PT-2020-6446 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.9 Description: The issue is related to the use of memory after it has been freed in the Linux kernel, specifically in the Nouveau DRM subsystem. This can be exploited by an attacker with a local account and ro...

PT-2020-4970 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.7.11 Description: A race condition exists between certain expand functions expand downwards and expand upwards and page-table free operations from an munmap call. This issue can be exploited to cause a denial ...

PT-2020-14594 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.20 Description: An issue was discovered in Joomla! where missing validation checks on the usergroups table object can result in a broken site configuration. Recommendations: For versions prior to 3.9.20, update t...

PT-2020-6924 · Bouncy Castle +1 · Bouncy Castle Bc C# .Net +3

Name of the Vulnerable Software and Affected Versions: Bouncy Castle BC Java versions 1.65 and earlier Bouncy Castle BC C .NET versions 1.8.6 and earlier Bouncy Castle BC-FJA versions 1.0.2.0 and earlier Bouncy Castle BC-FNA versions 1.0.1.0 and earlier Description: The issue is related to a timi...

PT-2020-12783 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.6.4 iTop versions prior to 2.7.0 Description: The issue concerns a stored XSS payload that can be exploited through a menu shortcut name in iTop. Recommendations: For versions prior to 2.6.4, update to version 2.6.4 o...

PT-2022-1733 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.4 through 5.6.10 Description: The issue is related to a heap out-of-bounds write in the netfilter subsystem of the Linux kernel, specifically in the nf dup netdev.c file. This can allow local users to gain privileges o...

PT-2020-10244 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.5.4 Combodo iTop versions prior to 2.6.3 Combodo iTop versions prior to 2.7.0 Description: A post-authentication privilege escalation issue in the web application of Combodo iTop allows regular authenticated...

PT-2020-12157 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to delete a glossary term via a crafted request to the admin/manage-glossary.php endpoint. This is made possible by a CSRF flaw. Recommendations: For Chadh...

PT-2020-6587

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http2 versions prior to 4.1.61.Final Description: The issue is related to a lack of proper validation of the content-length header in HTTP/2 requests. If a request only uses a single Http2HeaderFrame with the endStream se...

PT-2020-2428 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.6 Description: The issue is related to a memory leak in the svm cpu uninit function in arch/x86/kvm/svm.c. This leak occurs once at boot time and is negligible in size. It cannot be triggered at will. Third...

PT-2020-5321 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.27 PHP versions 7.3.x through 7.3.14 PHP versions 7.4.x through 7.4.2 Description: The issue is related to the incorrect preservation of permissions when creating PHAR archives using the...

PT-2020-7594 · Red Hat · Openshift

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this m...

PT-2020-3040

Name of the Vulnerable Software and Affected Versions Ansible versions 2.7.x through 2.7.14 Ansible versions 2.8.x through 2.8.6 Ansible versions 2.9.x through 2.9.0 Description The issue is related to the absence of consideration for the no log flag in Ansible's system management configuration...

PT-2019-3755 · Oracle +1 · Oracle Business Intelligence Enterprise Edition +1

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 12.2.1.3.0 through 12.2.1.4.0 Description: The issue is related to inadequate access control in the Analytics Actions subcomponent of Oracle Business Intelligence Enterprise Edition, pa...

PT-2019-5845 · Imagemagick +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.9-0 Description: A flaw was found in ImageMagick in MagickCore/quantum.h, related to an integer overflow value. This issue allows a remote attacker to cause a denial of service using a specially crafted file...

PT-2019-5862 · Imagemagick +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.8-68 Description: A flaw was found in ImageMagick in MagickCore/resize.c, where an attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math...

PT-2019-4415 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.6 Description: A memory leak in the nfp abm u32 knode replace function in drivers/net/ethernet/netronome/nfp/abm/cls.c allows attackers to cause a denial of service memory consumption. The issue has been...

PT-2019-5200

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.1.17 Description The issue is related to improper privilege management in the Linux kernel, specifically in the ptrace link function. This can be exploited by local users to obtain root access under certain...

PT-2019-6365 · Mozilla +2 · Firefox +2

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 70 Description: The issue is related to a compromised child process that could inject XBL Bindings into privileged CSS rules, leading to arbitrary code execution and a sandbox escape. It is also described as a...

