Recent vulnerabilities
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| ghsa-6v8p-jmjg-q3g9 (github) | A vulnerability classified as critical has been found in Projectworlds Online Examination System ... | 2025-04-29T12:30:21Z | 2025-04-29T12:30:21Z |
| ghsa-6qwv-wfwp-j22f (github) | A vulnerability classified as critical was found in code-projects Prison Management System 1.0. T... | 2025-04-29T12:30:21Z | 2025-04-29T12:30:21Z |
| ghsa-487w-xx5j-gqwc (github) | When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denia... | 2025-04-29T12:30:21Z | 2025-04-29T12:30:21Z |
| ghsa-274g-94c9-xmph (github) | In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corrupti... | 2025-04-29T12:30:21Z | 2025-04-29T12:30:21Z |
| ghsa-xp82-r324-2w4v (github) | The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modifi... | 2025-04-29T09:31:37Z | 2025-04-29T09:31:37Z |
| ghsa-x5q5-67q5-j256 (github) | The Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is v... | 2025-04-29T09:31:37Z | 2025-04-29T09:31:37Z |
| ghsa-65vr-4gg3-qw3m (github) | The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of it... | 2025-04-29T06:30:38Z | 2025-04-29T06:30:38Z |
| ghsa-j3qc-29cr-v3pc (github) | A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Ap... | 2022-12-12T15:30:34Z | 2025-04-29T06:30:37Z |
| ghsa-94m8-rgr8-rg5g (github) | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with... | 2022-11-23T00:30:16Z | 2025-04-29T06:30:37Z |
| ghsa-6v6r-xmm5-77wp (github) | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the order... | 2022-11-22T18:30:14Z | 2025-04-29T06:30:37Z |
| ghsa-368f-pgc7-8c4c (github) | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow... | 2022-12-12T15:30:34Z | 2025-04-29T06:30:37Z |
| ghsa-23jc-43ph-xg8h (github) | An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micr... | 2022-12-12T15:30:34Z | 2025-04-29T06:30:37Z |
| ghsa-mxv8-5c66-f89g (github) | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. | 2022-11-22T15:30:25Z | 2025-04-29T06:30:36Z |
| ghsa-m6p3-qgmc-f6gj (github) | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | 2022-11-22T15:30:26Z | 2025-04-29T06:30:36Z |
| ghsa-h72h-vw3h-ghqj (github) | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | 2022-11-22T15:30:26Z | 2025-04-29T06:30:36Z |
| ghsa-g2jv-q45g-fhrj (github) | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. | 2022-11-22T15:30:26Z | 2025-04-29T06:30:36Z |
| ghsa-67ww-95hq-6qq8 (github) | Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_... | 2022-11-22T15:30:26Z | 2025-04-29T06:30:36Z |
| ghsa-47mf-j97x-4q7x (github) | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. | 2022-11-22T15:30:26Z | 2025-04-29T06:30:36Z |
| ghsa-2w4j-j38j-hjcx (github) | D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. | 2022-11-22T15:30:25Z | 2025-04-29T06:30:36Z |
| ghsa-qwwq-h2vg-998f (github) | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. | 2022-11-22T15:30:26Z | 2025-04-29T06:30:35Z |
| ghsa-q78v-86wj-w8g8 (github) | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmod... | 2022-11-22T15:30:26Z | 2025-04-29T06:30:35Z |
| ghsa-hj9h-9m9c-w9vc (github) | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: star... | 2022-11-22T15:30:26Z | 2025-04-29T06:30:35Z |
| ghsa-p6wj-mf6q-h2qc (github) | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri. | 2022-11-22T15:30:26Z | 2025-04-29T06:30:34Z |
| ghsa-6g5w-w568-c7gp (github) | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. | 2022-11-22T15:30:26Z | 2025-04-29T06:30:34Z |
| ghsa-435m-534h-fq69 (github) | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. | 2022-11-22T15:30:26Z | 2025-04-29T06:30:34Z |
| ghsa-39pg-x84f-79f4 (github) | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_... | 2022-11-22T15:30:26Z | 2025-04-29T06:30:34Z |
| ghsa-vxxj-cjwx-9587 (github) | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDa... | 2022-11-22T03:30:56Z | 2025-04-29T06:30:33Z |
| ghsa-jc8r-v6v4-2x76 (github) | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the order... | 2022-11-22T03:30:56Z | 2025-04-29T06:30:32Z |
| ghsa-vmwg-3cwg-gccp (github) | A null pointer dereference was addressed with improved input validation. This issue is fixed in i... | 2025-04-29T03:30:33Z | 2025-04-29T03:30:34Z |
| ghsa-pjvr-p8qr-3fg8 (github) | Rejected reason: Not used | 2025-04-29T03:30:34Z | 2025-04-29T03:30:34Z |
| ID | CVSS Base Score | Description | Vendor | Product | Publish Date | Update Date |
|---|---|---|---|---|---|---|
| cve-2022-45461 (NVD) | The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. |
n/a |
n/a |
2022-11-17T00:00:00.000Z | 2025-04-29T13:54:22.295Z | |
| cve-2022-40954 (NVD) | Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files |
Apache Software Foundation Apache Software Foundation |
Apache Airflow Spark Provider Apache Airflow |
2022-11-22T00:00:00.000Z | 2025-04-29T13:50:28.084Z | |
| cve-2025-45947 (NVD) | N/A | An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component |
n/a |
n/a |
2025-04-28T00:00:00.000Z | 2025-04-29T13:48:58.684Z |
| cve-2022-45931 (NVD) | N/A | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:48:42.598Z |
| cve-2025-45949 (NVD) | N/A | A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover. |
n/a |
n/a |
2025-04-28T00:00:00.000Z | 2025-04-29T13:47:06.220Z |
| cve-2022-38390 (NVD) | CVSS-v3.1: 5.4 | Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. |
IBM |
Business Automation Workflow |
2022-11-17T16:48:11.088Z | 2025-04-29T13:46:49.770Z |
| cve-2022-45932 (NVD) | N/A | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:46:19.489Z |
| cve-2025-45953 (NVD) | N/A | A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely |
n/a |
n/a |
2025-04-28T00:00:00.000Z | 2025-04-29T13:45:31.706Z |
| cve-2022-45933 (NVD) | N/A | KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure." |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:44:59.776Z |
| cve-2022-36785 (NVD) | CVSS-v3.1: 7.5 | D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. |
D-Link |
G integrated Access Device4 |
2022-11-17T22:27:55.842Z | 2025-04-29T13:43:47.629Z |
| cve-2025-46327 (NVD) | Go Snowflake Driver has race condition when checking access to Easy Logging configuration file |
snowflakedb |
gosnowflake |
2025-04-28T22:33:05.249Z | 2025-04-29T13:43:12.167Z | |
| cve-2025-46326 (NVD) | Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file |
snowflakedb |
snowflake-connector-net |
2025-04-28T22:33:01.627Z | 2025-04-29T13:42:11.360Z | |
| cve-2025-46328 (NVD) | NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file |
snowflakedb |
snowflake-connector-nodejs |
2025-04-28T22:33:09.632Z | 2025-04-29T13:41:29.830Z | |
| cve-2022-45934 (NVD) | N/A | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:41:05.963Z |
| cve-2025-24251 (NVD) | N/A | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination. |
Apple Apple Apple Apple Apple Apple Apple Apple |
watchOS tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:16.985Z | 2025-04-29T13:40:36.246Z |
| cve-2025-46330 (NVD) | Snowflake Connector for C/C++ retries malformed requests |
snowflakedb |
libsnowflakeclient |
2025-04-29T04:34:37.061Z | 2025-04-29T13:40:22.200Z | |
| cve-2022-24187 (NVD) | N/A | The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users. |
n/a |
n/a |
2022-11-28T00:00:00.000Z | 2025-04-29T13:39:33.899Z |
| cve-2025-24206 (NVD) | N/A | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy. |
