Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

Overview The Microsoft Windows Kernel Transaction Manager KTM is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation. Description CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization 'Rac...

Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed

Overview Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. CWE-328 Description Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. CWE-32...

HP System Management Homepage contains a command injection vulnerability

Overview HP System Management Homepage contains a command injection vulnerability CWE-77 that may result in arbitrary command execution and privilege escalation. Description Markus Wulftange from Daimler TSS reports: The vulnerability is located in the ginkgosnmp.inc PHP file in the...

Mozilla Firefox command line URI handling vulnerability

Overview Mozilla Firefox contains a vulnerability that may allow an attacker to bypass security restrictions by opening specially crafted URIs using the Firefox command line interface. Description Mozilla Firefox can process URIs from its command line interface that can be accessed by users or...

Mozilla denial of service vulnerability

Overview Certain Mozilla products contain a denial-of-service vulnerability. Description Certain Mozilla products contain a denial-of-service vulnerability that occurs because of an infinite loop in the jsdtoa function. Mozilla Firefox versions prior to 2.0.0.1, Thunderbird prior to 1.5.0.9, and...

Sun Solaris dtmail contains a format string vulnerability

Overview A vulnerability in the way dtmail handles command-line arguments could allow an attacker to execute arbitrary code. Description The dtmail program is a mail user agent MUA for the Common Desktop Environment CDE. It provides a graphical user interface for reading, sending, and managing...

CacheGuard OS contains a cross-site request forgery vulnerability

Overview CacheGuard OS v5.7.7 does not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. Description CWE-352: Cross-Site Request Forgery CSRF CacheGuard OS v5.7.7 does not sufficiently verify wheth...

AirDroid web interface XSS vulnerability

Overview AirDroid web interface contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'The AirDroid web interface fails to sanitize malicious code within a text message on the target phone causing the script to be execut...

D-Link DSL2730U router restricted telnet shell command whitelisting bypass

Overview D-Link DSL2730U routers contain a restricted telnet shell with limited allowed commands. An authenticated attacker can chain unauthorized commands through authorized commands in order to bypass the command whitelisting. Description CWE-78: Improper Neutralization of Special Elements used...

Microsoft Internet Explorer 8 use-after-free vulnerability

Overview Microsoft Internet Explorer 8 is susceptible to a use-after-free vulnerability in the mshtml.dll library. Description The use-after-free vulnerability is triggered when handling circular memory references. Full details of the crash can be found at Michal Zalewski's website. Additional...

Image files in UEFI can be abused to modify boot behavior

Overview Implementation of Unified Extensible Firmware Interface UEFI by Vendors provide a way to customize logo image displayed during the early boot phase. Binarly has uncovered vulnerabilities in the image parsing libraries that provide this capability. An attacker with local privileged access...

Multiple BGP implementations are vulnerable to improperly formatted BGP updates

Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the underlying TCP connection for the BGP session and de-peer the router. This is undesirable because a session reset impac...

Embedded devices use non-unique X.509 certificates and SSH host keys

Overview Embedded devices use non-unique X.509 certificates and SSH host keys that can be leveraged in impersonation, man-in-the-middle, or passive decryption attacks. Description CWE-321: Use of Hard-coded Cryptographic Key - Multiple CVEsResearch by Stefan Viehbཬk of SEC Consult has found that...

Voice over LTE implementations contain multiple vulnerabilities

Overview Long Term Evolution LTE mobile networks are currently deployed through the world. These LTE mobile networks make use of full packet switching and the IP protocol, unlike previous iterations of the mobile network. This change from circuit switching to packet switching allows new attacks n...

Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities

Overview The Phillipine Long Distance Telephone PLDT company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. Description PLDT provides SpeedSurf 504AN,...

Recursive DNS resolver implementations may follow referrals infinitely

Overview Recursive DNS resolvers may become stuck following an infinite chain of referrals due to a malicious authoritative server. Description RFC 1034 describes the standard technical issues of enabling domain delegations in DNS, but does not provide a specific implementation, leaving DNS serve...

