Distributed GL Daemon (DGLD) allows attackers to identify IRIX systems

Overview Attackers are using the presence of the dgld service to identify SGI IRIX systems. Description The CERT/CC has received multiple reports of an apparent vulnerability in the Distributed GL Daemon on SGI IRIX systems. Upon further investigation, it is our belief that no vulnerability exist...

Acronis backup software contains multiple privilege escalation vulnerabilities

Overview Acronis True Image, Cyber Backup, and Cyber Protection all contain privilege escalation vulnerabilities, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description CVE-2020-10138 Acronis Cyber Backup 12.5 and Cyber Protect 15 include...

Proxy auto-config (PAC) files have access to full HTTPS URLs

Overview Web proxy auto-config PAC files are passed the full HTTPS URL in GET requests which may expose sensitive data. Description CWE-212: Improper Cross-boundary Removal of Sensitive Data - CVE-2016-5134 Google, CVE-2016-1801 AppleWeb proxy auto-configuration files proxy.pac have access to the...

Apache Struts2 ClassLoader allows access to class properties via request parameters

Overview Apache Struts2 2.3.16.1 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameters Description Apache Struts2 2.3.16.1 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameter...

Webmin and Usermin fail to sanitize user input

Overview Webmin and Usermin do not properly sanitize user input. This vulnerability may allow a remote, unauthenticated user to view any file on the system running Webmin or Usermin. Description Webmin Webmin is popular web-based administration tool for Unix and Linux servers that allows system...

ICU Project ICU4C library contains multiple overflow vulnerabilities

Overview ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow. Description The ICU Project describes ICU as "a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software...

Debian and Ubuntu OpenSSL packages contain a predictable random number generator

Overview A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Description A weakness exists in the random number generator used by the OpenSSL package included with the Debian GNU/Linux...

Mobile device monitoring services do not authenticate API requests

Overview The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability. These services and their associated apps can be used to perform non-consensual,...

CUPS print service is vulnerable to privilege escalation and cross-site scripting

Overview CUPS implements the Internet Printing Protocol IPP for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error. Description CWE-911: Improper Update of Reference Count - CVE-2015-1158An issue with how localized...

Hash table implementations vulnerable to algorithmic complexity attacks

Overview Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service DoS condition. Description Many applications, including common...

PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password

Overview The PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials. Description The PolyVision RoomWizard is a touch screen scheduling...

Lotus Domino R5 Server Family contains multiple vulnerabilities in LDAP handling code

Overview The Lotus Domino R5 Server Family contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this...

Netatalk contains multiple error and memory management vulnerabilities

Overview There are six new vulnerabilities in the latest release of Netatalk 3.1.12 that could allow for Remote Code Execution as well as Out-of-bounds Read. Description Below are the new CVEs. Per ZDI: CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on affected...

Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers

Overview The Open Shortest Path First OSPF protocol does not specify unique Link State Advertisement LSA lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service DoS attack. Description CWE-694: Use of Multiple Resources with a Duplicate Identifier The OSPF...

Hewlett Packard OpenView and Tivoli NetView do not adequately validate SNMP trap arguments

Overview Hewlett Packard's HP OpenView and Tivoli NetView are system management software packages. There is a vulnerability a component of these packages, ovactiond, that allows intruders to execute arbitrary commands as user bin. This may subsequently lead to a root compromise. Description HP...

Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

Overview CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. They discovered multiple new vulnerabilities affecting the device and the firmware, some of which could allow an unauthenticated, local attacker to gain access t...

Cisco WebEx web browser extension allows arbitrary code execution

Overview The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable Windows system. Description Cisco WebEx is a suite of online meeting software. WebEx meetings are usually joined through a web browser...

Exim string_format() buffer overflow

Overview The Exim mail server contains a buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system. Description Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. The internal...

Microsoft IIS WebDAV Remote Authentication Bypass

Overview A vulnerability exists in the way Microsoft Internet Information Server IIS handles unicode tokens that may allow authentication bypass. Description Web-based Distributed Authoring and Versioning WebDAV is a set of HTTP extensions that allow collaborative management and editing of files...

BMC Track-It! contains multiple vulnerabilities

Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities Description CWE-306: Missing Authentication for Critical Function -CVE-2014-4872 BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke...

Oracle Outside In Microsoft Access 1.x parser stack buffer overflow

Overview Oracle Outside In contains a stack buffer overflow vulnerability in the Microsoft Access 1.x database file parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over...

Sun Solaris telnet authentication bypass vulnerability

Overview A vulnerability in the Sun Solaris telnet daemon in.telnetd could allow a remote attacker to log on to the system with elevated privileges. Description The Sun Solaris telnet daemon may accept authentication information via the USER environment variable. However, the daemon does not...

PHP FormMail Generator generates code with multiple vulnerabilities

Overview PHP FormMail Generator is a single-instance website that generates PHP code for standard web forms for inclusion into PHP or WordPress websites. The generated code is vulnerable to authentication bypass and unsafe deserialization of untrusted data. Description CWE-302: Authentication...

NTP.org ntpd contains multiple vulnerabilities

Overview The NTP.org reference implementation of ntpd contains multiple vulnerabilities. Description NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.CWE-294: Authentication Bypass by Capture-replay - CVE-2015-7973 An attacker on the network can record and...

Dell BIOS in some Latitude laptops and Precision Mobile Workstations vulnerable to buffer overflow

Overview Dell BIOS in some older Latitude laptops and Precision Mobile Workstations are vulnerable to buffer overflows CWE-119, which can bypass the signed BIOS enforcement standard. Description CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer Dell BIOS in some olde...