Apple Apple Apple Apple Apple Apple Apple |
tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:17.827Z | 2025-04-29T13:38:41.705Z |
| cve-2025-46338 (NVD) | Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload |
advplyr |
audiobookshelf |
2025-04-29T04:34:44.713Z | 2025-04-29T13:37:57.632Z | |
| cve-2022-24188 (NVD) | N/A | The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality. |
n/a |
n/a |
2022-11-28T00:00:00.000Z | 2025-04-29T13:37:33.862Z |
| cve-2025-24271 (NVD) | N/A | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing. |
Apple Apple Apple Apple Apple Apple Apple |
tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:18.729Z | 2025-04-29T13:36:41.754Z |
| cve-2022-31608 (NVD) | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. |
NVIDIA |
GeForce, Workstation, Compute |
2022-11-18T00:00:00.000Z | 2025-04-29T13:36:30.099Z | |
| cve-2022-24189 (NVD) | N/A | The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users. |
n/a |
n/a |
2022-11-28T00:00:00.000Z | 2025-04-29T13:36:14.016Z |
| cve-2022-24190 (NVD) | N/A | The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction. |
n/a |
n/a |
2022-11-28T00:00:00.000Z | 2025-04-29T13:35:11.846Z |
| cve-2025-46343 (NVD) | n8n Vulnerable to Stored XSS through Attachments View Endpoint |
n8n-io |
n8n |
2025-04-29T04:35:16.684Z | 2025-04-29T13:35:04.707Z | |
| cve-2025-24270 (NVD) | N/A | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information. |
Apple Apple Apple Apple Apple Apple Apple |
tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:19.521Z | 2025-04-29T13:34:24.598Z |
| cve-2025-46329 (NVD) | Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs |
snowflakedb |
libsnowflakeclient |
2025-04-29T04:35:49.431Z | 2025-04-29T13:34:10.233Z | |
| cve-2022-44401 (NVD) | N/A | Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. |
n/a |
n/a |
2022-11-28T00:00:00.000Z | 2025-04-29T13:33:55.092Z |
| cve-2024-12273 (NVD) | N/A | Calculated Fields Form < 5.2.62 - Admin+ Stored XSS |
Unknown |
Calculated Fields Form |
2025-04-29T06:00:02.228Z | 2025-04-29T13:33:09.280Z |
| cve-2025-24179 (NVD) | N/A | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service. |
Apple Apple Apple Apple Apple Apple Apple |
visionOS tvOS macOS iPadOS macOS iOS and iPadOS macOS |
2025-04-29T02:05:20.403Z | 2025-04-29T13:32:55.092Z |
| ID | CVSS Base Score | Description | Vendor | Product | Publish Date | Update Date |
|---|---|---|---|---|---|---|
| cve-2025-4058 (NVD) | Projectworlds Online Examination System Bloodgroop_process.php sql injection |
Projectworlds |
Online Examination System |
2025-04-29T11:31:03.566Z | 2025-04-29T13:20:17.241Z | |
| cve-2025-45947 (NVD) | N/A | An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component |
n/a |
n/a |
2025-04-28T00:00:00.000Z | 2025-04-29T13:48:58.684Z |
| cve-2025-3301 (NVD) | CVSS-v4.0: 1 | DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices |
silabs.com |
Series 2 SoCs and associated modules |
2025-04-29T13:47:42.717Z | 2025-04-29T14:02:03.494Z |
| cve-2025-31197 (NVD) | N/A | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination. |
Apple Apple Apple Apple Apple Apple Apple |
tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:21.266Z | 2025-04-29T13:31:08.073Z |
| cve-2025-30194 (NVD) | CVSS-v3.1: 7.5 | Denial of service via crafted DoH exchange |
PowerDNS |
DNSdist |
2025-04-29T11:25:47.141Z | 2025-04-29T13:25:09.226Z |
| cve-2025-2817 (NVD) | N/A | Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10. |
Mozilla Mozilla Mozilla Mozilla Mozilla |
Firefox Firefox ESR Firefox ESR Thunderbird Thunderbird ESR |
2025-04-29T13:13:33.783Z | 2025-04-29T14:22:00.891Z |
| cve-2025-24271 (NVD) | N/A | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing. |
Apple Apple Apple Apple Apple Apple Apple |
tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:18.729Z | 2025-04-29T13:36:41.754Z |
| cve-2025-24270 (NVD) | N/A | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information. |
Apple Apple Apple Apple Apple Apple Apple |
tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:19.521Z | 2025-04-29T13:34:24.598Z |
| cve-2025-24252 (NVD) | N/A | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory. |
Apple Apple Apple Apple Apple Apple Apple |
tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:22.184Z | 2025-04-29T13:26:46.327Z |
| cve-2025-24251 (NVD) | N/A | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination. |
Apple Apple Apple Apple Apple Apple Apple Apple |
watchOS tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:16.985Z | 2025-04-29T13:40:36.246Z |
| cve-2025-24206 (NVD) | N/A | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy. |
Apple Apple Apple Apple Apple Apple Apple |
tvOS iOS and iPadOS iPadOS macOS visionOS macOS macOS |
2025-04-29T02:05:17.827Z | 2025-04-29T13:38:41.705Z |
| cve-2025-24179 (NVD) | N/A | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service. |
Apple Apple Apple Apple Apple Apple Apple |
visionOS tvOS macOS iPadOS macOS iOS and iPadOS macOS |
2025-04-29T02:05:20.403Z | 2025-04-29T13:32:55.092Z |
| cve-2025-1194 (NVD) | Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
huggingface |
huggingface/transformers |
2025-04-29T11:30:38.810Z | 2025-04-29T13:21:13.446Z | |
| cve-2024-12273 (NVD) | N/A | Calculated Fields Form < 5.2.62 - Admin+ Stored XSS |
Unknown |
Calculated Fields Form |
2025-04-29T06:00:02.228Z | 2025-04-29T13:33:09.280Z |
| cve-2022-45934 (NVD) | N/A | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:41:05.963Z |
| cve-2022-45933 (NVD) | N/A | KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure." |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:44:59.776Z |
| cve-2022-45932 (NVD) | N/A | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:46:19.489Z |
| cve-2022-45931 (NVD) | N/A | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:48:42.598Z |
| cve-2022-45930 (NVD) | N/A | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:54:22.132Z |
| cve-2022-45914 (NVD) | N/A | The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing. |
n/a |
n/a |
2022-11-27T00:00:00.000Z | 2025-04-29T13:55:26.106Z |
| cve-2022-45885 (NVD) | N/A | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. |
n/a |
n/a |
2022-11-25T00:00:00.000Z | 2025-04-29T14:01:12.549Z |
| cve-2022-45476 (NVD) | N/A | Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. |
n/a |
Tiny File Manager |
2022-11-25T00:00:00.000Z | 2025-04-29T14:05:00.400Z |
| cve-2022-45475 (NVD) | N/A | Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. |
n/a |
Tiny File Manager |
2022-11-25T00:00:00.000Z | 2025-04-29T14:07:53.180Z |
| cve-2022-45470 (NVD) | N/A | Apache Hama allows XSS and information disclosure |
Apache Software Foundation |
Apache Hama |
2022-11-21T00:00:00.000Z | 2025-04-29T13:56:28.845Z |
| cve-2022-45461 (NVD) | The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. |
n/a |
n/a |
2022-11-17T00:00:00.000Z | 2025-04-29T13:54:22.295Z | |
| cve-2022-45225 (NVD) | N/A | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. |
n/a |
n/a |
2022-11-25T00:00:00.000Z | 2025-04-29T14:10:18.572Z |
| cve-2022-45017 (NVD) | N/A | A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. |
n/a |
n/a |
2022-11-21T00:00:00.000Z | 2025-04-29T13:59:07.792Z |
| cve-2022-45016 (NVD) | N/A | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. |
n/a |
n/a |
