
 Xcode
 2025-09-15T22:35:27.230Z 2025-09-16T17:24:28.516Z
cve-2024-36908 (NVD) N/A blk-iocost: do not WARN if iocg was already offlined Linux
Linux
 Linux
Linux
 2024-05-30T15:29:07.773Z 2025-05-04T09:11:51.263Z
cve-2024-36900 (NVD) N/A net: hns3: fix kernel crash when devlink reload during initialization Linux
Linux
 Linux
Linux
 2024-05-30T15:29:03.158Z 2025-05-04T09:11:41.063Z
cve-2024-36880 (NVD) N/A Bluetooth: qca: add missing firmware sanity checks Linux
Linux
 Linux
Linux
 2024-05-30T15:28:51.518Z 2025-05-04T09:11:18.906Z
cve-2024-36029 (NVD) N/A mmc: sdhci-msm: pervent access to suspended controller Linux
Linux
 Linux
Linux
 2024-05-30T15:19:43.110Z 2025-05-04T09:10:53.920Z
cve-2024-36026 (NVD) N/A drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 Linux
Linux
 Linux
Linux
 2024-05-30T15:07:31.295Z 2025-05-04T09:10:50.684Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
pysec-2025-51 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerabi... 2025-06-24T08:15:24+00:00 2025-06-26T21:23:03.132527+00:00
pysec-2025-50 vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression ... 2025-05-30T18:15:32+00:00 2025-06-19T03:02:28.572160+00:00
pysec-2024-255 Gradio before 4.20 allows credential leakage on Windows. 2024-05-05T20:15:07+00:00 2025-06-17T19:21:48.983901+00:00
pysec-2024-254 A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used ... 2024-04-16T00:15:11+00:00 2025-06-13T00:48:41.806476+00:00
pysec-2025-49 setuptools is a package that allows users to download, build, install, upgrade, and uninstall Pyt... 2025-05-17T16:15:19+00:00 2025-06-12T22:23:11.115559+00:00
pysec-2025-48 Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment fram... 2025-03-31T17:15:42+00:00 2025-06-12T22:23:10.476087+00:00
pysec-2024-253 pretix before 2024.1.1 mishandles file validation. 2024-02-26T16:28:00+00:00 2025-06-11T15:23:51.683422+00:00
pysec-2024-252 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the compo... 2024-04-17T19:15:07+00:00 2025-06-10T19:22:08.948962+00:00
pysec-2024-251 Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/c... 2024-04-17T19:15:07+00:00 2025-06-10T03:12:59.077932+00:00
pysec-2025-47 An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Int... 2025-06-05T03:15:25+00:00 2025-06-05T05:23:28.296596+00:00
pysec-2025-46 A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. T... 2025-05-26T08:15:19+00:00 2025-06-03T17:36:58.579358+00:00
pysec-2025-45 A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affecte... 2025-05-26T07:15:26+00:00 2025-06-03T17:36:58.528116+00:00
pysec-2024-250 Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mo... 2024-04-19T21:15:08+00:00 2025-06-03T15:23:56.072490+00:00
pysec-2023-312 Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sendin... 2023-07-15T23:15:09Z 2025-06-02T11:48:06.372423Z
pysec-2025-44 django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py. 2025-05-31T01:15:19+00:00 2025-05-31T03:09:35.357757+00:00
pysec-2025-43 vLLM is an inference and serving engine for large language models (LLMs). In versions starting fr... 2025-05-29T17:15:21+00:00 2025-05-29T19:21:01.611587+00:00
pysec-2025-42 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions st... 2025-04-30T01:15:51+00:00 2025-05-28T21:23:12.396609+00:00
pysec-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and dee... 2025-04-18T16:15:23+00:00 2025-05-28T15:23:37.843138+00:00
pysec-2025-40 A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module ... 2025-05-19T12:15:19+00:00 2025-05-21T19:22:10.801823+00:00
pysec-2024-249 ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature i... 2024-02-22T22:15:47+00:00 2025-05-19T11:22:35.312280+00:00
pysec-2024-248 OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config f... 2024-10-14T21:15:12+00:00 2025-05-16T14:23:05.150356+00:00
pysec-2025-39 motionEye is an online interface for the software motion, a video surveillance program with motio... 2025-05-14T16:15:29+00:00 2025-05-14T17:22:51.050788+00:00
pysec-2025-38 OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image hand... 2025-05-08T17:16:01Z 2025-05-13T04:24:03.083929Z
pysec-2024-247 A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within ... 2024-04-16T00:15:11+00:00 2025-05-12T15:23:53.861001+00:00
pysec-2025-37 An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The ... 2025-05-08T04:17:18+00:00 2025-05-08T05:23:16.210893+00:00
pysec-2025-36 Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code ... 2025-04-07T15:15:44+00:00 2025-05-07T19:22:44.993642+00:00
pysec-2024-246 Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version... 2024-04-25T17:15:50+00:00 2025-05-05T19:21:20.899426+00:00
pysec-2024-111 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs ver... 2024-10-29T13:15:00Z 2025-05-02T18:39:47.588215Z
pysec-2024-245 Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to vie... 2024-02-29T11:15:08+00:00 2025-05-01T21:22:38.598048+00:00
