Macrovision FLEXnet Connect / InstallShield Update Service Agent ActiveX buffer overflows

Overview The Macrovision / InstallShield Update Service Web Agent ActiveX control contains buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The InstallShield Update Service, now known as Macrovision FLEXnet Connect, contains an ActiveX...

Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability

Overview Microsoft Windows contains a privilege escalation vulnerability in the way that theTask Scheduler SetJobFileSecurityByName function is used, which can allow an authenticated attacker to gain SYSTEM privileges on an affected system. Description Task Scheduler is a set of Microsoft Windows...

Microsoft Internet Explorer VML stack buffer overflow

Overview Microsoft Internet Explorer IE fails to properly handle Vector Markup Language tags. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML,...

Spring Framework insecurely handles PropertyDescriptor objects with data binding

Overview The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Spring Framework is a Java framework that can be used to create applications such as web applications...

ibrow NewsDesk does not securely handle input passed to open()

Overview A vulnerability in ibrow NewsDesk allows an attacker to view files and execute operating system commands with the privileges of the web server. Description ibrow NewsDesk is a Perl CGI script that is designed to create and display news articles on a web site. The code for NewsDesk is...

Microsoft Internet Explorer CSS use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the handling of CSS, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a vulnerability caused by a use-after-free error within the mshtml.dl...

Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks

Overview Microsoft Exchange 2013 and newer fail to set signing and sealing flags on NTLM authentication traffic, which can allow a remote attacker to gain the privileges of the Exchange server. Description Microsoft Exchange supports a API called Exchange Web Services EWS. One of the EWS API...

STARTTLS plaintext command injection vulnerability

Overview Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. Description STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade a plaintext connection to an encrypted TLS or SSL connection...

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

Overview Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL 0.9.8o. Description Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier uses OpenSSL for SSL/TLS encryption. The version of OpenSSL that comes with the Fiery...

Oracle JavaServer Faces contains multiple vulnerabilities

Overview Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information. Description Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information.Alex Kouzemtchenko and Jon Passki o...

Microsoft Office Web Components Spreadsheet ActiveX control vulnerability

Overview The Microsoft Office Web Components Spreadsheet ActiveX controls OWC10 and OWC11 contain a vulnerability that may allow an attacker to take control of a vulnerable system. Description The Office Web Components Spreadsheet ActiveX control contains a code execution vulnerability. Public...

GNU Bash shell executes commands in exported functions in environment variables

Overview GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution. Description UPDATE: New CVE-IDs added for incomplete patches. Additional resources added and vendor patch information updated.CWE-78: OS Command Injection Bash supports exporting of...

Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite

Overview Devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation CTKD for pairing are vulnerable to key overwrite, which enables an attacker to to gain additional access to profiles or services that are not restricted by reducing the encryption key strength or...

Ceragon FiberAir IP-10 Microwave Bridge contains a default root password

Overview Ceragon FiberAir IP-10 Microwave Bridge contains a default root password. Description CWE-255:Credentials Management Ceragon FiberAir IP-10 Microwave Bridges contain a default root password. The root account can be accessed through ssh, telnet, command line interface, or via HTTP. The...

Seagate BlackArmor device static administrator password reset vulnerability

Overview The Seagate BlackArmor network attached storage device contains a static administrator password reset vulnerability. Description The Seagate BlackArmor network attached storage device contain a static php file used to reset the administrator password. A remote unauthenticated attacker wi...

Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets

Overview A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network packets. Description Microsoft Secure Channel Schannel is a security package that provides SSL and TLS on Microsoft Windows platforms. Due to a flaw...

Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities

Overview Seowon Intech WiMAX SWU-9100 mobile routers contain command injection CWE-77 and direct request CWE-425 vulnerabilities. Description Seowon Intech WiMAX SWU-9100 mobile routers contain command injection CWE-77 and direct request CWE-425 vulnerabilities. CVE-2013-7183 -CWE-425: Direct...

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities

Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.hPE, and ZXV10 W300 router, version W300V1.0.0fER1PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials...

Avigilon Control Center is vulnerable to path traversal

Overview The Avigilon Control Center ACC is a server software for security and surveillance systems. The ACC Server is vulnerable to a path traversal attack, allowing an attacker to access any file on the server. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Pat...

Multiple broadband routers use vulnerable versions of Allegro RomPager

Overview Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases. Description Many home and office/home office SOHO routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to...

zlib inflate() routine vulnerable to buffer overflow

Overview A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate. Description There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate routine. If an attacker...

Samba contains buffer overflow in SMB/CIFS packet fragment reassembly code

Overview A buffer overflow vulnerability has been discovered in Samba. An updated version has been released. Description A remotely exploitable buffer overflow vulnerability was discoved to affect Samba versions 2.0.x through 2.2.7a. From their bulletin: The SuSE security audit team, in particula...

NAS4Free version 9.1.0.1 contains a remote command execution vulnerability

Overview NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability CWE-94. Description CWE-94: Improper Control of Generation of Code 'Code Injection' NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution...

Cisco AnyConnect Clientless SSL VPN Portforwarder ActiveX control buffer overflow

Overview The Cisco AnyConnect ActiveX control contains a buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Cisco AnyConnect is an SSL VPN solution that is commonly initiated through use of a web browser...

SolarWinds Orion API authentication bypass allows remote command execution

Overview The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands. Description The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The SolarWinds Orion API is embedded into the...

