Cylance Antivirus Products Susceptible to Concatenation Bypass

Overview The Cylance AI-based antivirus product, prior to July 21, 2019, contains flaws that allow an adversary to craft malicious files that the AV product will likely mistake for benign files. Description Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality...

Open Dental uses blank database password by default

Overview Open Dental is medical dental records management software. Open Dental version 16.1, and previous versions, installs with a blank root database MySQL password by default.. An attacker with network access to an Open Dental MySQL database could read, modify, or delete data. This...

ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

Overview ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00BFQ.6C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. Description ZyXEL Wireless N300 NetUSB Router NBG-419N running...

Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability

Overview Automated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service. Description Automated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed "Modbus" requests to...

InstallShield / Macrovision / Acresso FLEXnet Connect insecurely retrieves and executes scripts

Overview Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Acresso FLEXnet Connect is a software package that allows vendors to provide...

Invensys Wonderware InTouch creates insecure NetDDE share

Overview Invensys Wonderware InTouch 8.0 creates a NetDDE share that could allow an attacker to run arbitrary programs. Description Invensys Wonderware InTouch HMI Software is used in Supervisory Control And Data Acquisition SCADA systems.Dynamic Data Exchange DDE was designed to allow Microsoft...

Mozilla Layout Engine memory corruption vulnerabilities

Overview The Mozilla layout engine contains multiple vulnerabilities that may lead to memory corruption. These vulnerabilities may allow an attacker to execute code or cause a denial-of-service condition. Description The Mozilla Layout Engine contains an multiple vulnerabilities that may result i...

Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities

Overview The Sun Secure Global Desktop SSGD contains cross-site scripting vulnerabilities. Description Sun Secure Global Desktop formerly Tarantella contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML...

Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects

Overview Microsoft Internet Explorer fails to properly handle requests to mismatched DOM objects, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer does not properly handle requests to mismatched DOM objects, such as the...

MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to overflow a heap buffer by one byte

Overview Unauthenticated attacker can cause MIT krb5 Key Distribution Center KDC to overflow a heap buffer by one byte, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system which uses a trusted third party a KDC to authenticate clients and servers ...

Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability

Overview A cross-domain vulnerability exists in the DHTML Editing ActiveX control. An attacker may be able to execute arbitrary script in the Local Machine Zone or read or modify data in other domains. For example, the attacker could execute arbitrary commands with parameters, download and execut...

Overly large OPT record assertion

Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this...

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via cache directory name

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service or execute arbitrary code on the system...

uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID

Overview The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environmen...

Samsung Qmage codec for Android Skia library does not properly validate image files

Overview The Samsung Qmage codec used in the Android Skia library does not properly validate image files. A number of memory corruption vulnerabilities allow an attacker to execute arbitrary code by causing a vulnerable system to parse a Qmage file. Description The Samsung May 2020 Android Securi...

Accellion FTP server contains information exposure and cross-site scripting vulnerabilities

Overview The Accellion FTP server prior to version FTA912220 is vulnerable to cross-site scripting and information exposure. Description CWE-204: Response Discrepancy Information Exposure- CVE-2016-9499Accellion FTP server only returns the username in the server response if the a username is...

SHDesigns Resident Download Manager does not authenticate firmware downloads

Overview SHDesigns' Resident Download Manager as well as the Ethernet Download Manager does not authenticate firmware downloads before executing code and deploying them to devices. Description CWE-494: Download of Code Without Integrity Check- CVE-2016-6567SHDesigns' Resident Download Manager...

AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities

Overview AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. Description AVer Information EH6108H+ hybrid DVR is an IP securit...

Samsung SRN-1670D camera contains multiple vulnerabilities

Overview The Samsung SRN-1670D camera contains multiple vulnerabilities. Description CWE-264: Permissions, Privileges, and Access Controls - CVE-2015-8279 An undocumented PHP request may be used to read arbitrary files from the system. CWE-200: Information Exposure - CVE-2015-8280 The interface...

Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability

Overview Microsoft Internet Explorer 8 contains a use-after-free vulnerability in the CGenericElement object, which is currently being exploited in the wild. Description Microsoft Security Advisory 2847140 states:Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer...

Bloxx Web Filtering multiple vulnerabilities

Overview Bloxx Web Filtering contains multiple XSS, CSRF, and authentication bypass vulnerabilities. Description According to Bloxx's website, Bloxx Web Filtering is a real-time Web content filter which performs live analysis and real-time categorization of Web pages to dramatically improve...

ISC BIND 9 vulnerable to denial of service via dynamic update request

Overview ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. It includes support f...

Postfix local privilege escalation

Overview The Postfix MTA contains a local privilege escalation vulnerability. Description Postfix is an mail transport agent MTA that is used by several Unix-like operating systems. Symbolic links and hard links are types of files that reference other files. Unlike hard links, symbolic links can...

Meridian Prolog Manager uses weak authentication to store and transmit user credentials

Overview Meridian Systems Prolog Manager does not use strong encryption and returns a list of all user credentials when authenticating clients. These behaviors could allow an attacker to obtain user credentials and decrypt passwords. Description Meridian Systems Prolog Manager is a set of...

VeriSign Managed PKI Configuration Checker ActiveX control stack buffer overflow

Overview The VeriSign Configuration Checker ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The VeriSign Configuration Checker ActiveX control is provided by web-based digital...