pysec-2025-35 Weblate is a web based localization tool. Prior to version 5.11, when creating a new component fr... 2025-04-15T21:16:04+00:00 2025-04-30T17:22:51.467257+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33881 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33880 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33879 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33878 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33877 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33876 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33875 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33874 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33873 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33872 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33871 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33870 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33869 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33868 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33867 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33866 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33865 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33864 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33863 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33862 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33861 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33860 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33859 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33858 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33857 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33856 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33855 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33854 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33853 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33852 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
mal-2024-8899 Malicious code in acronym-decoder-chrome-angular (npm) 2024-09-18T18:26:14Z 2024-09-18T18:26:14Z
mal-2024-8898 Malicious code in grv-teleport (npm) 2024-09-18T16:20:54Z 2024-09-18T16:20:54Z
mal-2024-8897 Malicious code in onfido-web-sdk-angular (npm) 2024-09-18T07:40:41Z 2024-09-18T07:40:41Z
mal-2024-8896 Malicious code in huehue (npm) 2024-09-18T05:03:18Z 2024-09-18T05:03:18Z
mal-2024-8892 Malicious code in insidepocpackage (npm) 2024-09-18T00:11:50Z 2024-09-18T00:11:50Z
mal-2024-8888 Malicious code in bby-node-logger (npm) 2024-09-17T20:13:24Z 2024-09-17T22:05:30Z
mal-2024-8886 Malicious code in 0g-da-contract (npm) 2024-09-17T10:10:47Z 2024-09-17T10:10:47Z
mal-2024-8883 Malicious code in cobainsendiri1 (npm) 2024-09-17T07:31:06Z 2024-09-17T07:31:06Z
mal-2024-8884 Malicious code in wallet-balance-notifier (npm) 2024-09-17T07:21:00Z 2024-09-17T07:21:00Z
mal-2024-8894 Malicious code in stripe-testfb-v3 (npm) 2024-09-17T00:59:18Z 2024-09-17T00:59:32Z
mal-2024-8890 Malicious code in ably-sales-demo-frontend (npm) 2024-09-17T00:54:53Z 2024-09-17T00:54:53Z
mal-2024-8889 Malicious code in ably-engineering (npm) 2024-09-17T00:54:53Z 2024-09-17T00:54:53Z
mal-2024-8893 Malicious code in latam-xp-analytics-plugin-bloomreach (npm) 2024-09-17T00:53:18Z 2024-09-17T00:53:18Z
mal-2024-8891 Malicious code in eslint-plugin-xp-i18n (npm) 2024-09-17T00:53:18Z 2024-09-17T00:53:18Z
mal-2024-8724 Malicious code in afe-base-component (npm) 2024-09-04T02:51:39Z 2024-09-17T00:26:06Z
mal-2024-8882 Malicious code in redmond (npm) 2024-09-16T14:37:29Z 2024-09-16T14:55:07Z
mal-2024-8879 Malicious code in halifax (npm) 2024-09-16T14:37:29Z 2024-09-16T14:55:07Z
mal-2024-8877 Malicious code in afe-host-client (npm) 2024-09-16T14:37:29Z 2024-09-16T14:53:46Z
mal-2024-8878 Malicious code in awsspeedtest (npm) 2024-09-16T14:37:29Z 2024-09-16T14:52:41Z
mal-2024-8881 Malicious code in noblox.js-types (npm) 2024-09-16T14:37:29Z 2024-09-16T14:52:40Z
mal-2024-8880 Malicious code in noblox.js-middleware (npm) 2024-09-16T14:37:29Z 2024-09-16T14:52:40Z
mal-2024-8876 Malicious code in testing_coll (npm) 2024-09-16T12:56:14Z 2024-09-16T12:56:14Z
mal-2024-8872 Malicious code in quickread (npm) 2024-09-11T23:23:14Z 2024-09-11T23:23:15Z
mal-2024-8871 Malicious code in quickcolor (npm) 2024-09-11T23:23:14Z 2024-09-11T23:23:15Z
mal-2024-8868 Malicious code in passports-js (npm) 2024-09-11T23:10:15Z 2024-09-11T23:10:15Z
mal-2024-8862 Malicious code in bcrypts-js (npm) 2024-09-11T23:10:15Z 2024-09-11T23:10:15Z
mal-2024-8873 Malicious code in sketch-crowdin (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:32Z
mal-2024-8870 Malicious code in publish-test-result-screenshot (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:32Z
mal-2024-8866 Malicious code in leaktopus-frontend (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:32Z
mal-2024-8865 Malicious code in fma-connect-javascript (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:32Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