2022-11-21T00:00:00.000Z | 2025-04-29T14:00:48.432Z |
| cve-2022-44401 (NVD) | N/A | Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. |
n/a |
n/a |
2022-11-28T00:00:00.000Z | 2025-04-29T13:33:55.092Z |
| cve-2022-44183 (NVD) | N/A | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. |
n/a |
n/a |
2022-11-21T00:00:00.000Z | 2025-04-29T14:02:16.399Z |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| pysec-2025-16 | LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerabil... | 2025-04-06T20:15:15+00:00 | 2025-04-09T17:27:25.872691+00:00 |
| pysec-2025-15 | Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows... | 2025-03-03T16:15:41+00:00 | 2025-04-09T17:27:25.227116+00:00 |
| pysec-2025-14 | An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization ... | 2025-04-02T13:15:44+00:00 | 2025-04-09T17:27:25.169049+00:00 |
| pysec-2025-13 | An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The... | 2025-03-06T19:15:27+00:00 | 2025-04-09T17:27:25.095679+00:00 |
| pysec-2022-43178 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI pac... | 2022-11-09T20:15:10+00:00 | 2025-04-09T17:27:24.793038+00:00 |
| pysec-2022-43177 | Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azur... | 2022-10-25T17:15:56+00:00 | 2025-04-09T17:27:24.642962+00:00 |
| pysec-2024-244 | A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for... | 2024-05-16T09:15:14+00:00 | 2025-04-08T10:23:25.092581+00:00 |
| pysec-2024-243 | mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowi... | 2024-04-16T00:15:12+00:00 | 2025-04-08T10:23:25.044416+00:00 |
| pysec-2024-242 | A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in versi... | 2024-06-06T19:15:55+00:00 | 2025-04-08T10:23:24.995743+00:00 |
| pysec-2024-241 | Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dat... | 2024-02-23T22:15:55+00:00 | 2025-04-08T10:23:24.946136+00:00 |
| pysec-2024-240 | Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue le... | 2024-02-23T22:15:55+00:00 | 2025-04-08T10:23:24.900947+00:00 |
| pysec-2024-239 | A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper n... | 2024-06-06T19:15:51+00:00 | 2025-04-08T10:23:24.852109+00:00 |
| pysec-2025-12 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Ana... | 2025-01-21T15:15:13+00:00 | 2025-04-08T10:23:23.899726+00:00 |
| pysec-2024-238 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Ana... | 2024-11-06T15:15:11+00:00 | 2025-04-08T10:23:23.857960+00:00 |
| pysec-2025-11 | A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, ve... | 2025-03-20T10:15:31+00:00 | 2025-04-01T23:22:47.294256+00:00 |
| pysec-2025-10 | A vulnerability in the `download_model` function of the onnx/onnx framework, before and including... | 2025-03-20T10:15:37+00:00 | 2025-03-26T19:21:38.843396+00:00 |
| pysec-2025-9 | A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 v... | 2025-03-20T10:15:26+00:00 | 2025-03-20T11:21:37.872971+00:00 |
| pysec-2025-8 | The `pygments-style-solarized` project was removed from PyPI by its owner on 2021-08-26. The GitH... | 2025-03-17T16:35:37+00:00 | |
| pysec-2024-237 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up un... | 2024-05-14T16:17:12+00:00 | 2025-03-05T17:22:29.121263+00:00 |
| pysec-2024-236 | Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook se... | 2024-06-11T22:15:09+00:00 | 2025-02-26T23:22:41.524251+00:00 |
| pysec-2025-7 | Published in 2021, the imblog package is a Python library that scrapes data from a blog page to a... | 2025-02-26T21:19:19+00:00 | |
| pysec-2025-6 | Published in 2021, the colabrun package is a Python library that exfiltrates user cookies to a ha... | 2025-02-26T20:59:48+00:00 | |
| pysec-2025-5 | Published in 2020, the autodzee package is a Python library that bypasses Deezer API restrictions... | 2025-02-26T20:57:11+00:00 | |
| pysec-2025-3 | Published in 2019, the autodzee package is a Python library that bypasses Deezer API restrictions... | 2025-02-26T20:54:20+00:00 | |
| pysec-2025-4 | Published in 2019, the automslc package is a Python library that bypasses Deezer API restrictions... | 2025-02-26T19:26:49+00:00 | |
| pysec-2024-235 | With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url =... | 2024-02-26T16:27:49+00:00 | 2025-02-26T02:48:56.937312+00:00 |
| pysec-2023-194 | langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arb... | 2023-10-09T20:15:00Z | 2025-02-23T07:46:11Z |
| pysec-2024-234 | Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter not... | 2024-03-20T20:15:08+00:00 | 2025-02-21T18:23:35.992501+00:00 |
| pysec-2023-163 | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code vi... | 2023-09-01T16:15:00Z | 2025-02-20T09:11:38.521949Z |
| pysec-2024-233 | python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) du... | 2024-04-26T00:15:09+00:00 | 2025-02-18T19:20:15.511369+00:00 |
| ID | Description |
|---|---|
| gsd-2024-33881 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33880 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33879 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33878 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33877 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33876 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33875 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33874 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33873 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33872 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33871 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33870 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33869 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33868 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33867 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33866 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33865 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33864 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33863 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33862 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33861 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33860 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33859 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33858 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33857 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33856 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33855 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33854 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33853 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33852 | The format of the source doesn't require a description, click on the link for more details |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| mal-2024-8899 | Malicious code in acronym-decoder-chrome-angular (npm) | 2024-09-18T18:26:14Z | 2024-09-18T18:26:14Z |
| mal-2024-8898 | Malicious code in grv-teleport (npm) | 2024-09-18T16:20:54Z | 2024-09-18T16:20:54Z |
| mal-2024-8897 | Malicious code in onfido-web-sdk-angular (npm) | 2024-09-18T07:40:41Z | 2024-09-18T07:40:41Z |
| mal-2024-8896 | Malicious code in huehue (npm) | 2024-09-18T05:03:18Z | 2024-09-18T05:03:18Z |
| mal-2024-8892 | Malicious code in insidepocpackage (npm) | 2024-09-18T00:11:50Z | 2024-09-18T00:11:50Z |
| mal-2024-8888 | Malicious code in bby-node-logger (npm) | 2024-09-17T20:13:24Z | 2024-09-17T22:05:30Z |