Multiple PHP XML-RPC implementations vulnerable to code injection

Overview A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Description XML-RPC is a specification and a set of implementations that allow software running on disparate operating systems and in different environments to make...

Microsoft Message Queuing vulnerable to buffer overflow

Overview Microsoft Message Queuing contains a buffer overflow vulnerability. This could allow a remote attacker to execute arbitrary code on the system running the vulnerable software. Description Microsoft Message Queuing MSMQ is a component of Microsoft Windows that provides messaging services...

Mozilla contains a buffer overflow in the SendUidl() function

Overview A vulnerability in the way Mozilla handles certain types of POP3 responses could allow a remote attacker to execute arbitrary code on an affected system. Description Post Office Protocol Version 3 POP3 is a mail protocol that provides a means for retrieving email from a remote server. Th...

libpng png_handle_sBIT() performs insufficient bounds checking

Overview The Portable Network Graphics library libpng contains a flaw that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format GIF. The libpng...

Microsoft Internet Information Server (IIS) buffer overflow in server-side includes (SSI) containing long invalid file name

Overview A buffer overflow in IIS could allow an intruder to execute arbitrary code with the privileges of the ASP.DDL. Description Server-side include files SSI files are files which reside on a web server and which are included by scripts, programs, or web pages. SSI files are often used to...

mod_ssl and Apache_SSL modules contain a buffer overflow in the implementation of the OpenSSL "i2d_SSL_SESSION" routine

Overview There is a remotely exploitable buffer overflow in two modules that implement the Secure Sockets Layer SSL and Transport Layer Security TLS protocol. This can be used to execute arbitrary code. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are used t...

Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url

Overview A vulnerability exists in Microsoft IIS 4 and 5 such that an attacker visiting an IIS web site can execute arbitrary code with the privileges of the IUSRmachinename account. This vulnerability is referred to as the "Web Server Folder Directory Traversal" vulnerability. This vulnerability...

VMware Workspace ONE Access and related components are vulnerable to command injection

Overview VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker to execute commands with unrestricted privileges on the underlying operating system...

IPTV encoder devices contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in various Video Over IP Internet Protocol encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system...

NCR SelfServ ATM dispenser software contains multiple vulnerabilities

Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the host computer. Description NCR SelfServ ATMs running APTRA XFS 05.01.00 or older contain...

Microsoft Office for Mac cannot properly disable XLM macros

Overview The Microsoft Office for Mac option "Disable all macros without notification" enables XLM macros without prompting, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description XLM macros Up to and including Microsoft Excel 4.0, a macro...

ShoreTel Mobility Client mobile application does not verify SSL certificates

Overview ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...

Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability

Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 opaqueBackground property, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain a use-after-fre...

Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values

Overview The Intelligent Platform Management Interface IPMI v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-8272The IPMI...

Huawei E303 contains a cross-site request forgery vulnerability

Overview The built-in web interface of Huawei E303 devices contains a cross-site request forgery vulnerability. Description Huawei E303 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to send and receive SMS messages usi...

Coursemill Learning Management System contains multiple vulnerabilities

Overview Coursemill Learning Management System version 6.6 and 6.8 contains multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web Parameter - CVE-2013-3599In Coursemill 6.6, when loading the home page /coursemill/cm0660/home.html the response to the userlogin.js...

XML signature HMAC truncation authentication bypass

Overview The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication. Description XML Signature Syntax and Processing XMLDsig is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services f...

libpng fails to properly initialize element pointers

Overview Libpng contains a vulnerability in the way element pointers are handled. Description A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c...

Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow

Overview The WebexUCFObject ActiveX control, which comes with Cisco WebEx Meeting Manager, contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Cisco WebEx is an online meeting and collaboration software...

Microsoft Windows Vista CSRSS privilege escalation vulnerability

Overview The Microsoft Windows Client/Server Run-time Subsystem CSRSS process fails to properly handle error messages. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Client/Server Run-time Subsystem CSRSS is an essential subsystem. CSRSS is responsib...

EMC NetWorker Management Console weak authentication vulnerability

Overview A vulnerability in the authentication mechanism used by the Legato NetWorker Management Console may allow an attacker to execute arbitrary commands. Description The EMC NetWorker formerly Legato NetWorker family of products provides solutions for backup and recovery of data. It includes...

OpenSSH fails to properly handle multiple identical blocks in a SSH packet

Overview OpenSSH fails to properly handle multiple identical blocks in a SSH packet. This vulnerability may cause a denial-of-service condition. Description OpenSSH is an open source client and server implementation of the Secure Shell SSH protocol. OpenSSH includes a cyclic redundancy check CRC...

Cisco IOS Easy VPN Server may allow unauthorized users to complete XAUTH authentication

Overview A vulnerability in Cisco IOS Easy VPN Server may allow unauthorized users to complete XAUTH authentication and potentially access private network resources. Description Easy VPN Server Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing...

SafeNet Sentinel License Manager vulnerable to buffer overflow

Overview SafeNet Sentinel License Manager contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the server. Description SafeNet Sentinel License Manager LM is a software-based license management application. It is reported that th...

Microsoft Internet Explorer does not properly handle function redirection

Overview Microsoft Internet Explorer IE fails to properly validate redirected functions. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites, including the Local Machine Zone. Description IE features Active scripting, the...