PT-2019-5302

Name of the Vulnerable Software and Affected Versions Bootstrap versions prior to 3.4.1 for 3.x and 4.3.1 for 4.x Description The issue is related to Cross-Site Scripting XSS in the tooltip or popover data-template attribute of the Bootstrap toolkit. This is due to a lack of input sanitization,...

PT-2019-6437 · Advanced Micro Devices Inc. +2 · Amd Secure Encrypted Virtualization +3

Name of the Vulnerable Software and Affected Versions: Secure Encrypted Virtualization SEV on Advanced Micro Devices AMD Platform Security Processor PSP 0.17 build 11 and earlier Description: The issue is related to an insecure cryptographic implementation in AMD's Secure Encrypted Virtualization...

PT-2019-1442 · Openssh +6 · Openssh +6

Name of the Vulnerable Software and Affected Versions: OpenSSH version 7.9 Description: The issue is related to insufficient access control in the OpenSSH utility, specifically in the refresh progress meter function. This can allow a remote attacker to disclose protected information or execute...

PT-2018-4634 · Bouncy Castle +1 · Bouncy Castle Jce Provider +1

Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.51 through 1.55 Description: A carry propagation bug was introduced in the implementation of squaring for several raw math classes, which are used by custom elliptic curve implementations. This bug could...

PT-2018-47: SQL Injection in EVLink Parking

The specialists of the Positive Research center have detected an SQL Injection vulnerability in the EVLink Parking product. An SQL injection vulnerability in Schneider Electric’s EVLink Parking allows attackers to obtain unauthorized access to the web interface with full privileges. How to fix Us...

PT-2018-10399 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 2.0.0 Description: An issue was discovered where the zb system/cmd.php API endpoint, specifically the act=verify action, relies on MD5 for the password parameter. This could potentially make it easier for attackers to bypass...

PT-2018-9372

Name of the Vulnerable Software and Affected Versions Linux Kernel versions 3.18 through 4.16 Description The Linux Kernel incorrectly handles an SG IO ioctl on /dev/sg0 with dxfer direction=SG DXFER FROM DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the...

PT-2018-14: Buffer Overflow in PHOENIX CONTACT FL SWITCH

The specialists of the Positive Research center have detected a Buffer Overflow vulnerability in PHOENIX CONTACT FL SWITCH. A buffer overflow vulnerability in Phoenix Contact managed FL SWITCH due to improper handling of very large cookies allows attackers to obtain unauthorized access to the...

PT-2018-1905 · Rsync +3 · Rsync +3

Name of the Vulnerable Software and Affected Versions: rsync versions prior to 3.1.3 Description: The issue is related to the parse arguments function in options.c in rsyncd, which does not prevent multiple uses of the --protect-args parameter. This allows remote attackers to bypass an...

PT-2020-6701 · Fasterxml +4 · Fasterxml Jackson Databind +4

Name of the Vulnerable Software and Affected Versions: FasterXML Jackson Databind affected versions not specified Description: A flaw in FasterXML Jackson Databind allows vulnerability to XML external entity XXE attacks due to improper entity expansion security. The highest threat from this issue...

PT-2017-12931 · Imagemagick +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.7-10 Description: The issue causes a crash when image dimensions are too large, instead of reporting a "width or height exceeds limit" error. This can be demonstrated using the mpc coder. Recommendations: For...

PT-2017-4083 · Pivotal +1 · Rabbitmq +1

Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 3.4.x through 3.5.x and 3.6.x prior to 3.6.9 RabbitMQ for PCF versions 1.5.x and 1.6.x prior to 1.6.18 and 1.7.x prior to 1.7.15 Description: The issue is related to insufficient protection measures in the RabbitMQ managemen...

PT-2018-29: Stored Cross-Site Scripting in Cisco Secure ACS

The specialists of the Positive Research center have detected a Stored Cross-Site Scripting vulnerability in Cisco Secure ACS. A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS, due to insufficient input validation of user-supplied values and a la...

PT-2018-31: XXE Injection in Cisco Secure ACS

The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...

PT-2017-18734 · Autotrace +1 · Autotrace +1

Name of the Vulnerable Software and Affected Versions: AutoTrace version 0.31.1 Description: The issue is related to a heap-based buffer over-read in the pnm load raw function, located in the input-pnm.c file. This function is part of the libautotrace.a library in AutoTrace. The over-read occurs ...