| mal-2024-8886 | Malicious code in 0g-da-contract (npm) | 2024-09-17T10:10:47Z | 2024-09-17T10:10:47Z |
| mal-2024-8883 | Malicious code in cobainsendiri1 (npm) | 2024-09-17T07:31:06Z | 2024-09-17T07:31:06Z |
| mal-2024-8884 | Malicious code in wallet-balance-notifier (npm) | 2024-09-17T07:21:00Z | 2024-09-17T07:21:00Z |
| mal-2024-8894 | Malicious code in stripe-testfb-v3 (npm) | 2024-09-17T00:59:18Z | 2024-09-17T00:59:32Z |
| mal-2024-8890 | Malicious code in ably-sales-demo-frontend (npm) | 2024-09-17T00:54:53Z | 2024-09-17T00:54:53Z |
| mal-2024-8889 | Malicious code in ably-engineering (npm) | 2024-09-17T00:54:53Z | 2024-09-17T00:54:53Z |
| mal-2024-8893 | Malicious code in latam-xp-analytics-plugin-bloomreach (npm) | 2024-09-17T00:53:18Z | 2024-09-17T00:53:18Z |
| mal-2024-8891 | Malicious code in eslint-plugin-xp-i18n (npm) | 2024-09-17T00:53:18Z | 2024-09-17T00:53:18Z |
| mal-2024-8724 | Malicious code in afe-base-component (npm) | 2024-09-04T02:51:39Z | 2024-09-17T00:26:06Z |
| mal-2024-8882 | Malicious code in redmond (npm) | 2024-09-16T14:37:29Z | 2024-09-16T14:55:07Z |
| mal-2024-8879 | Malicious code in halifax (npm) | 2024-09-16T14:37:29Z | 2024-09-16T14:55:07Z |
| mal-2024-8877 | Malicious code in afe-host-client (npm) | 2024-09-16T14:37:29Z | 2024-09-16T14:53:46Z |
| mal-2024-8878 | Malicious code in awsspeedtest (npm) | 2024-09-16T14:37:29Z | 2024-09-16T14:52:41Z |
| mal-2024-8881 | Malicious code in noblox.js-types (npm) | 2024-09-16T14:37:29Z | 2024-09-16T14:52:40Z |
| mal-2024-8880 | Malicious code in noblox.js-middleware (npm) | 2024-09-16T14:37:29Z | 2024-09-16T14:52:40Z |
| mal-2024-8876 | Malicious code in testing_coll (npm) | 2024-09-16T12:56:14Z | 2024-09-16T12:56:14Z |
| mal-2024-8872 | Malicious code in quickread (npm) | 2024-09-11T23:23:14Z | 2024-09-11T23:23:15Z |
| mal-2024-8871 | Malicious code in quickcolor (npm) | 2024-09-11T23:23:14Z | 2024-09-11T23:23:15Z |
| mal-2024-8868 | Malicious code in passports-js (npm) | 2024-09-11T23:10:15Z | 2024-09-11T23:10:15Z |
| mal-2024-8862 | Malicious code in bcrypts-js (npm) | 2024-09-11T23:10:15Z | 2024-09-11T23:10:15Z |
| mal-2024-8873 | Malicious code in sketch-crowdin (npm) | 2024-09-11T23:05:31Z | 2024-09-11T23:05:32Z |
| mal-2024-8870 | Malicious code in publish-test-result-screenshot (npm) | 2024-09-11T23:05:31Z | 2024-09-11T23:05:32Z |
| mal-2024-8866 | Malicious code in leaktopus-frontend (npm) | 2024-09-11T23:05:31Z | 2024-09-11T23:05:32Z |
| mal-2024-8865 | Malicious code in fma-connect-javascript (npm) | 2024-09-11T23:05:31Z | 2024-09-11T23:05:32Z |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| wid-sec-w-2024-1432 | GNU Emacs: Schwachstelle ermöglicht Codeausführung | 2024-06-23T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-1339 | Microsoft Azure: Mehrere Schwachstellen ermöglichen Privilegieneskalation | 2024-06-11T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-1197 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe | 2024-05-21T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-1188 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-05-20T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-1108 | Linux Kernel: Mehrere Schwachstellen | 2024-05-13T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-1008 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-05-01T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0984 | Linux Kernel: Mehrere Schwachstellen | 2024-04-28T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0964 | Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff | 2024-04-24T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0952 | Ruby: Schwachstelle ermöglicht Offenlegung von Informationen | 2024-04-23T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0920 | Linux Kernel: Mehrere Schwachstellen | 2024-04-17T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0913 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-04-16T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0904 | Kubernetes: Schwachstelle ermöglicht Offenlegung von Informationen | 2024-04-16T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0832 | QEMU: Schwachstelle ermöglicht Codeausführung und DoS | 2024-04-09T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0789 | HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-04-03T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0736 | IBM WebSphere Application Server: Schwachstelle ermöglicht Denial of Service | 2024-03-27T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0716 | IBM WebSphere Application Server: Schwachstelle ermöglicht Cross-Site Scripting | 2024-03-26T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0708 | GNU Emacs: Mehrere Schwachstellen | 2024-03-25T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0682 | Ruby: Mehrere Schwachstellen | 2024-03-20T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0527 | Linux Kernel: Mehrere Schwachstellen | 2024-02-29T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0518 | Golang Go: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff | 2024-02-29T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0412 | QEMU: Mehrere Schwachstellen ermöglichen nicht spezifizierte Angriffe | 2024-02-18T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0195 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-01-24T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2024-0126 | EDK2 NetworkPkg IP stack implementation: Mehrere Schwachstellen | 2024-01-16T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2023-3201 | Linux Kernel: Mehrere Schwachstellen | 2023-12-21T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2023-2618 | http/2 Implementierungen: Schwachstelle ermöglicht Denial of Service | 2023-10-10T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2023-1868 | Apache Kafka: Schwachstelle ermöglicht Denial of Service | 2023-07-23T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2023-1544 | Kubernetes: Schwachstelle ermöglicht Manipulation von Dateien | 2022-01-06T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2023-1480 | FasterXML Jackson: Schwachstelle ermöglicht Denial of Service | 2023-06-14T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2023-1469 | Kubernetes: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen | 2023-06-14T22:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| wid-sec-w-2023-0692 | GNU Emacs: Schwachstelle ermöglicht Codeausführung | 2023-03-19T23:00:00.000+00:00 | 2024-09-19T22:00:00.000+00:00 |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| ssa-293562 | SSA-293562: Denial of Service Vulnerabilities in PROFINET DCP Implementation of Industrial Products | 2017-05-08T00:00:00Z | 2024-09-10T00:00:00Z |
| ssa-280603 | SSA-280603: Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC | 2023-12-12T00:00:00Z | 2024-09-10T00:00:00Z |
| ssa-103653 | SSA-103653: Denial-of-Service Vulnerability in Automation License Manager | 2024-09-10T00:00:00Z | 2024-09-10T00:00:00Z |
| ssa-097786 | SSA-097786: Insertion of Sensitive Information into Log File Vulnerability in SINUMERIK systems | 2024-09-10T00:00:00Z | 2024-09-10T00:00:00Z |
| ssa-088132 | SSA-088132: Denial of Service Vulnerability in the OPC UA Server Implementations of Several Industrial Products | 2024-07-09T00:00:00Z | 2024-09-10T00:00:00Z |
| ssa-039007 | SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) | 2024-09-10T00:00:00Z | 2024-09-10T00:00:00Z |