Microsoft Windows automatically executes code specified in shortcut files

Overview Microsoft Windows automatically executes code specified in shortcut LNK and PIF files. Description Microsoft Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. A PIF file is a shortcut to a MS-DOS application. Clicking on a LNK or PIF file has...

Adobe Acrobat Plug-In cross domain violation

Overview The Adobe Acrobat Plug-In fails to properly validate user-supplied content, which may allow for cross-site scripting. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view...

3Com HomeConnect Cable Modem vulnerable to DoS via long string of characters

Overview Intruders can disrupt the normal operation of a 3Com HomeConnect Cable Modem. Description The 3Com HomeConnect Cable Modem contains a web server. This web server is used to administer the cable modem. By default, this web server is configured to allow any user local or remote to connect ...

Microsoft COM+ contains a memory management flaw

Overview Microsoft COM+ contains a vulnerability due to a memory management flaw that may allow an attacker to take complete control of an affected system. Description Microsoft gives the following definition of COM+: COM+ is the next step in the evolution of the Microsoft Component Object Model...

BMC software fails to validate IPMI session.

Overview The Intelligent Platform Management Interface IPMI implementations in multiple manufacturer's Baseboard Management Controller BMC software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network with IPMI enabled can abuse the lack of session integrity to...

Brocade BigIron RX switch ACL bypass vulnerability

Overview Brocade BigIron RX switch devices are susceptible to an access control list ACL bypass vulnerability by sending packets with the source port 179. Description Brocade BigIron RX switch devices do not properly restricted packets sent with a source port of 179. Port 179 is commonly used for...

Apple Safari window object invalid pointer vulnerability

Overview Apple Safari contains a vulnerability in the handling of window objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Safari fails to properly handle references to window objects. Safari can allow a window object t...

BIND DNS Nameserver, DNSSEC validation Vulnerability

Overview A vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache. Description BIND 9 contains a vulnerability in the way recursive client queries are handled. According to ISC:A nameserver with DNSSEC validation enabled...

MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities

Overview Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. Description Several vulnerabilities exist in the Authentication Service and Key Distributio...

OpenSSH contains a race condition vulnerability

Overview A race condition vulnerability exists in the OpenSSH daemon. Successful exploitation of this vulnerability may result in a denial-of-service condition. Description OpenSSH is an open source client and server implementation of the Secure Shell SSH protocol.The OpenSSH server includes the...

Linux kernel fails to properly handle malformed SCTP packets

Overview It is possible to cause a denial of service of the Linux kernel by sending a SCTP packet containing no chunks. Description The Stream Control Transmission Protocol SCTP, RFC 2960 is a transport layer protocol which provides reliable, sequential transport of message streams with congestio...

libpng contains integer overflows in progressive display image reading

Overview The Portable Network Graphics library libpng contains several flaws in progressive image handling that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...

Linux kernel do_brk() function contains integer overflow

Overview A vulnerability in the linux kernel may permit a local user to gain elevated privileges. Description Versions of the Linux kernel prior to 2.4.23 an integer overflow vulnerability in the brk system call dobrk function. This vulnerability may be exploited by a local user to gain elevated ...

CGI.pm vulnerable to Cross-site Scripting

Overview A vulnerability in the Common Gateway Interface CGI Perl module may allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers su...

Apache Portable Runtime contains heap buffer overflow in apr_psprintf()

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to conduct denial-of-service attacks against an affected server. Description The Apache HTTP server contains a heap buffer overflow vulnerability in the aprpsprintf function. The Apache Softwar...