wid-sec-w-2024-1432 GNU Emacs: Schwachstelle ermöglicht Codeausführung 2024-06-23T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-1339 Microsoft Azure: Mehrere Schwachstellen ermöglichen Privilegieneskalation 2024-06-11T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-1197 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe 2024-05-21T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-1188 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2024-05-20T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-1108 Linux Kernel: Mehrere Schwachstellen 2024-05-13T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-1008 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2024-05-01T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0984 Linux Kernel: Mehrere Schwachstellen 2024-04-28T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0964 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-04-24T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0952 Ruby: Schwachstelle ermöglicht Offenlegung von Informationen 2024-04-23T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0920 Linux Kernel: Mehrere Schwachstellen 2024-04-17T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0913 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2024-04-16T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0904 Kubernetes: Schwachstelle ermöglicht Offenlegung von Informationen 2024-04-16T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0832 QEMU: Schwachstelle ermöglicht Codeausführung und DoS 2024-04-09T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0789 HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service 2024-04-03T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0736 IBM WebSphere Application Server: Schwachstelle ermöglicht Denial of Service 2024-03-27T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0716 IBM WebSphere Application Server: Schwachstelle ermöglicht Cross-Site Scripting 2024-03-26T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0708 GNU Emacs: Mehrere Schwachstellen 2024-03-25T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0682 Ruby: Mehrere Schwachstellen 2024-03-20T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0527 Linux Kernel: Mehrere Schwachstellen 2024-02-29T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0518 Golang Go: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-02-29T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0412 QEMU: Mehrere Schwachstellen ermöglichen nicht spezifizierte Angriffe 2024-02-18T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0195 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2024-01-24T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-0126 EDK2 NetworkPkg IP stack implementation: Mehrere Schwachstellen 2024-01-16T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2023-3201 Linux Kernel: Mehrere Schwachstellen 2023-12-21T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2023-2618 http/2 Implementierungen: Schwachstelle ermöglicht Denial of Service 2023-10-10T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2023-1868 Apache Kafka: Schwachstelle ermöglicht Denial of Service 2023-07-23T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2023-1544 Kubernetes: Schwachstelle ermöglicht Manipulation von Dateien 2022-01-06T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2023-1480 FasterXML Jackson: Schwachstelle ermöglicht Denial of Service 2023-06-14T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2023-1469 Kubernetes: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen 2023-06-14T22:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2023-0692 GNU Emacs: Schwachstelle ermöglicht Codeausführung 2023-03-19T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
ssa-293562 SSA-293562: Denial of Service Vulnerabilities in PROFINET DCP Implementation of Industrial Products 2017-05-08T00:00:00Z 2024-09-10T00:00:00Z
ssa-280603 SSA-280603: Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC 2023-12-12T00:00:00Z 2024-09-10T00:00:00Z
ssa-103653 SSA-103653: Denial-of-Service Vulnerability in Automation License Manager 2024-09-10T00:00:00Z 2024-09-10T00:00:00Z
ssa-097786 SSA-097786: Insertion of Sensitive Information into Log File Vulnerability in SINUMERIK systems 2024-09-10T00:00:00Z 2024-09-10T00:00:00Z
ssa-088132 SSA-088132: Denial of Service Vulnerability in the OPC UA Server Implementations of Several Industrial Products 2024-07-09T00:00:00Z 2024-09-10T00:00:00Z
ssa-039007 SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) 2024-09-10T00:00:00Z 2024-09-10T00:00:00Z
ssa-981975 SSA-981975: Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs 2023-09-12T00:00:00Z 2024-08-13T00:00:00Z
ssa-857368 SSA-857368: Multiple Vulnerabilities in Omnivise T3000 2024-08-02T00:00:00Z 2024-08-13T00:00:00Z
ssa-856475 SSA-856475: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-822518 SSA-822518: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices 2024-04-09T00:00:00Z 2024-08-13T00:00:00Z
ssa-813746 SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families 2023-04-11T00:00:00Z 2024-08-13T00:00:00Z
ssa-784301 SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-771940 SSA-771940: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go 2024-06-11T00:00:00Z 2024-08-13T00:00:00Z
ssa-750499 SSA-750499: Weak Encryption Vulnerability in SIPROTEC 5 Devices 2024-07-09T00:00:00Z 2024-08-13T00:00:00Z
ssa-722010 SSA-722010: Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go 2024-07-09T00:00:00Z 2024-08-13T00:00:00Z
ssa-720392 SSA-720392: Multiple Vulnerabilities in Third-Party Components in Location Intelligence Before V4.4 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-716317 SSA-716317: Multiple Vulnerability in SINEC Traffic Analyzer Before V2.0 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-686975 SSA-686975: IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs 2023-02-14T00:00:00Z 2024-08-13T00:00:00Z
