IP-in-IP protocol routes arbitrary traffic by default

Overview IP Encapsulation within IP RFC2003 IP-in-IP can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device. Description IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be...

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Overview The nsshostnamedigitsdots function of the GNU C Library glibc allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST". Description According to Qualys, the...

Adobe Reader and Acrobat Font Parsing Buffer Overflow Vulnerability

Overview A vulnerability has been discovered in Adobe Reader and Acrobat that may be exploited to run arbitrary code. Description A critical vulnerability exists in the font parsing code of CoolType.dll. A vulnerable strcat call is used when parsing data within the "SING" table of a TrueType font...

libpng fails to properly check length of transparency chunk (tRNS) data

Overview The Portable Network Graphics library libpng contains a remotely exploitable vulnerability, which could lead to arbitrary code execution on an affected system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...

KCodes NetUSB kernel driver is vulnerable to buffer overflow

Overview KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution. Description KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.CWE-120: Buffer Copy...

Microsoft Windows Type 1 font parsing remote code execution vulnerabilities

Overview Microsoft Windows contains two vulnerabilities in the parsing of Adobe Type 1 fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Type Manager, which is provided by atmfd.dll, is a kernel module that is provided by...

Quantum Scalar i500, Dell ML6000 and IBM TS3310 tape libraries web interface and preconfigured password vulnerabilities

Overview Cross scripting and preconfigured password vulnerabilities have been reported to exist in the Quantum Scalar i500, Dell ML6000 and IBM TS3310 tape libraries. Description Quantum Scalar i500, Dell ML6000 and IBM TS3310 enterprise tape libraries contain multiple web interface and...

File Transfer Protocol allows data connection hijacking via PASV mode race condition

Overview There is a vulnerability in the File Transfer Protocol FTP that allows an attacker to hijack FTP data connections when the client connects using passive mode PASV. Description In FTP PASV mode, the client makes a control connection to the FTP server typically port 21/tcp and requests a...

AREVA e-terrahabitat SCADA systems vulnerabilities

Overview AREVA e-terra habitat contains multiple vulnerabilities. Description AREVA e-terra habitat is a core component of the Energy Management system that provides real-time data and process management services. e-terra habitat contains vulnerabilities, including a buffer overflow. For more...

GoAhead Web Server discloses source code of ASP files via crafted URL

Overview An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU124059. Description The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed...

HTTP/2 CONTINUATION frames can be utilized for DoS attacks

Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limi...

Macrovision FLEXnet Connect Software Manager DWUpdateService ActiveX control contains dangerous methods

Overview The Macrovision FLEXnet Connect Software Manager DWUpdateService ActiveX control fails to restrict access to its methods, which can allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Macrovision FLEXnet Connect is a software package...

Oracle Java contains multiple vulnerabilities

Overview Oracle Java 7 Update 15, Java 6 Update 41, Java 5.0 Update 40, and earlier versions contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Oracle Java Runtime Environment JRE allows users to run Java...

Oracle Solaris vulnerable to arbitrary code execution via /proc/self

Overview Oracle Solaris 11 and Solaris 10 are vulnerable to arbitrary code execution if an attacker has read/write access to /proc/self in the process file system. Description The process file system /proc in Oracle Solaris 11 and Solaris 10 provides a self/ alias that refers to the current...

ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities

Overview Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. Description CWE-255: Credentials Management - CVE-2015-6016According to the reporter, the following models...

Adobe Acrobat and Reader U3D memory corruption vulnerability

Overview Adobe Reader and Acrobat fail to properly handle U3D data, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Reader supports two primary formats for 3D content in PDF documents: U3D and PRC. U3D support is accomplishe...

pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

Overview pppd Point to Point Protocol Daemon versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol EAP packet processing in eaprequest and eapresponse subroutines. Description PPP is the protocol used for establishing internet links ove...

Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input

Overview Cisco's Trust Anchor module TAm can be bypassed through manipulating the bitstream of the Field Programmable Gate Array FPGA. This component handles access control to a hardware component within Cisco's Secure Boot implementations, which affects multiple products that support this...

ptrace contains vulnerability allowing for local root compromise

Overview A vulnerability in the Linux 2.2 and 2.4 distributions of ptrace may permit a local attacker to gain elevated privileges. Description The Linux 2.2 and 2.4 kernels contained a flaw in ptrace. This vulnerability may permit a local user to have the kernel spawn a child process. From the ma...

Corel / Micrografx ActiveCGM Browser ActiveX control buffer overflows

Overview The Corel / Micrografx ActiveCGM Browser ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Corel ActiveCGM Browser is an ActiveX control that allows viewing of Computer...

Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability

Overview Cisco Adaptive Security Appliance ASA Internet Key Exchange versions 1 and 2 IKEv1 and IKEv2 contains a buffer overflow vulnerability that may be leveraged to gain remote code execution. Description CWE-119: Improper Restriction of Operations within the Bound of a Memory Buffer -...

Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL

Overview Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user's credentials...

Rejetto HTTP File Server (HFS) search feature fails to handle null bytes

Overview Rejetto HTTP File Server HFS search feature in versions 2.3, 2.3a, and 2.3b fails to handle null bytes. Description CWE-158: Improper Neutralization of Null Byte or NUL Character - CVE-2014-6287Rejetto HFS versions 2.3, 2.3a, and 2.3b are vulnerable to remote command execution due to a...

Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

Overview The encryption key length negotiation process in Bluetooth BR/EDR Core v5.1 and earlier is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges. This can be achieved using an attack referred to...