Sun ONE Directory Server "ns-ldapd" can be terminated by unprivileged user

Overview A denial-of-service vulnerability exists in the Sun ONE Directory Server. This vulnerability may allow a remote attacker to effectively terminate directory services on the affected host. Description Sun describes the Sun ONE Directory Server asa software product that provides a central...

cgiemail web-based email system does not adequately validate user input thereby causing buffer overflow in cgisco.c

Overview There exists a buffer overflow vulnerability in cgiemail that allows execution of arbitrary code. Description cgiemail is a CGI program maintained that composes data submitted on Web forms into email messages. The cgicso.c component of the web-based email system cgiemail contains a buffe...

iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the XNU kernel lio_listio() function

Overview iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the GNU kernel's liolistio function, which can allow a malicious application to achieve unsandboxed, kernel-level code execution. Description iOS, iPadOS, tvOS, watchOS, and macOS contain an a double-free...

ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation

Overview On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint by causing the SecureConnector agent to execute arbitrary code. Description On Windows endpoints, the...

Ragentek Android OTA update mechanism vulnerable to MITM attack

Overview Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges. Description CWE-494: Download of Code Without Integrity Check - CVE-2016-6564 Android...

NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities

Overview NUUO NVRmini 2, NVRsolo, Crystal, and Netgear ReadyNAS Surveillance products have web management interfaces containing multiple vulnerabilities that can be leveraged to gain complete control of affected devices. Description NUUO NVRmini 2, NVRsolo, and Crystal, and Netgear ReadyNAS...

Java 7 fails to restrict access to privileged code

Overview Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Oracle Java Runtime Environment JRE 1.7 allows users to run Java applications in a browser or as...

TWiki command execution vulnerability

Overview The TWiki wiki software fails to validate input passed to certain URLs. By accessing a URL containing the TWiki configuration script, an attacker may be able to read arbitrary files. Description TWiki is a wiki that is runs in the context of the Apache web server. TWiki is installed by...

Adobe Flash Player long string buffer overflow

Overview Adobe Flash Player fails to properly handle malformed strings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed withi...

Microsoft Virtual Machine allows applets write access to the Standard Security Manager

Overview A flaw in the Microsoft virtual machine Microsoft VM could allow malicious Java applets to block other, legitimate applets from running, resulting in a denial-of-service condition. Description The Microsoft virtual machine Microsoft VM enables Java programs to run on Windows platforms. T...

Toshiba 4690 OS contains an information disclosure vulnerability

Overview The Toshiba 4690 operating system, version 6 Release 3 and possibly earlier versions, contains an information disclosure vulnerability. Description CWE-200: Information Exposure - CVE-2014-4876The Toshiba 4690 operating system, version 6 Release 3 and possibly earlier versions, contains...

Huawei E585 pocket wifi 2 device contains multiple vulnerabilities

Overview The Huawei E585 pocket wifi 2 device contains multiple vulnerabilities which could allow an attacker to perform administrative functions on the device. Description The Huawei E585 pocket wifi 2 device contains multiple vulnerabilities which could allow an attacker to perform administrati...

HP StorageWorks P2000 G3 directory traversal vulnerability

Overview HP StorageWorks P2000 G3 contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information. Description HP StorageWorks P2000 G3 contains an embedded webserver which is vulnerable to a directory traversal vulnerability which m...

WiFi Protected Setup (WPS) PIN brute force vulnerability

Overview The WiFi Protected Setup WPS PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8...

Ruby WEBrick vulnerable to directory traversal

Overview Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash \ path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory. Description WEBrick is a Ruby library program to build HTTP servers...

Microsoft Windows HTML Help ActiveX control does not adequately validate window source

Overview The Microsoft Windows HTML Help ActiveX control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML...

OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system Description Servers running OpenSSL pre-release version 0.9.7 with Kerberos...

Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure

Overview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description The Bluetooth Core Specification and Mesh Profile Specification are t...

Machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack

Overview Machine learning models trained using gradient descent can be forced to make arbitrary misclassifications by an attacker that can influence the items to be classified. The impact of a misclassification varies widely depending on the ML model's purpose and of what systems it is a part...