ssa-659443 SSA-659443: Local Code Execution Vulnerabilities in COMOS Before V10.5 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-640968 SSA-640968: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server 2023-02-14T00:00:00Z 2024-08-13T00:00:00Z
ssa-625850 SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager 2023-11-14T00:00:00Z 2024-08-13T00:00:00Z
ssa-417547 SSA-417547: Multiple Vulnerabilities in INTRALOG WMS Before V4 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-407785 SSA-407785: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization 2023-08-08T00:00:00Z 2024-08-13T00:00:00Z
ssa-398330 SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 2023-12-12T00:00:00Z 2024-08-13T00:00:00Z
ssa-364175 SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices 2024-07-09T00:00:00Z 2024-08-13T00:00:00Z
ssa-357412 SSA-357412: PRT File Parsing Vulnerability in NX Before V2406.3000 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-180704 SSA-180704: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0 2023-12-12T00:00:00Z 2024-08-13T00:00:00Z
ssa-116924 SSA-116924: Path Traversal Vulnerability in TIA Portal 2023-04-11T00:00:00Z 2024-08-13T00:00:00Z
ssa-087301 SSA-087301: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-068047 SSA-068047: Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2 2023-12-12T00:00:00Z 2024-08-13T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
rhsa-2023_6269 Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.12.1 2023-11-15T03:12:52+00:00 2025-03-29T04:26:50+00:00
rhsa-2023_7515 Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 9.0.0 security update 2023-11-27T16:08:33+00:00 2025-03-29T04:26:49+00:00
rhsa-2023_7474 Red Hat Security Advisory: OpenShift Container Platform 4.13.24 security and extras update 2023-11-29T00:33:54+00:00 2025-03-29T04:26:45+00:00
rhsa-2023_6784 Red Hat Security Advisory: Node Health Check Operator 0.6.1 security update 2023-11-08T01:27:34+00:00 2025-03-29T04:26:45+00:00
rhsa-2023_7315 Red Hat Security Advisory: OpenShift Container Platform 4.14.3 bug fix and security update 2023-11-21T11:26:31+00:00 2025-03-29T04:26:42+00:00
rhsa-2023_6837 Red Hat Security Advisory: OpenShift Container Platform 4.14.2 bug fix and security update 2023-11-15T04:22:30+00:00 2025-03-29T04:26:40+00:00
rhsa-2023_6272 Red Hat Security Advisory: OpenShift Container Platform 4.11.53 bug fix and security update 2023-11-08T10:41:09+00:00 2025-03-29T04:26:38+00:00
rhsa-2023_7323 Red Hat Security Advisory: OpenShift Container Platform 4.13.23 bug fix and security update 2023-11-21T11:27:12+00:00 2025-03-29T04:26:36+00:00
rhsa-2023_6786 Red Hat Security Advisory: Fence Agents Remediation Operator 0.2.1 security update 2023-11-08T01:46:23+00:00 2025-03-29T04:26:36+00:00
rhsa-2023_6893 Red Hat Security Advisory: OpenShift Container Platform 4.12.44 security and extras update 2023-11-21T12:20:30+00:00 2025-03-29T04:26:33+00:00
rhsa-2023_6276 Red Hat Security Advisory: OpenShift Container Platform 4.12.42 bug fix and security update 2023-11-08T10:40:48+00:00 2025-03-29T04:26:30+00:00
rhsa-2023_7322 Red Hat Security Advisory: OpenShift Container Platform 4.13.23 security and extras update 2023-11-21T11:27:54+00:00 2025-03-29T04:26:27+00:00
rhsa-2023_6785 Red Hat Security Advisory: Machine Deletion Remediation Operator 0.2.1 security update 2023-11-08T01:37:29+00:00 2025-03-29T04:26:27+00:00
rhsa-2023_7288 Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update 2023-11-16T05:58:26+00:00 2025-03-29T04:26:25+00:00
rhsa-2023_6271 Red Hat Security Advisory: OpenShift Container Platform 4.11.53 security and extras update 2023-11-08T09:43:47+00:00 2025-03-29T04:26:21+00:00
rhsa-2023_7345 Red Hat Security Advisory: Red Hat OpenShift GitOps v1.9.3 security update 2023-11-20T08:34:18+00:00 2025-03-29T04:26:18+00:00
rhsa-2023_6779 Red Hat Security Advisory: Red Hat OpenShift Pipelines Operator security update 2023-11-08T00:57:26+00:00 2025-03-29T04:26:18+00:00
rhsa-2023_6845 Red Hat Security Advisory: OpenShift Container Platform 4.13.22 security and extras update 2023-11-15T00:43:04+00:00 2025-03-29T04:26:16+00:00
rhsa-2023_6256 Red Hat Security Advisory: OpenShift Container Platform 4.13.21 security and extras update 2023-11-08T08:40:09+00:00 2025-03-29T04:26:16+00:00
rhsa-2023_6818 Red Hat Security Advisory: Satellite 6.14 security and bug fix update 2023-11-08T14:26:58+00:00 2025-03-29T04:26:13+00:00
rhsa-2023_6257 Red Hat Security Advisory: OpenShift Container Platform 4.13.21 bug fix and security update 2023-11-08T08:43:21+00:00 2025-03-29T04:26:13+00:00
rhsa-2023_7344 Red Hat Security Advisory: openshift-gitops-kam security update 2023-11-20T07:53:42+00:00 2025-03-29T04:26:10+00:00
rhsa-2023_6783 Red Hat Security Advisory: Node Health Check Operator 0.4.1 2023-11-08T01:18:25+00:00 2025-03-29T04:26:09+00:00
rhsa-2023_6248 Red Hat Security Advisory: OpenShift Virtualization 4.12.8 Images security update 2023-11-01T14:42:20+00:00 2025-03-29T04:26:07+00:00
rhsa-2023_6846 Red Hat Security Advisory: OpenShift Container Platform 4.13.22 bug fix and security update 2023-11-15T01:45:54+00:00 2025-03-29T04:26:06+00:00
rhsa-2023_6154 Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.2.0 2023-11-01T00:30:41+00:00 2025-03-29T04:26:05+00:00
rhsa-2023_6275 Red Hat Security Advisory: OpenShift Container Platform 4.12.42 security and extras update 2023-11-08T10:25:29+00:00 2025-03-29T04:26:04+00:00