Esri ArcGIS server 10.1 contains a blind SQL injection vulnerability

Overview Esri's ArcGIS server version 10.1 contains a blind SQL injection vulnerability that allows remote attackers to execute a subset of SQL commands via a query operation where clause. Description The Esri ArcGIS server version 10.1 contains a blind SQL injection vulnerability CWE-89 for REST...

Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetShareEnum transaction

Overview Microsoft Server Message Block SMB is a protocol for sharing data and resources between computers. SMB may crash upon receipt of a crafted SMBCOMTRANSACTION packet requesting a NetShareEnum transaction. Attackers can use this vulnerability to cause a denial of service. SMB is included in...

Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock")

Overview The Security Account Manager Remote SAMR and Local Security Authority Domain Policy LSAD protocols do not properly establish Remote Procedure Call RPC channels, which may allow any attacker to impersonate an authenticated user or gain access to the SAM database, or launch denial of servi...

HTTP Request Smuggling in Web Proxies

Overview HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling. Description The affected systems allow invalid characters such as carriage return and newline characters in HTTP/2 headers. When an attacker passes these...

HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

Overview HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally...

Self-encrypting hard drives do not adequately protect data

Overview There are multiple vulnerabilities in implementations of ATA Security or TCG Opal Standards in Self-Encrypting Disks SEDs, which can allow an attacker to decrypt contents of an encrypted drive. Description CVE-2018-12037 There is no cryptographic relation between the password provided by...

Microsoft Windows Server service buffer overflow

Overview A stack-based buffer overflow exists in the Microsoft Server service. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Description Microsoft Server ServiceMS06-040 includes the following information: The Server service...

Serena Dimensions CM 12.2 Build 7.199.0 web client vulnerabilities

Overview Serena Dimensions CM 12.2 Build 7.199.0 web client and possibly earlier versions contains multiple cross-site scripting vulnerabilities. Description Serena Dimensions CM 12.2 Build 7.199.0 web client and possibly earlier versions contains multiple cross-site scripting...

Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities

Overview Wyse Device Manager WDM Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems. Description Wyse Device Manager WDM, formerly known as Wyse Rapport manages thin clients. Part of the server...

Foscam IP camera authentication bypass vulnerability

Overview The FI8910W Foscam IP camera running firmware version 11.37.2.54 fails to properly authenticate users. Description CWE-592: Authentication Bypass Issues - CVE-2014-1911The FI8910W Foscam IP camera running firmware version 11.37.2.54 contains a vulnerability which allows an unauthenticate...

Dnsmasq is vulnerable to memory corruption and cache poisoning

Overview Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment...

Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability

Overview A vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system. Description nginx is an HTTP server and mail proxy server that is available for a number of different platforms. A buffer underflow vulnerability exists in the...

Unix Manual PHP-Script does not adequately validate user input thereby allowing arbitrary command execution

Overview User Manual does not adequately validate user input, allowing attackers to execute arbitrary commands on the server. Description Unix Manual as known as manual.php is a PHP script used to lookup and display man pages on the web. User Manual does not adequately filter user input before...

Microsoft Windows Remote Desktop Gateway allows for unauthenticated remote code execution

Overview Microsoft Windows Remote Desktop Gateway contains vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. Description Microsoft Windows Remote Desktop Gateway RD Gateway is a Windows Server component that...

NTP mode 7 denial-of-service vulnerability

Overview NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition. Description NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes...

Adobe Reader and Acrobat memory corruption vulnerabilities

Overview Adobe Reader and Acrobat 11.0.01 and earlier, 10.1.5 and earlier, and 9.5.3 and earlier contain memory corruption vulnerabilities. Description The Adobe security bulletin APSB13-07 states:Adobe has released security updates for Adobe Reader and Acrobat XI 11.0.01 and earlier for Windows...

Apache vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Apache HTTP Server. Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition. Description The Apache HTTP Server is a very popular...

WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

Overview Multiple vulnerabilities have been identified in WPA3 protocol design and implementations of hostapd and wpasupplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred...

Intel Active Management Technology (AMT) does not properly enforce access control

Overview Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system. Description CWE-284: Improper Access Control - CVE-2017-5689Intel offers a number of...

Parallels Plesk Panel phppath/php vulnerability

Overview Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution. Description Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms may be exploited by a combination of CVE-2012-1823 and the Plesk phppath script alias usage. There have been...

Microsoft Video ActiveX control stack buffer overflow

Overview The Microsoft Video ActiveX control contains a stack buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows comes with an ActiveX component called "ActiveX control for streaming...

Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

Overview The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages...

Dell iDRAC 6 and iDRAC 7 are vulnerable to a cross-site scripting (XSS) attack

Overview Dell iDRAC 6 version 1.41, Dell iDRAC 7 version 1.40.40 and possibly earlier versions contain a reflected cross-site scripting XSS CWE-79 vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Dell iDRAC 6 version 1.41 and De...

Microsoft Remote Desktop Protocol (RDP) insecurely deallocates memory

Overview The Microsoft Remote Desktop Protocol RDP service contains a double-free vulnerability that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Remote Desktop Protocol RDP provides a remote graphical interface to...

Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

Overview Multiple vulnerabilities were discovered in the TCP/IP stack NetworkPkg of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface UEFI. Researchers at Quarkslab have identified a total of 9 vulnerabilities that if exploited via network can lead to remote...