Lucene search
K
RocketsoftwareUnidata

9 matches found

CVE
CVE
added 2023/03/29 8:12 p.m.93 views

CVE-2023-28505

CVE-2023-28505 affects Rocket Software UniData (pre-8.2.4 build 3003) and UniVerse (pre-11.3.5 build 1001, pre-12.2.1 build 2002). It describes a buffer overflow in an API function that copies a string into a caller-provided buffer without length checking, requiring a valid login to exploit. Conn...

8.8CVSS9AI score0.0084EPSS
CVE
CVE
added 2023/03/29 8:3 p.m.84 views

CVE-2023-28502

CVE-2023-28502 affects Rocket Software UniData/UniVerse: stack-based buffer overflow in the udadmin_server RPC service (and related UniRPC components) permitting remote code execution as root on Linux. Affected versions include UniData <= 8.2.4 build 3003 and UniVerse

9.8CVSS10AI score0.61102EPSS
Web
CVE
CVE
added 2023/03/29 8:16 p.m.83 views

CVE-2023-28508

CVE-2023-28508 is a heap-based overflow affecting Rocket Software UniData (pre-8.2.4 build 3003) and UniVerse (pre-11.3.5 build 1001 or pre-12.2.1 build 2002). The issue arises in the UniRPC stack (unirpcd and related components): input handling in the RPC packet body can overflow the heap when a...

8.8CVSS8.9AI score0.00897EPSS
CVE
CVE
added 2023/03/29 7:54 p.m.78 views

CVE-2023-28501

CVE-2023-28501 affects Rocket Software UniData (pre-8.2.4 build 3003) and UniVerse (pre-11.3.5 build 1001 or pre-12.2.1 build 2002). The root cause is a heap-based buffer overflow in the unirpcd daemon, enabling remote code execution as root if exploited. Connected sources document a pre-authenti...

9.8CVSS10AI score0.01418EPSS
CVE
CVE
added 2023/03/29 8:18 p.m.75 views

CVE-2023-28509

CVE-2023-28509 affects Rocket Software UniData/UniVerse, where packet-level security and on-wire passwords are protected with weak encryption. Affected versions: UniData < 8.2.4 build 3003; UniVerse < 11.3.5 build 1001; UniVerse

7.5CVSS7.8AI score0.00281EPSS
CVE
CVE
added 2023/03/29 8:9 p.m.73 views

CVE-2023-28503

CVE-2023-28503 describes an authentication bypass in Rocket Software UniData/UniVerse UniRPC stack. The root cause is a flaw in libunidata.so and related RPC services that lets an attacker authenticate as a legitimate Linux user using a special username (:local:) and a deterministic, encoded pass...

9.8CVSS9.9AI score0.62136EPSS
Web
CVE
CVE
added 2023/03/29 8:11 p.m.68 views

CVE-2023-28504

CVE-2023-28504 describes a pre-authentication stack-buffer overflow in Rocket Software UniData/UniVerse components (libunidata.so) via the UniRPC server and related services. The issue, tied to U_rep_rpc_server_submain() and related code paths, can allow remote code execution as root without auth...

9.8CVSS10AI score0.01418EPSS
CVE
CVE
added 2023/03/29 8:13 p.m.65 views

CVE-2023-28506

CVE-2023-28506 is a stack-based buffer overflow in Rocket Software UniRPC-related components affecting UniData before 8.2.4 build 3003 and UniVerse before 11.3.5 build 1001 or 12.2.1 build 2002. The root cause is copying a string into a stack buffer using a memcpy-like routine with a user-supplie...

8.8CVSS8.8AI score0.00911EPSS
CVE
CVE
added 2023/03/29 8:15 p.m.61 views

CVE-2023-28507

CVE-2023-28507 describes a memory-exhaustion issue in Rocket Software UniData/UniVerse: the LZ4 decompression in the UniRPC daemon (unirpcd) can allocate increasing memory until allocation failure. Affected products are UniData < 8.2.4 build 3003 and UniVerse < 11.3.5 build 1001 or

9.8CVSS9.5AI score0.00923EPSS