rhsa-2023_6832 Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update 2023-11-08T18:49:17+00:00 2025-03-29T04:26:03+00:00
rhsa-2023_7342 Red Hat Security Advisory: OpenShift Container Platform 4.11 low-latency extras update 2023-11-16T20:48:36+00:00 2025-03-29T04:26:01+00:00
rhsa-2023_6782 Red Hat Security Advisory: openshift-gitops-kam security update 2023-11-08T01:10:45+00:00 2025-03-29T04:26:01+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
cisco-sa-spa-http-vulns-rjzmx2xz Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities 2024-08-07T16:00:00+00:00 2024-08-07T16:00:00+00:00
cisco-sa-ise-xss-v2bm9jcy Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities 2024-08-07T16:00:00+00:00 2024-08-07T16:00:00+00:00
cisco-sa-iosxr-ipxe-sigbypass-pymfyqgb Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability 2023-09-13T16:00:00+00:00 2024-08-07T15:55:33+00:00
cisco-sa-webex-app-zjnm8x8j Cisco Webex App Vulnerabilities 2024-07-17T16:00:00+00:00 2024-07-17T16:00:00+00:00
cisco-sa-swa-priv-esc-7uhpzscc Cisco Secure Web Appliance Privilege Escalation Vulnerability 2024-07-17T16:00:00+00:00 2024-07-17T16:00:00+00:00
cisco-sa-sb-rv34x-rce-7pqfu2e Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability 2024-07-17T16:00:00+00:00 2024-07-17T16:00:00+00:00
cisco-sa-ise-file-upload-krw2txa9 Cisco Identity Services Engine Arbitrary File Upload Vulnerability 2024-07-17T16:00:00+00:00 2024-07-17T16:00:00+00:00
cisco-sa-inode-static-key-vuvceynn Cisco Intelligent Node Software Static Key Vulnerability 2024-07-17T16:00:00+00:00 2024-07-17T16:00:00+00:00
cisco-sa-expressway-redirect-kjsfuxgj Cisco Expressway Series Open Redirect Vulnerability 2024-07-17T16:00:00+00:00 2024-07-17T16:00:00+00:00
cisco-sa-esa-priv-esc-ssti-xno2eogz Cisco Secure Email Gateway Server-Side Template Injection Vulnerability 2024-07-17T16:00:00+00:00 2024-07-17T16:00:00+00:00
cisco-sa-esa-afw-bgg2usjh Cisco Secure Email Gateway Arbitrary File Write Vulnerability 2024-07-17T16:00:00+00:00 2024-07-17T16:00:00+00:00
cisco-sa-xr-secure-boot-qud5g8ap Cisco IOS XR Software Secure Boot Bypass Vulnerability 2024-07-10T16:00:00+00:00 2024-07-10T16:00:00+00:00
cisco-sa-cimc-cmd-inj-blupcb Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability 2024-04-17T16:00:00+00:00 2024-06-28T15:22:37+00:00
cisco-sa-cimc-cmd-inj-mux4c5aj Cisco Integrated Management Controller CLI Command Injection Vulnerability 2024-04-17T16:00:00+00:00 2024-06-28T15:22:08+00:00
cisco-sa-finesse-ssrf-rfi-um7wt8ew Cisco Finesse Web-Based Management Interface Vulnerabilities 2024-06-05T16:00:00+00:00 2024-06-14T21:44:14+00:00
cisco-sa-esa-sma-wsa-xss-bgg5whod Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities 2024-05-15T16:00:00+00:00 2024-06-12T15:37:50+00:00
cisco-sa-esa-http-split-glrnnows Cisco Secure Email Gateway HTTP Response Splitting Vulnerability 2024-05-15T16:00:00+00:00 2024-06-12T15:14:33+00:00
cisco-sa-webex-june-2024 Cisco Webex Meetings Meeting Information and Metadata Issue June 2024 2024-06-04T21:00:00+00:00 2024-06-11T19:41:36+00:00
cisco-sa-opendns-pulse-dos-dd8l3szq Cisco OpenDNS Pulsing DNS Denial of Service Attack 2024-05-20T16:00:00+00:00 2024-05-23T16:28:32+00:00
cisco-sa-fmc-sqli-wffdnnos Cisco Firepower Management Center Software SQL Injection Vulnerability 2024-05-22T16:00:00+00:00 2024-05-22T17:39:28+00:00
cisco-sa-asaftd-ssl-dos-uu7mv5p6 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability 2023-06-07T16:00:00+00:00 2024-05-22T16:37:00+00:00
cisco-sa-snort3-ips-bypass-ue69kbmd Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability 2024-05-22T16:00:00+00:00 2024-05-22T16:00:00+00:00
cisco-sa-ftd-archive-bypass-z4wqjwcn Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability 2024-05-22T16:00:00+00:00 2024-05-22T16:00:00+00:00
cisco-sa-fmc-object-bypass-fth8tdjq Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability 2024-05-22T16:00:00+00:00 2024-05-22T16:00:00+00:00
cisco-sa-asaftd-saml-bypass-kknvxykw Cisco Adaptive Security Appliance and Firepower Threat Defense Software Authorization Bypass Vulnerability 2024-05-22T16:00:00+00:00 2024-05-22T16:00:00+00:00
cisco-sa-asaftd-ogsnsg-aclbyp-3xb8q6jx Cisco Adaptive Security Appliance and Firepower Threat Defense Software Inactive-to-Active ACL Bypass Vulnerability 2024-05-22T16:00:00+00:00 2024-05-22T16:00:00+00:00
cisco-sa-asaftd-dos-njvawoeq Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability 2022-04-27T16:00:00+00:00 2024-05-22T15:57:10+00:00
cisco-sa-cucm-apidos-pgsdcdnf Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability 2023-10-04T16:00:00+00:00 2024-05-17T15:07:50+00:00
cisco-sa-secure-nam-priv-esc-szu2vypz Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-nso-rwpesc-qrqgnh3f Cisco Crosswork Network Services Orchestrator Vulnerabilities 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
sca-2022-0003 Vulnerabilities in SICK FTMg 2022-03-31T15:00:00.000Z 2022-03-31T15:00:00.000Z
sca-2022-0002 PwnKit vulnerability affects multiple SICK IPCs 2022-02-23T16:00:00.000Z 2022-02-23T16:00:00.000Z
sca-2022-0001 Vulnerability in SICK FieldEcho 2022-02-17T16:00:00.000Z 2022-02-17T16:00:00.000Z
sca-2021-0003 SICK Security Advisory for Apache Log4j (CVE-2021-44228) 2021-12-14T17:00:00.000Z 2021-12-17T12:00:00.000Z