Microsoft Windows based applications may insecurely load dynamic libraries

Overview Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. Description Dynamically Linked Libraries DLLs are executable...

Norton "WrapNISUM Class" (WrapUM.dll) ActiveX control allows remote arbitrary command execution

Overview Symantec's Norton Internet Security 2004 Professional is a software package that provides antivirus, antispam, and personal firewall applications. A vulnerability in an Symantec's Norton Internet Security 2004 suite may permit a remote attacker to execute arbitrary commands on the local...

Compilers permit Unicode control and homoglyph characters

Overview Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers in this report leverage text encoding that may cause source code to be interpreted differently by a compiler than it appears visually to a human reviewer. Source code compilers,...

Apple QuickTime MPEG-4 movie buffer overflow

Overview Apple QuickTime fails to properly handle MPEG-4 movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and...

Microsoft Internet Explorer buffer overflow in PNG image rendering component

Overview A buffer overflow in the PNG image rendering component of Microsoft Internet Explorer IE may allow a remote attacker to execute code on a vulnerable system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...

Check Point VPN-1/FireWall-1 4.1 on Nokia IPXXX firewall appliance retransmits original packets

Overview A vulnerability in Check Point VPN-1/FireWall-1 running on Nokia IPXXX Appliances can allow an attacker to pass traffic allowed by the security policy through the firewall while retaining the external untranslated destination IP address. Description Nokia IPXXX Appliances are security...

Check Point RDP Bypass Vulnerability

Overview Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259. Description Firewall-1 and VPN-1 include support for RDP, but do not provide adequate security controls for RDP data. By adding a faked RDP header to typical UDP traffic...

Thecus NAS Server N8800 contains multiple vulnerabilities

Overview Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Description The 7 Elements advisory states that the Thecus NAS server N8800 device contains the following vulnerabilities:CVE-2013-5667 - Thecus NAS Server N8800...

JAMF Software Casper Suite contains a cross-site request forgery vulnerability

Overview JAMF Software's Casper Suite is susceptible to a cross-site request forgery CSRF CWE-352 vulnerability. Description JAMF Software's Casper Suite, a Mac OS X and iOS client management framework, contains a cross-site request forgery CSRF CWE-352 vulnerability. The reporter provided a...

GoAhead WebServer information disclosure and authentication bypass vulnerabilities

Overview GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU975041. Description GoAhead WebServer contains vulnerabilities...

IBM AIX setsenv buffer overflow

Overview There is a buffer overflow in the IBM AIX setsenv command that may allow local attackers to gain root privileges. Description The setsenv command is used to set protected state environment variables. There is a buffer overflow in a variable value parameter to the setsenv command on IBM A...

NTP.org ntpd is vulnerable to denial of service and other vulnerabilities

Overview NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. Description NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in t...

Oracle Database Net Listener vulnerability

Overview An unspecified vulnerability in Oracle Net Listener may allow a remote attacker to compromise system confidentiality, integrity, and availability. Description Oracle Net Listener contains a vulnerability.The details of this vulnerability are not clear. However, Oracle states this issue c...

CVS contains a heap overflow in the handling of flag insertion

Overview A heap overflow vulnerability in the Concurrent Versions System CVS could allow a remote attacker to execute arbitrary code on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source software development projects. There is a heap memory...

rpc.statd vulnerable to remote root compromise via format string stack overwrite

Overview The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions. Please see the vendors section of this document for specific informatio...

Pulse Connect Secure Samba buffer overflow

Overview Pulse Connect Secure PCS gateway contains a buffer overflow vulnerability in Samba-related code that may allow an authenticated remote attacker to execute arbitrary code. Description CVE-2021-22908 PCS includes the ability to connect to Windows file shares SMB. This capability is provide...

Linux kernel perf_swevent_enabled array out-of-bound access privilege escalation vulnerability

Overview The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges. Description The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array...

Apache mod_isapi module library unload results in orphaned callback pointers

Overview The Apache modisapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP server running on Windows platforms...

Microsoft LSA Service contains buffer overflow in DsRolepInitializeLog() function

Overview The Windows Local Security Authority Service Server LSASS contains a vulnerability that may permit an attacker to completely compromise the system. Description A buffer overflow vulnerability exists in a Microsoft Active Directory service logging function that is exposed by the LSASS...

PHP fails to properly parse the headers of HTTP POST requests

Overview A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server. Description PHP is a popular scripting language in widespread use. For more information about PHP, see...

NicheStack embedded TCP/IP has vulnerabilities

Overview HCC Embedded's software called InterNiche stack NicheStack and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as...

Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks

Overview Bluetooth Low Energy BLE and Basic Rate / Enhanced Data Rate BR/EDR Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using an agreed upon Association Model. It is possible for an...

Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials

Overview The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-5081According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for...

Hewlett Packard JetDirect-enabled printers disclose Telnet/HTTP passwords in hex format via "SNMP READ" request

Overview Hewlett Packard HP printers store sensitive administrative account information in a variable that is served to any user that makes a certain SNMP request. Description HP JetDirect-enabled printers are configurable via HTTP and Telnet and accept SNMP requests. These printers store the...

Oracle9i Application Server OWA_UTIL procedures expose sensitive information

Overview Oracle9i Application Server iAS provides a Procedural Language/Structured Query Language PL/SQL application package called OWAUTIL that provides web access to a number of stored procedures. These procedures could be used by an attacker to view the source code of PL/SQL applications, obta...