| ssa-981975 | SSA-981975: Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs | 2023-09-12T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-857368 | SSA-857368: Multiple Vulnerabilities in Omnivise T3000 | 2024-08-02T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-856475 | SSA-856475: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go | 2024-08-13T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-822518 | SSA-822518: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices | 2024-04-09T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-813746 | SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families | 2023-04-11T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-784301 | SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 | 2024-08-13T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-771940 | SSA-771940: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go | 2024-06-11T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-750499 | SSA-750499: Weak Encryption Vulnerability in SIPROTEC 5 Devices | 2024-07-09T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-722010 | SSA-722010: Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go | 2024-07-09T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-720392 | SSA-720392: Multiple Vulnerabilities in Third-Party Components in Location Intelligence Before V4.4 | 2024-08-13T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-716317 | SSA-716317: Multiple Vulnerability in SINEC Traffic Analyzer Before V2.0 | 2024-08-13T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-686975 | SSA-686975: IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs | 2023-02-14T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-659443 | SSA-659443: Local Code Execution Vulnerabilities in COMOS Before V10.5 | 2024-08-13T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-640968 | SSA-640968: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server | 2023-02-14T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-625850 | SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager | 2023-11-14T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-417547 | SSA-417547: Multiple Vulnerabilities in INTRALOG WMS Before V4 | 2024-08-13T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-407785 | SSA-407785: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization | 2023-08-08T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-398330 | SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 | 2023-12-12T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-364175 | SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices | 2024-07-09T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-357412 | SSA-357412: PRT File Parsing Vulnerability in NX Before V2406.3000 | 2024-08-13T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-180704 | SSA-180704: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0 | 2023-12-12T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-116924 | SSA-116924: Path Traversal Vulnerability in TIA Portal | 2023-04-11T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-087301 | SSA-087301: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1 | 2024-08-13T00:00:00Z | 2024-08-13T00:00:00Z |
| ssa-068047 | SSA-068047: Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2 | 2023-12-12T00:00:00Z | 2024-08-13T00:00:00Z |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| rhsa-2023_6269 | Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.12.1 | 2023-11-15T03:12:52+00:00 | 2025-03-29T04:26:50+00:00 |
| rhsa-2023_7515 | Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 9.0.0 security update | 2023-11-27T16:08:33+00:00 | 2025-03-29T04:26:49+00:00 |
| rhsa-2023_7474 | Red Hat Security Advisory: OpenShift Container Platform 4.13.24 security and extras update | 2023-11-29T00:33:54+00:00 | 2025-03-29T04:26:45+00:00 |
| rhsa-2023_6784 | Red Hat Security Advisory: Node Health Check Operator 0.6.1 security update | 2023-11-08T01:27:34+00:00 | 2025-03-29T04:26:45+00:00 |
| rhsa-2023_7315 | Red Hat Security Advisory: OpenShift Container Platform 4.14.3 bug fix and security update | 2023-11-21T11:26:31+00:00 | 2025-03-29T04:26:42+00:00 |
| rhsa-2023_6837 | Red Hat Security Advisory: OpenShift Container Platform 4.14.2 bug fix and security update | 2023-11-15T04:22:30+00:00 | 2025-03-29T04:26:40+00:00 |
| rhsa-2023_6272 | Red Hat Security Advisory: OpenShift Container Platform 4.11.53 bug fix and security update | 2023-11-08T10:41:09+00:00 | 2025-03-29T04:26:38+00:00 |
| rhsa-2023_7323 | Red Hat Security Advisory: OpenShift Container Platform 4.13.23 bug fix and security update | 2023-11-21T11:27:12+00:00 | 2025-03-29T04:26:36+00:00 |
| rhsa-2023_6786 | Red Hat Security Advisory: Fence Agents Remediation Operator 0.2.1 security update | 2023-11-08T01:46:23+00:00 | 2025-03-29T04:26:36+00:00 |
| rhsa-2023_6893 | Red Hat Security Advisory: OpenShift Container Platform 4.12.44 security and extras update | 2023-11-21T12:20:30+00:00 | 2025-03-29T04:26:33+00:00 |
| rhsa-2023_6276 | Red Hat Security Advisory: OpenShift Container Platform 4.12.42 bug fix and security update | 2023-11-08T10:40:48+00:00 | 2025-03-29T04:26:30+00:00 |
| rhsa-2023_7322 | Red Hat Security Advisory: OpenShift Container Platform 4.13.23 security and extras update | 2023-11-21T11:27:54+00:00 | 2025-03-29T04:26:27+00:00 |
| rhsa-2023_6785 | Red Hat Security Advisory: Machine Deletion Remediation Operator 0.2.1 security update | 2023-11-08T01:37:29+00:00 | 2025-03-29T04:26:27+00:00 |
| rhsa-2023_7288 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update | 2023-11-16T05:58:26+00:00 | 2025-03-29T04:26:25+00:00 |
| rhsa-2023_6271 | Red Hat Security Advisory: OpenShift Container Platform 4.11.53 security and extras update | 2023-11-08T09:43:47+00:00 | 2025-03-29T04:26:21+00:00 |
| rhsa-2023_7345 | Red Hat Security Advisory: Red Hat OpenShift GitOps v1.9.3 security update | 2023-11-20T08:34:18+00:00 | 2025-03-29T04:26:18+00:00 |
| rhsa-2023_6779 | Red Hat Security Advisory: Red Hat OpenShift Pipelines Operator security update | 2023-11-08T00:57:26+00:00 | 2025-03-29T04:26:18+00:00 |
| rhsa-2023_6845 | Red Hat Security Advisory: OpenShift Container Platform 4.13.22 security and extras update | 2023-11-15T00:43:04+00:00 | 2025-03-29T04:26:16+00:00 |
| rhsa-2023_6256 | Red Hat Security Advisory: OpenShift Container Platform 4.13.21 security and extras update | 2023-11-08T08:40:09+00:00 | 2025-03-29T04:26:16+00:00 |
| rhsa-2023_6818 | Red Hat Security Advisory: Satellite 6.14 security and bug fix update | 2023-11-08T14:26:58+00:00 | 2025-03-29T04:26:13+00:00 |
| rhsa-2023_6257 | Red Hat Security Advisory: OpenShift Container Platform 4.13.21 bug fix and security update | 2023-11-08T08:43:21+00:00 | 2025-03-29T04:26:13+00:00 |
| rhsa-2023_7344 | Red Hat Security Advisory: openshift-gitops-kam security update | 2023-11-20T07:53:42+00:00 | 2025-03-29T04:26:10+00:00 |
| rhsa-2023_6783 | Red Hat Security Advisory: Node Health Check Operator 0.4.1 | 2023-11-08T01:18:25+00:00 | 2025-03-29T04:26:09+00:00 |
| rhsa-2023_6248 | Red Hat Security Advisory: OpenShift Virtualization 4.12.8 Images security update | 2023-11-01T14:42:20+00:00 | 2025-03-29T04:26:07+00:00 |
| rhsa-2023_6846 | Red Hat Security Advisory: OpenShift Container Platform 4.13.22 bug fix and security update | 2023-11-15T01:45:54+00:00 | 2025-03-29T04:26:06+00:00 |