sca-2021-0004 Vulnerabilities in SICK SOPAS ET 2021-12-16T08:00:00.000Z 2021-12-17T08:00:00.000Z
sca-2021-0002 MEAC affected by Windows SMBv1 vulnerability 2021-08-04T10:00:00.000Z 2021-08-04T10:00:00.000Z
sca-2021-0001 Inadequate SSH configuration in SICK Visionary-S CX 2021-06-25T10:00:00.000Z 2021-06-25T10:00:00.000Z
sca-2020-0005 Package Analytics affected by Windows TCP/IP vulnerability 2020-10-29T11:00:00.000Z 2020-10-29T11:00:00.000Z
sca-2020-0004 Vulnerability in Platform Mechanism AutoIP 2020-08-31T10:00:00.000Z 2020-08-31T10:00:00.000Z
sca-2020-0003 MEAC affected by Windows SMBv3 vulnerability 2020-08-07T10:00:00.000Z 2020-08-07T10:00:00.000Z
sca-2020-0002 Vulnerabilities in SICK Package Analytics 2020-08-07T10:00:00.000Z 2020-07-28T10:00:00.000Z
sca-2020-0001 Security Information Regarding "Profile Programming" 2020-05-31T10:00:00.000Z 2020-05-31T10:00:00.000Z
sca-2019-0002 Vulnerability in SICK FX0-GENT00000 and SICK FX0-GPNT00000 2019-09-20T10:00:00.000Z 2019-09-20T10:00:00.000Z
sca-2019-0001 MSC800 affected by hard-coded credentials vulnerability 2019-06-21T10:00:00.000Z 2019-06-21T10:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-200702-0378 Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-202305-0219 D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-18415
var-202305-0218 D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the getpage and errorpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18419. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0217 D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18455. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0216 D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18746. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0177 D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18417. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0176 D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18418. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0166 D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18414. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0154 D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18422. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0153 D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18423. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0071 D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18416. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202305-0070 D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18454. D-Link DAP-1360 is a router from D-Link, a Chinese company
var-202303-1296 TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command 0x422 provided to the tmpServer service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19905
var-201908-0863 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities. 9502-Ax) version 16.00.00 and earlier
var-201105-0156 Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-168 August 29, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12446. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-12-19 - Vulnerability reported to vendor 2012-08-29 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUD4cZ1VtgMGTo1scAQJoagf/ZpDTiahOQlERNABRglBe8krgQHhSHddX qVTQjFEyoOL8df5cA/I3JLJxEYRzcT0k8FSdoHUAMDWA8Oxv1BB62r7fgHC1BFjp jbH6u0mL+eYd95jqwfYaruakhABiCRR73nCxYvYGb1Bvx6piBDneD9E+Nx+qycF5 HKb5Fr0wwT+sWssIsnAHx5jDUamdRyQfOR1MAzb6GfKWDsRqwr/T5hWvRLqbZ3Cj VXwmd+MIIAQZIMJ8swKgBvbSeV4tcePun1NhqJYAJtySYR6a6oF112Gk+kXlNXDi EvynyGSXvzLMKEd+vmzSBbVeftCxNQJ8Ce4Vg+LYMGk0YHfoupt3gQ== =Fw26 -----END PGP SIGNATURE-----
var-201112-0097 Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition
var-201904-0181 Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwmakdir.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in execution to other associated memory locations. erroneous read and write operations
var-200202-0006 Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code ・ If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the “Overview” for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. MPE/iX is an Internet-ready operating system for the HP e3000 class servers. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. It was previously known as UCD-SNMP. They typically notify the manager that some event has occured or otherwise provide information about the status of the agent. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP trap messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. HP has confirmed that large traps will cause OpenView Network Node Manager to crash. This may be due to an exploitable buffer overflow condition
