B&R Security Vulnerabilities

Arbitrary Code Execution

r-base is vulnerable to Arbitrary Code Execution. The vulnerability is due to deserialization of untrusted data, which can occur when interacting with a maliciously crafted RDS (R Data Serialization) formatted file or R package, allows maliciously crafted RDS (R Data Serialization) formatted files....

CVE-2020-9015

Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly...

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....

[SECURITY] Fedora 39 Update: R-4.3.3-2.fc39

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

[SECURITY] Fedora 38 Update: R-4.3.3-2.fc38

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

R -- arbitrary code execution vulnerability

HiddenLayer Research reports: Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user's...

Invisible PiP windows in R

In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

K000139653: Intel(R) QAT Library vulnerability CVE-2023-22313

Security Advisory Description Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-22313) Impact There is no impact; F5 products are not affected by this...

[ADT-3 R] RVC - CTS: StagefrightTest#testStagefright_bug_65483665 failure

In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

RHEL 8 : r (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. R: local buffer overflow in GUI preferences (CVE-2018-9060) Note that Nessus has not tested for this issue but has...

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code...

CVE-2023-38997

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP...

CVE-2023-27152

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass...

CVE-2023-39005

Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before...

CVE-2023-38999

A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET...

CVE-2023-44276

OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby...

CVE-2023-39003

OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory...

CVE-2023-38998

An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted...

CVE-2023-39001

A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration...

CVE-2023-39000

A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL...

Advantech R-SeeNet 2.4.12 - Cross-Site Scripting

Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script...

CVE-2023-44275

OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby...

CVE-2023-39004

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege...

CVE-2023-39006

The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input...

CVE-2023-39007

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in...

CVE-2023-39008

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system...

CVE-2023-39002

A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted...

[Android Auto] App permissions reset after upgrade on device from R build to S build

In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Fedora 39 : R (2024-07b7b83a4f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07b7b83a4f advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...

[ScreenTime] Child is able to get more screen time by reinstalling an app (Android R+)

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Fedora 38 : R (2024-bc590cb3f1)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc590cb3f1 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...

R Programming Language Installed (Windows)

The R Programming Language is installed on the remote Windows...

Arbitrary File Overwrite

org.eclipse.jgit is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a symbolic link present in a specially crafted git repository which can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem...

Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensiti...

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code...

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code...

r-models.eu Cross Site Scripting vulnerability OBB-3846919

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Advantech R-SeeNet 2.4.12 - Cross-Site Scripting

Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script...

Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensiti...

CVE-2024-2637 Insecure Loading of Code in B&R Products

An authenticated local attacker who successfully exploited this vulnerability could insert and run arbitrary code using legitimate B&R software's. An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Runtime, B&R Industrial...

Exploit for OS Command Injection in Tp-Link Tl-Wr840N Firmware

CVE-2022-25064 TP-LINK TL-WR840N RCE via the function...

r-sky.co.jp Improper Access Control vulnerability OBB-3844078

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

r-fujita.jcp-ota.jp Cross Site Scripting vulnerability OBB-3869760

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

r-nagata.co.jp Cross Site Scripting vulnerability OBB-3877772

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....

FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a1e2bad-0836-11ef-9fd2-1c697a616631 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any...

n-e-r-v-o-u-s.com Cross Site Scripting vulnerability OBB-3857032

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

[SECURITY] Fedora 40 Update: R-rJava-1.0.6-9.fc40

Low-level interface to Java VM very much like .C/.Call and friends. Allows creation of objects, calling methods and accessing...

CVE-2024-2637

An authenticated local attacker who successfully exploited this vulnerability could insert and run arbitrary code using legitimate B&R software's. An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Runtime, B&R Industrial...

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...