| rhsa-2023_6154 | Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.2.0 | 2023-11-01T00:30:41+00:00 | 2025-03-29T04:26:05+00:00 |
| rhsa-2023_6275 | Red Hat Security Advisory: OpenShift Container Platform 4.12.42 security and extras update | 2023-11-08T10:25:29+00:00 | 2025-03-29T04:26:04+00:00 |
| rhsa-2023_6832 | Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update | 2023-11-08T18:49:17+00:00 | 2025-03-29T04:26:03+00:00 |
| rhsa-2023_7342 | Red Hat Security Advisory: OpenShift Container Platform 4.11 low-latency extras update | 2023-11-16T20:48:36+00:00 | 2025-03-29T04:26:01+00:00 |
| rhsa-2023_6782 | Red Hat Security Advisory: openshift-gitops-kam security update | 2023-11-08T01:10:45+00:00 | 2025-03-29T04:26:01+00:00 |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| cisco-sa-spa-http-vulns-rjzmx2xz | Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities | 2024-08-07T16:00:00+00:00 | 2024-08-07T16:00:00+00:00 |
| cisco-sa-ise-xss-v2bm9jcy | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities | 2024-08-07T16:00:00+00:00 | 2024-08-07T16:00:00+00:00 |
| cisco-sa-iosxr-ipxe-sigbypass-pymfyqgb | Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability | 2023-09-13T16:00:00+00:00 | 2024-08-07T15:55:33+00:00 |
| cisco-sa-webex-app-zjnm8x8j | Cisco Webex App Vulnerabilities | 2024-07-17T16:00:00+00:00 | 2024-07-17T16:00:00+00:00 |
| cisco-sa-swa-priv-esc-7uhpzscc | Cisco Secure Web Appliance Privilege Escalation Vulnerability | 2024-07-17T16:00:00+00:00 | 2024-07-17T16:00:00+00:00 |
| cisco-sa-sb-rv34x-rce-7pqfu2e | Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability | 2024-07-17T16:00:00+00:00 | 2024-07-17T16:00:00+00:00 |
| cisco-sa-ise-file-upload-krw2txa9 | Cisco Identity Services Engine Arbitrary File Upload Vulnerability | 2024-07-17T16:00:00+00:00 | 2024-07-17T16:00:00+00:00 |
| cisco-sa-inode-static-key-vuvceynn | Cisco Intelligent Node Software Static Key Vulnerability | 2024-07-17T16:00:00+00:00 | 2024-07-17T16:00:00+00:00 |
| cisco-sa-expressway-redirect-kjsfuxgj | Cisco Expressway Series Open Redirect Vulnerability | 2024-07-17T16:00:00+00:00 | 2024-07-17T16:00:00+00:00 |
| cisco-sa-esa-priv-esc-ssti-xno2eogz | Cisco Secure Email Gateway Server-Side Template Injection Vulnerability | 2024-07-17T16:00:00+00:00 | 2024-07-17T16:00:00+00:00 |
| cisco-sa-esa-afw-bgg2usjh | Cisco Secure Email Gateway Arbitrary File Write Vulnerability | 2024-07-17T16:00:00+00:00 | 2024-07-17T16:00:00+00:00 |
| cisco-sa-xr-secure-boot-qud5g8ap | Cisco IOS XR Software Secure Boot Bypass Vulnerability | 2024-07-10T16:00:00+00:00 | 2024-07-10T16:00:00+00:00 |
| cisco-sa-cimc-cmd-inj-blupcb | Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability | 2024-04-17T16:00:00+00:00 | 2024-06-28T15:22:37+00:00 |
| cisco-sa-cimc-cmd-inj-mux4c5aj | Cisco Integrated Management Controller CLI Command Injection Vulnerability | 2024-04-17T16:00:00+00:00 | 2024-06-28T15:22:08+00:00 |
| cisco-sa-finesse-ssrf-rfi-um7wt8ew | Cisco Finesse Web-Based Management Interface Vulnerabilities | 2024-06-05T16:00:00+00:00 | 2024-06-14T21:44:14+00:00 |
| cisco-sa-esa-sma-wsa-xss-bgg5whod | Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities | 2024-05-15T16:00:00+00:00 | 2024-06-12T15:37:50+00:00 |
| cisco-sa-esa-http-split-glrnnows | Cisco Secure Email Gateway HTTP Response Splitting Vulnerability | 2024-05-15T16:00:00+00:00 | 2024-06-12T15:14:33+00:00 |
| cisco-sa-webex-june-2024 | Cisco Webex Meetings Meeting Information and Metadata Issue June 2024 | 2024-06-04T21:00:00+00:00 | 2024-06-11T19:41:36+00:00 |
| cisco-sa-opendns-pulse-dos-dd8l3szq | Cisco OpenDNS Pulsing DNS Denial of Service Attack | 2024-05-20T16:00:00+00:00 | 2024-05-23T16:28:32+00:00 |
| cisco-sa-fmc-sqli-wffdnnos | Cisco Firepower Management Center Software SQL Injection Vulnerability | 2024-05-22T16:00:00+00:00 | 2024-05-22T17:39:28+00:00 |
| cisco-sa-asaftd-ssl-dos-uu7mv5p6 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability | 2023-06-07T16:00:00+00:00 | 2024-05-22T16:37:00+00:00 |
| cisco-sa-snort3-ips-bypass-ue69kbmd | Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability | 2024-05-22T16:00:00+00:00 | 2024-05-22T16:00:00+00:00 |
| cisco-sa-ftd-archive-bypass-z4wqjwcn | Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability | 2024-05-22T16:00:00+00:00 | 2024-05-22T16:00:00+00:00 |
| cisco-sa-fmc-object-bypass-fth8tdjq | Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability | 2024-05-22T16:00:00+00:00 | 2024-05-22T16:00:00+00:00 |
| cisco-sa-asaftd-saml-bypass-kknvxykw | Cisco Adaptive Security Appliance and Firepower Threat Defense Software Authorization Bypass Vulnerability | 2024-05-22T16:00:00+00:00 | 2024-05-22T16:00:00+00:00 |
| cisco-sa-asaftd-ogsnsg-aclbyp-3xb8q6jx | Cisco Adaptive Security Appliance and Firepower Threat Defense Software Inactive-to-Active ACL Bypass Vulnerability | 2024-05-22T16:00:00+00:00 | 2024-05-22T16:00:00+00:00 |
| cisco-sa-asaftd-dos-njvawoeq | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability | 2022-04-27T16:00:00+00:00 | 2024-05-22T15:57:10+00:00 |
| cisco-sa-cucm-apidos-pgsdcdnf | Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability | 2023-10-04T16:00:00+00:00 | 2024-05-17T15:07:50+00:00 |
| cisco-sa-secure-nam-priv-esc-szu2vypz | Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability | 2024-05-15T16:00:00+00:00 | 2024-05-15T16:00:00+00:00 |
| cisco-sa-nso-rwpesc-qrqgnh3f | Cisco Crosswork Network Services Orchestrator Vulnerabilities | 2024-05-15T16:00:00+00:00 | 2024-05-15T16:00:00+00:00 |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| sca-2022-0001 | Vulnerability in SICK FieldEcho | 2022-02-17T16:00:00.000Z | 2022-02-17T16:00:00.000Z |
| sca-2021-0003 | SICK Security Advisory for Apache Log4j (CVE-2021-44228) | 2021-12-14T17:00:00.000Z | 2021-12-17T12:00:00.000Z |
| sca-2021-0004 | Vulnerabilities in SICK SOPAS ET | 2021-12-16T08:00:00.000Z | 2021-12-17T08:00:00.000Z |
| sca-2021-0002 | MEAC affected by Windows SMBv1 vulnerability | 2021-08-04T10:00:00.000Z | 2021-08-04T10:00:00.000Z |
| sca-2021-0001 | Inadequate SSH configuration in SICK Visionary-S CX | 2021-06-25T10:00:00.000Z | 2021-06-25T10:00:00.000Z |
| sca-2020-0005 | Package Analytics affected by Windows TCP/IP vulnerability | 2020-10-29T11:00:00.000Z | 2020-10-29T11:00:00.000Z |
| sca-2020-0004 | Vulnerability in Platform Mechanism AutoIP | 2020-08-31T10:00:00.000Z | 2020-08-31T10:00:00.000Z |
| sca-2020-0003 | MEAC affected by Windows SMBv3 vulnerability | 2020-08-07T10:00:00.000Z | 2020-08-07T10:00:00.000Z |
| sca-2020-0002 | Vulnerabilities in SICK Package Analytics | 2020-08-07T10:00:00.000Z | 2020-07-28T10:00:00.000Z |
| sca-2020-0001 | Security Information Regarding "Profile Programming" | 2020-05-31T10:00:00.000Z | 2020-05-31T10:00:00.000Z |
| sca-2019-0002 | Vulnerability in SICK FX0-GENT00000 and SICK FX0-GPNT00000 | 2019-09-20T10:00:00.000Z | 2019-09-20T10:00:00.000Z |
| sca-2019-0001 | MSC800 affected by hard-coded credentials vulnerability | 2019-06-21T10:00:00.000Z | 2019-06-21T10:00:00.000Z |
| ID | Description |
|---|---|
| var-200702-0378 | Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 |
| var-202305-0219 | D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-18415 |