var-201402-0248 Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0137-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0137.html Issue date: 2014-02-05 Updated on: 2014-02-04 CVE Names: CVE-2014-0497 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This vulnerability is detailed in the Adobe Security bulletin APSB14-04, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.336-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.336-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.336-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.336-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0497.html https://access.redhat.com/security/updates/classification/#critical http://helpx.adobe.com/security/products/flash-player/apsb14-04.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS8fK3XlSAg2UNWIIRAn3HAJ9Dl9yTq8uwL1jZXpBhxpTOeSlNXACfcWWO 2pb3HgPGlwSq5PcZSe2neeg= =KItO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: February 06, 2014 Bugs: #491148, #493894, #498170, #500313 ID: 201402-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.202.336" References ========== [ 1 ] CVE-2013-5329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5329 [ 2 ] CVE-2013-5330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5330 [ 3 ] CVE-2013-5331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331 [ 4 ] CVE-2013-5332 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332 [ 5 ] CVE-2014-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0491 [ 6 ] CVE-2014-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0492 [ 7 ] CVE-2014-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0497 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201407-0233 Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webdact.ocx ActiveX Control. The control does not check the length of an attacker-supplied NodeName string before copying it into a fixed length buffer on the stack. This could allow an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There are multiple stack-based buffer overflow vulnerabilities in Advantech WebAccess 7.1 and earlier versions
var-201805-1144 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the handling of the GetAlarms function in BWMobileService.dll. When parsing the ProjectName parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). SQL injection vulnerabilities exist in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
var-201805-1143 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. plural Advantech WebAccess The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within notify2.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A stack buffer overflow vulnerability exists in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
var-202004-0077 There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the getDeviceName method of the DBUtil class. When parsing the syslogs parameter of the emsSyslogs endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM
var-202005-0008 Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00005226 in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user
var-202407-0233 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
var-200107-0035 slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the advice provided below. Vulnerabilities exist in slapd in OpenLDAP 1.x versions prior to 1.2.12 and 2.x versions prior to 2.0.8
var-200512-0611 Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software. This issue may be triggered when the application processes a malformed movie (.MOV) file. Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user. This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts. This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. Technical Details: Technical Description: The code in QuickTime.qts responsible for the size of the Sample Description Table entries from the 'stsd' atom in a QuickTime-format movie on the heap. According to developer.apple.com, the format of the Sample Description Atom is as follows: Field Description ---------------------------------------------------------------- Size 32-bit int Data Format 4 char code Reserved 6 bytes that must be 0 Data Reference Index 16-bit int Hint Track Version 16-bit unsigned int Last compatible hint track version 16-bit unsigned int Max Packet Size 32-bit int Additional Data Table Variable By setting the size of the Sample Description Table to a size of 00 15 - 00 D0 will cause a heap-based overflow. By supplying the "Last compatible hint track version" field with the value of 00 05 - 00 09, an insufficiently-sized heap block will be allocated, resulting in a classic complete heap memory overwrite during the RtlAllocateHeap() function and the attacker can control memory with data taken from the filename of the .MOV file. This vulnerability can be successfully exploited via an embedded media player in an HTML page, email, or HTML link. References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html Protection: Retina Network Security Scanner has been updated to identify this vulnerability. Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-4092. Credit: Discovery: Karl Lynn Greetings: 0x41414141 Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
var-200512-0297 Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Apple's QuickTime is a player for files and streaming media in a variety of different formats. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote integer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TIFF file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-03 Apple QuickTime Player ImageWidth Denial of Service Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : Medium Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. This is due to application failure to sanitize the parameter ImageWidth value while parsing TIFF image files. Impact : Denial of Service Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