Microsoft Windows domain-configured client Group Policy fails to authenticate servers

Overview Microsoft Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention UNC paths. Description Microsoft has released MS15-011, detailing a critical flaw in which Windows domain-configured client Group Policy fails to authenticate servers ov...

Samba vfs_fruit module insecurely handles extended file attributes

Overview The Samba vfsfruit module allows out-of-bounds heap read and write via extended file attributes CVE-2021-44142. This vulnerability allows a remote attacker to execute arbitrary code with root privileges. Description The Samba vfsfruit module uses extended file attributes EA, xattr to...

Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Overview Swann network video recorder NVR devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Description CWE-259: Use of Hard-coded Password - CVE-2015-8286 According to the researcher, the Swann SRNVW-470LCD and Swann...

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file operations

Overview The Common Desktop Environment CDE ToolTalk RPC database server does not adequately validate file operations and follows symbolic links, allowing a local attacker to overwrite any file that is writeable by the server. The ToolTalk RPC database server typically runs with root privileges...

Multiple programming languages fail to escape arguments properly in Microsoft Windows

Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running on Window...

Telnet Client Information Disclosure Vulnerability

Overview A vulnerability in the handling of the NEW-ENVIRON command allows a malicious telnet server to gain information from a client's environment variables. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telne...

Sendmail address parsing buffer overflow

Overview Sendmail contains a buffer overflow in code that parses email addresses. A remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. Description Sendmail is a widely used mail transfer agent MTA. There is a stack overflow vulnerability in code that...

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Overview The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges. Description CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization...

Green Packet DX-350 contains insecure default credentials

Overview Green Packet DX-350 uses default credentials Description CWE-255: Credentials Management - CVE-2016-6552Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device. --- Impact A remote attacker can ta...

Microsoft Exchange Server fails to properly decode MIME email messages

Overview Microsoft Exchange Server contains a remote code execution vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system. Description Microsoft Exchange Server fails to properly process MIME messages. When an email message...

Microsoft Office fails to properly handle document properties

Overview Microsoft Office contains a buffer overflow when handling specially crafted document properties. This vulnerability could allow a remote attacker to execute arbitrary code. Description Microsoft Office applications fail to properly validate property fields resulting in a buffer overflow...

glibc vulnerable to stack buffer overflow in DNS resolver

Overview GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code. Description CWE-121: Stack-based Buffer Overflow - CVE-2015-7547According to a Google security blog post: "The glibc DNS client side resolver is vulnerable...

EMC Documentum products contain multiple vulnerabilities

Overview EMC Documentum products including Content Server, D2, and Web Development Kit WDK contain multiple vulnerabilities. Description EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet. For status from the vendor,...

Liferay Portal PCE contains multiple cross-site scripting vulnerabilities

Overview Liferay Portal versions 6.1.2 CE GA3, 6.1.X EE, 6.2.X EE, Master contain multiple cross-site scripting vulnerabilities Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-2963Liferay is affected by a Persistent Cross Site...

Microsoft Internet Explorer CButton use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the CButton object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability in the mshtml...

OpenBSD IPv6 kernel buffer overflow vulnerability

Overview A vulnerability in the OpenBSD kernel could allow a remote attacker to execute arbitrary code on a vulnerable system or cause the system to crash. Description The OpenBSD kernel contains a flaw in its handling of kernel memory buffers when processing IPv6 packets. This flaw results in a...

Mozilla Thunderbird does not adequately restrict HTML elements in email message content

Overview Mozilla Thunderbird does not adequately restrict HTML elements in email content, which could allow an attacker to execute arbitrary script when a specially-crafted email message is forwarded or replied to. Description Vulnerability Lab has reported a vulnerability in the way Mozilla...

SMC SMC8024L2 switch web interface authentication bypass

Overview The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL. Description The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL. An...

Adobe Flash Player contains unspecified code execution vulnerability

Overview Adobe Flash contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The following versions of Adobe Flash versions contain an unspecified vulnerability that can result in memory corruption: Adobe Flash Playe...

Multiple TCP/IP implementations may use statistically predictable initial sequence numbers

Overview Attacks against TCP initial sequence number generation have been discussed for some time now. It has long been recognized that the ability to know or predict ISNs can lead to TCP connection hijacking or spoofing. What was not previously illustrated was just how predictable one...

Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution

Overview Cisco Discovery Protocol CDP is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras CVE-2020-3110, stack overflow...

VPN applications insecurely store session cookies

Overview Multiple Virtual Private Network VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. Description Virtual Private Networks VPNs are used to create a secure connection with another network over the internet. Multiple VPN applications stor...

libpng png_handle_sPLT() integer overflow

Overview The Portable Network Graphics library libpng contains a flaw that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format GIF. The libpng...

DSL routers contain hard-coded "XXXXairocon" credentials

Overview DSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone PLDT, and ZTE contain hard-coded "XXXXairocon" credentials Description CWE-798: Use of Hard-coded Credentials DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine...

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

Overview Some UEFI systems fail to properly restrict access to the boot script used by the EFI S3 Resume Boot Path, allowing an authenticated, local attacker to bypass various firmware write protections. Description According to Rafal Wojtczuk of Bromium and Corey Kallenberg of The MITRE...

Microsoft Excel malformed graphic memory corruption vulnerability

Overview Microsoft Excel contains a memory corruption vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate graphics in Excel data files. When a file with a malformed graphic file is...