| var-202305-0218 | D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the getpage and errorpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18419. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0217 | D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18455. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0216 | D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18746. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0177 | D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18417. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0176 | D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18418. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0166 | D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18414. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0154 | D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18422. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0153 | D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18423. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0071 | D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18416. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202305-0070 | D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18454. D-Link DAP-1360 is a router from D-Link, a Chinese company |
| var-202303-1296 | TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command 0x422 provided to the tmpServer service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19905 |
| var-201908-0863 | Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities. 9502-Ax) version 16.00.00 and earlier |
| var-201105-0156 | Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-168 August 29, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12446. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-12-19 - Vulnerability reported to vendor 2012-08-29 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUD4cZ1VtgMGTo1scAQJoagf/ZpDTiahOQlERNABRglBe8krgQHhSHddX qVTQjFEyoOL8df5cA/I3JLJxEYRzcT0k8FSdoHUAMDWA8Oxv1BB62r7fgHC1BFjp jbH6u0mL+eYd95jqwfYaruakhABiCRR73nCxYvYGb1Bvx6piBDneD9E+Nx+qycF5 HKb5Fr0wwT+sWssIsnAHx5jDUamdRyQfOR1MAzb6GfKWDsRqwr/T5hWvRLqbZ3Cj VXwmd+MIIAQZIMJ8swKgBvbSeV4tcePun1NhqJYAJtySYR6a6oF112Gk+kXlNXDi EvynyGSXvzLMKEd+vmzSBbVeftCxNQJ8Ce4Vg+LYMGk0YHfoupt3gQ== =Fw26 -----END PGP SIGNATURE----- |
| var-201112-0097 | Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition |
| var-201904-0181 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwmakdir.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in execution to other associated memory locations. erroneous read and write operations |
| var-200202-0006 | Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code ・ If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the “Overview” for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. MPE/iX is an Internet-ready operating system for the HP e3000 class servers. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. It was previously known as UCD-SNMP. They typically notify the manager that some event has occured or otherwise provide information about the status of the agent. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP trap messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. HP has confirmed that large traps will cause OpenView Network Node Manager to crash. This may be due to an exploitable buffer overflow condition |
| var-201402-0248 | Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0137-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0137.html Issue date: 2014-02-05 Updated on: 2014-02-04 CVE Names: CVE-2014-0497 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This vulnerability is detailed in the Adobe Security bulletin APSB14-04, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.336-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.336-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.336-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.336-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0497.html https://access.redhat.com/security/updates/classification/#critical http://helpx.adobe.com/security/products/flash-player/apsb14-04.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS8fK3XlSAg2UNWIIRAn3HAJ9Dl9yTq8uwL1jZXpBhxpTOeSlNXACfcWWO 2pb3HgPGlwSq5PcZSe2neeg= =KItO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: February 06, 2014 Bugs: #491148, #493894, #498170, #500313 ID: 201402-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.202.336" References ========== [ 1 ] CVE-2013-5329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5329 [ 2 ] CVE-2013-5330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5330 [ 3 ] CVE-2013-5331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331 [ 4 ] CVE-2013-5332 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332 [ 5 ] CVE-2014-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0491 [ 6 ] CVE-2014-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0492 [ 7 ] CVE-2014-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0497 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 |
| var-201407-0233 | Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webdact.ocx ActiveX Control. The control does not check the length of an attacker-supplied NodeName string before copying it into a fixed length buffer on the stack. This could allow an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There are multiple stack-based buffer overflow vulnerabilities in Advantech WebAccess 7.1 and earlier versions |
| var-201805-1144 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the handling of the GetAlarms function in BWMobileService.dll. When parsing the ProjectName parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). SQL injection vulnerabilities exist in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier |
| var-201805-1143 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. plural Advantech WebAccess The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within notify2.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A stack buffer overflow vulnerability exists in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier |
| var-202004-0077 | There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the getDeviceName method of the DBUtil class. When parsing the syslogs parameter of the emsSyslogs endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM |
| var-202005-0008 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00005226 in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user |
| var-202407-0233 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2 |
| var-200107-0035 | slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the advice provided below. Vulnerabilities exist in slapd in OpenLDAP 1.x versions prior to 1.2.12 and 2.x versions prior to 2.0.8 |