var-200512-0294 Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple's QuickTime is a player for files and streaming media in a variety of different formats. For more information, see the information provided by the vendor. QuickTime is prone to a remote buffer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TGA image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-04 Apple QuickTime Player Improper Memory Access Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Improper Memory Access Vulnerability in the Apple QuickTime Player. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
var-200512-0643 Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. Apple's QuickTime is a player for files and streaming media in a variety of different formats. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file. A successful attack can result in a remote compromise. Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. Unsuccessful exploit attempts will most likely crash the application. This issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed. This issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). Quicktime will copy to the stack byte by byte when processing the data field of the qtif format file, but it does not perform the correct check, so it will cause a stack overflow in memory. The original function pointer value is 0x44332211. Just overflow it to 0x08332211 and make sure it doesn't crash before overflowing 0x44 to 0x08, and the code will execute. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
jvndb-2025-000058 WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection 2025-08-08T15:29+09:00 2025-08-08T15:29+09:00
jvndb-2025-010972 Multiple SEIKO EPSON products use weak initial passwords 2025-08-08T14:50+09:00 2025-08-08T14:50+09:00
jvndb-2025-000057 Multiple vulnerabilities in Mubit Powered BLUE 870 2025-08-08T14:47+09:00 2025-08-08T14:47+09:00
jvndb-2025-000056 Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series 2025-08-06T16:38+09:00 2025-08-06T16:38+09:00
jvndb-2025-010603 Out-of-bounds write vulnerability in FUJIFILM Business Innovation MFPs 2025-08-05T11:29+09:00 2025-08-05T11:29+09:00
jvndb-2025-010408 Multiple vulnerabilities in PowerCMS 2025-08-01T12:05+09:00 2025-08-01T12:05+09:00
jvndb-2025-000055 ZXHN-F660T and ZXHN-F660A use a common credential for all installations 2025-07-31T15:12+09:00 2025-07-31T15:12+09:00
jvndb-2025-000054 Apache Jena Fuseki vulnerable to path traversal 2025-07-30T14:17+09:00 2025-07-30T14:17+09:00
jvndb-2025-000053 "SwitchBot" App vulnerable to insertion of sensitive information into log file 2025-07-29T13:44+09:00 2025-07-29T13:44+09:00
jvndb-2025-010056 TP-Link VIGI NVR1104H-4P and VIGI NVR2016H-16MP vulnerable to OS command injection 2025-07-28T17:53+09:00 2025-07-28T17:53+09:00
jvndb-2025-000052 TP-Link Archer C1200 vulnerable to clickjacking 2025-07-24T14:16+09:00 2025-07-24T14:16+09:00
jvndb-2025-000051 Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input 2025-07-23T13:54+09:00 2025-07-23T13:54+09:00
jvndb-2025-009576 Multiple vulnerabilities in ELECOM wireless LAN routers 2025-07-23T11:13+09:00 2025-07-23T11:13+09:00
jvndb-2025-000050 "region PAY" App for Android vulnerable to insertion of sensitive information into log file 2025-07-22T13:33+09:00 2025-07-22T13:33+09:00
jvndb-2025-009150 Security updates for Trend Micro products (June 2025) 2025-07-17T17:03+09:00 2025-07-17T17:03+09:00
jvndb-2025-000030 Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor 2025-05-12T18:00+09:00 2025-07-17T10:06+09:00
jvndb-2025-000049 ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials 2025-07-16T13:54+09:00 2025-07-16T13:54+09:00
jvndb-2025-008881 Least Privilege Violation Vulnerability in the communications functions of NJ/NX series Machine Automation Controllers 2025-07-15T15:54+09:00 2025-07-15T15:54+09:00
jvndb-2025-008783 Firebox T15 contains an issue with hidden functionality 2025-07-14T17:22+09:00 2025-07-14T17:22+09:00
jvndb-2025-008145 Epson Web Installer for Mac vulnerable to missing authentication for critical function 2025-07-08T14:08+09:00 2025-07-08T14:08+09:00
jvndb-2025-008106 Heap-based buffer overflow vulnerability in V-SFT and TELLUS 2025-07-07T16:26+09:00 2025-07-07T16:26+09:00
jvndb-2025-008105 Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521) 2025-07-07T16:04+09:00 2025-07-07T16:04+09:00
jvndb-2025-000047 Multiple vulnerabilities in Nimesa Backup and Recovery 2025-07-07T15:26+09:00 2025-07-07T15:26+09:00
jvndb-2025-007978 Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837) 2025-07-04T13:28+09:00 2025-07-04T13:28+09:00
jvndb-2025-000045 Multiple vulnerabilities in Active! mail 2025-07-02T14:13+09:00 2025-07-02T14:13+09:00
jvndb-2025-007754 Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS) 2025-07-02T11:31+09:00 2025-07-02T11:31+09:00
jvndb-2025-007607 Pass-Back Attack vulnerability in Konica Minorta bizhub series 2025-07-01T14:09+09:00 2025-07-01T14:09+09:00
jvndb-2025-007595 Multiple vulnerabilities in Web Connection of Konica Minolta MFPs 2025-07-01T14:02+09:00 2025-07-01T14:02+09:00
jvndb-2025-000046 SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting 2025-06-30T15:45+09:00 2025-06-30T15:45+09:00
jvndb-2025-007552 Multiple vulnerabilities in TB-eye network recorders and AHD recorders 2025-06-30T14:45+09:00 2025-06-30T14:45+09:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
ts-2022-002 TS-2022-002
ts-2022-001 TS-2022-001