PT-2017-2221 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue exists due to insufficient input validation in the tcp v6 syn recv sock function. This can be exploited by a local user to cause a denial of service or possibly have other unspecifi...

PT-2018-15: Arbitrary Code Execution in Schneider Electric's Modicon Quantum

The specialists of the Positive Research center have detected an Arbitrary Code Execution vulnerability in Schneider Electric's Modicon Quantum. A vulnerability allows attackers to execute arbitrary code, cause a denial of service, or load a malicious firmware via an FTP command used to upgrade t...

PT-2022-5917 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a stack overflow flaw in the Linux kernel's SYSCTL subsystem, which occurs when a user changes certain kernel parameters and variables. This flaw can be exploit...

PT-2017-1185 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.9.8 Description: The issue is related to errors in resource management in the nested vmx check vmptr function of the Linux operating system. This can be exploited by a local attacker to cause a denial of...

PT-2022-1364

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.8 through 5.16.10 Linux kernel versions 5.15 through 5.15.24 Linux kernel versions 5.10 through 5.10.101 Description A flaw exists in the Linux kernel where the flags member of the new pipe buffer structure is not...

PT-2016-6602 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.5.51 and earlier Oracle MySQL versions 5.6.32 and earlier Oracle MySQL versions 5.7.14 and earlier Description: The issue allows remote administrators to affect availability via vectors related to Server: Federated. It...

PT-2021-3311

Name of the Vulnerable Software and Affected Versions 802.11 standard affected versions not specified Description The issue concerns the 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP. It does not require that all fragments of a frame ar...

PT-2016-1518

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.2p2 Description The issue allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the do authenticated1 and session x11 req functions. This is due ...

PT-2015-1244

Name of the Vulnerable Software and Affected Versions ProFTPD version 1.3.5 Description The issue allows remote attackers to read and write to arbitrary files. This is achieved via the site cpfr and site cpto commands, which are part of the mod copy module in the ProFTPD FTP server. Recommendatio...

PT-2016-01: Arbitrary File Upload in Advantech WebAccess

The specialists of the Positive Research center have detected an Arbitrary File Upload vulnerability in Advantech WebAccess. It was discovered that Advantech WebAccess before 8.1 allows remote unauthenticated users to create or write to arbitrary files on the server. How to fix Update your softwa...

PT-2019-4107 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.34 through 5.2.x Description: A buffer overflow flaw was found in the Linux kernel's vhost functionality, which translates virtqueue buffers to IOVs and logs buffer descriptors during migration. This flaw can be...

PT-2013-5239 · Hewlett Packard · Hpe Integrated Lights-Out 4 +2

Name of the Vulnerable Software and Affected Versions: HP Integrated Lights-Out 4 iLO4 versions prior to 1.32 HP Integrated Lights-Out 3 iLO3 affected versions not specified Description: The issue allows remote authenticated users to obtain sensitive information via unknown vectors. It could also...

PT-2013-83: Arbitrary HTML Injection in Siemens SIMATIC S7-1500 CPU PLC

The specialists of the Positive Research center have detected an Arbitrary HTML Injection vulnerability in Siemens SIMATIC S7-1500 CPU PLC. The integrated web server port 80/tcp and port 443/tcp of the affected device might allow attackers to inject HTML headers. How to fix Update your firmware u...

PT-2013-3438 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.4 Description: The issue is related to a heap-based buffer overflow in the wdm in callback function. This can be exploited by physically proximate attackers using a crafted cdc-wdm USB device, potentially...

PT-2013-43: Hard-coded credentials in Siemens WinCC and SIMATIC PCS 7

The specialists of the Positive Research center have detected a vulnerability in Siemens WinCC and SIMATIC PCS 7 related to hard-coded credentials used in the login system . Attackers with network access and knowledge of the credentials could log into the Web Navigator Web applications as an...

PT-2013-12: open_basedir bypass in PHP

The specialists of Positive Technologies have detected bypass of the configuration directive "openbasedir" in PHP. The vulnerability was detected in the PHP's built-in SoapClient class. PHP does not validate the configration directive "soap.wsdlcachedir" before writing SOAP wsdl cache files to th...