| var-200512-0611 | Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software. This issue may be triggered when the application processes a malformed movie (.MOV) file. Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user. This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts. This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. Technical Details: Technical Description: The code in QuickTime.qts responsible for the size of the Sample Description Table entries from the 'stsd' atom in a QuickTime-format movie on the heap. According to developer.apple.com, the format of the Sample Description Atom is as follows: Field Description ---------------------------------------------------------------- Size 32-bit int Data Format 4 char code Reserved 6 bytes that must be 0 Data Reference Index 16-bit int Hint Track Version 16-bit unsigned int Last compatible hint track version 16-bit unsigned int Max Packet Size 32-bit int Additional Data Table Variable By setting the size of the Sample Description Table to a size of 00 15 - 00 D0 will cause a heap-based overflow. By supplying the "Last compatible hint track version" field with the value of 00 05 - 00 09, an insufficiently-sized heap block will be allocated, resulting in a classic complete heap memory overwrite during the RtlAllocateHeap() function and the attacker can control memory with data taken from the filename of the .MOV file. This vulnerability can be successfully exploited via an embedded media player in an HTML page, email, or HTML link. References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html Protection: Retina Network Security Scanner has been updated to identify this vulnerability. Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-4092. Credit: Discovery: Karl Lynn Greetings: 0x41414141 Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE----- |
| var-200512-0297 | Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Apple's QuickTime is a player for files and streaming media in a variety of different formats. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote integer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TIFF file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-03 Apple QuickTime Player ImageWidth Denial of Service Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : Medium Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. This is due to application failure to sanitize the parameter ImageWidth value while parsing TIFF image files. Impact : Denial of Service Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE----- |
| var-200512-0294 | Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple's QuickTime is a player for files and streaming media in a variety of different formats. For more information, see the information provided by the vendor. QuickTime is prone to a remote buffer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TGA image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-04 Apple QuickTime Player Improper Memory Access Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Improper Memory Access Vulnerability in the Apple QuickTime Player. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE----- |
| var-200512-0643 | Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. Apple's QuickTime is a player for files and streaming media in a variety of different formats. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file. A successful attack can result in a remote compromise. Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. Unsuccessful exploit attempts will most likely crash the application. This issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed. This issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). Quicktime will copy to the stack byte by byte when processing the data field of the qtif format file, but it does not perform the correct check, so it will cause a stack overflow in memory. The original function pointer value is 0x44332211. Just overflow it to 0x08332211 and make sure it doesn't crash before overflowing 0x44 to 0x08, and the code will execute. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE----- |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| jvndb-2024-000114 | Multiple vulnerabilities in baserCMS | 2024-10-25T15:07+09:00 | 2025-02-18T15:35+09:00 |
| jvndb-2025-001548 | Out-of-bounds read vulnerability in Cente middleware | 2025-02-17T18:22+09:00 | 2025-02-17T18:22+09:00 |
| jvndb-2025-000012 | Multiple vulnerabilities in The LuxCal Web Calendar | 2025-02-17T13:43+09:00 | 2025-02-17T13:43+09:00 |
| jvndb-2025-000013 | acmailer CGI and acmailer DB vulnerable to OS command injection | 2025-02-14T16:39+09:00 | 2025-02-14T16:39+09:00 |
| jvndb-2025-000002 | Multiple vulnerabilities in NEC Aterm series (NV25-003) | 2025-02-14T15:48+09:00 | 2025-02-14T15:48+09:00 |
| jvndb-2023-002797 | Multiple vulnerabilities in ELECOM and LOGITEC network devices | 2023-08-15T11:54+09:00 | 2025-02-13T15:21+09:00 |
| jvndb-2024-001061 | ELECOM wireless LAN routers vulnerable to OS command injection | 2024-01-24T17:16+09:00 | 2025-02-13T14:31+09:00 |
| jvndb-2025-000011 | Multiple vulnerabilities in FileMegane | 2025-02-13T13:39+09:00 | 2025-02-13T13:39+09:00 |
| jvndb-2025-000010 | acmailer vulnerable to cross-site scripting | 2025-02-12T15:05+09:00 | 2025-02-12T15:05+09:00 |
| jvndb-2024-000078 | Multiple vulnerabilities in ELECOM wireless LAN routers | 2024-07-30T15:34+09:00 | 2025-02-12T14:34+09:00 |
| jvndb-2025-001017 | Multiple vulnerabilities in STEALTHONE D220/D340/D440 | 2025-02-06T18:27+09:00 | 2025-02-06T18:27+09:00 |
| jvndb-2025-001016 | OMRON NJ/NX series vulnerable to path traversal | 2025-02-06T18:27+09:00 | 2025-02-06T18:27+09:00 |
| jvndb-2025-001018 | Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer | 2025-02-06T18:26+09:00 | 2025-02-06T18:26+09:00 |
| jvndb-2025-000008 | Multiple vulnerabilities in Defense Platform Home Edition | 2025-02-05T14:06+09:00 | 2025-02-05T14:06+09:00 |
| jvndb-2025-000009 | WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery | 2025-02-04T13:58+09:00 | 2025-02-04T13:58+09:00 |
| jvndb-2025-001244 | Clickjacking Vulnerability in JP1/ServerConductor/Deployment Manager | 2025-01-30T18:19+09:00 | 2025-01-30T18:19+09:00 |
| jvndb-2025-000007 | SXF Common Library vulnerable to improper input data handling | 2025-01-29T14:57+09:00 | 2025-01-29T14:57+09:00 |
| jvndb-2025-001238 | Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers | 2025-01-29T13:41+09:00 | 2025-01-29T13:41+09:00 |
| jvndb-2025-000006 | WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting | 2025-01-28T13:44+09:00 | 2025-01-28T13:44+09:00 |
| jvndb-2025-000005 | EXIF Viewer Classic vulnerable to cross-site scripting | 2025-01-27T14:25+09:00 | 2025-01-27T14:25+09:00 |
| jvndb-2025-000003 | FortiWeb vulnerable to SQL injection | 2025-01-21T15:59+09:00 | 2025-01-21T15:59+09:00 |
| jvndb-2025-001027 | Linux Ratfor vulnerable to stack-based buffer overflow | 2025-01-16T13:27+09:00 | 2025-01-16T13:27+09:00 |
| jvndb-2025-000001 | PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting | 2025-01-08T17:08+09:00 | 2025-01-08T17:08+09:00 |
| jvndb-2024-015471 | Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element | 2024-12-25T11:28+09:00 | 2024-12-25T11:28+09:00 |
| jvndb-2024-015393 | Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024) | 2024-12-23T12:52+09:00 | 2024-12-23T12:52+09:00 |
| jvndb-2024-000125 | Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX | 2024-12-04T15:22+09:00 | 2024-12-18T15:20+09:00 |
| jvndb-2024-014918 | Authentication Bypass Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2024-12-17T15:23+09:00 | 2024-12-17T15:23+09:00 |
| jvndb-2024-000128 | Multiple vulnerabilities in SHARP routers | 2024-12-17T07:54+09:00 | 2024-12-17T07:54+09:00 |
| jvndb-2024-000127 | "Shonen Jump+" App for Android fails to restrict custom URL schemes properly | 2024-12-16T15:07+09:00 | 2024-12-16T15:07+09:00 |
| jvndb-2024-014825 | WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting | 2024-12-16T13:57+09:00 | 2024-12-16T13:57+09:00 |