⚠ CVE: CVE-2020-24640
🔴Severity: HIGH
❔ Details: There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
☢ References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt
🔴Severity: HIGH
❔ Details: There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
☢ References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt
⚠ CVE: CVE-2020-27265
🔴Severity: HIGH
❔ Details: KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
☢ References: https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
🔴Severity: HIGH
❔ Details: KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
☢ References: https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
us-cert.cisa.gov
PTC Kepware KEPServerEX (Update A) | CISA
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: PTC
Equipment: Kepware KEPServerEX
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free
2.
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: PTC
Equipment: Kepware KEPServerEX
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free
2.
⚠ CVE: CVE-2020-27267
🟡Severity: MEDIUM
❔ Details: KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
☢ References: https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
🟡Severity: MEDIUM
❔ Details: KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
☢ References: https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
us-cert.cisa.gov
PTC Kepware KEPServerEX (Update A) | CISA
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: PTC
Equipment: Kepware KEPServerEX
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free
2.
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: PTC
Equipment: Kepware KEPServerEX
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free
2.
⚠ CVE: CVE-2020-27263
🟡Severity: MEDIUM
❔ Details: KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
☢ References: https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
🟡Severity: MEDIUM
❔ Details: KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
☢ References: https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
us-cert.cisa.gov
PTC Kepware KEPServerEX (Update A) | CISA
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: PTC
Equipment: Kepware KEPServerEX
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free
2.
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: PTC
Equipment: Kepware KEPServerEX
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free
2.
⚠ CVE: CVE-2020-5685
🔴Severity: HIGH
❔ Details: UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL.
☢ References: https://jvn.jp/en/jp/JVN38784555/index.html
🔴Severity: HIGH
❔ Details: UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL.
☢ References: https://jvn.jp/en/jp/JVN38784555/index.html
jvn.jp
JVN#38784555: Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series
Japan Vulnerability Notes
⚠ CVE: CVE-2020-29493
🔴Severity: HIGH
❔ Details: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
☢ References: https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities
🔴Severity: HIGH
❔ Details: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
☢ References: https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities
Dell
DSA-2020-272 Dell EMC Avamar Server Security Update for Multiple Vulnerabilities | Dell UK
Dell EMC Avamar Server contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
⚠ CVE: CVE-2020-5633
🔴Severity: HIGH
❔ Details: Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.
☢ References: https://jpn.nec.com/security-info/secinfo/nv21-002.html
🔴Severity: HIGH
❔ Details: Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.
☢ References: https://jpn.nec.com/security-info/secinfo/nv21-002.html
⚠ CVE: CVE-2020-29495
🔴Severity: HIGH
❔ Details: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
☢ References: https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities
🔴Severity: HIGH
❔ Details: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
☢ References: https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities
Dell
DSA-2020-272 Dell EMC Avamar Server Security Update for Multiple Vulnerabilities | Dell UK
Dell EMC Avamar Server contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
⚠ CVE: CVE-2020-24639
🔴Severity: HIGH
❔ Details: There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
☢ References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt
🔴Severity: HIGH
❔ Details: There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
☢ References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt
⚠ CVE: CVE-2021-25323
🟡Severity: MEDIUM
❔ Details: The default setting of MISP 2.4.136 did not enable the requirements (aka requirepasswordconfirmation) to provide the previous password when changing a password.
☢ References: https://github.com/MISP/MISP/commit/afbf95a478b6e94f532ca0776c79da1b08be7eed
🟡Severity: MEDIUM
❔ Details: The default setting of MISP 2.4.136 did not enable the requirements (aka requirepasswordconfirmation) to provide the previous password when changing a password.
☢ References: https://github.com/MISP/MISP/commit/afbf95a478b6e94f532ca0776c79da1b08be7eed
GitHub
fix: [security] Require password confirmations by default · MISP/MISP@afbf95a
- the setting is optional, but the default should be that it's required unless disabled
- As reported by Patrix Kontura from ESET
- As reported by Patrix Kontura from ESET
⚠ CVE: CVE-2021-22851
🔴Severity: HIGH
❔ Details: HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
☢ References: https://www.twcert.org.tw/tw/cp-132-4327-50e99-1.html
🔴Severity: HIGH
❔ Details: HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
☢ References: https://www.twcert.org.tw/tw/cp-132-4327-50e99-1.html
⚠ CVE: CVE-2021-22850
🔴Severity: HIGH
❔ Details: HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
☢ References: https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html
🔴Severity: HIGH
❔ Details: HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
☢ References: https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html
⚠ CVE: CVE-2020-28480
🔴Severity: HIGH
❔ Details: The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.
☢ References: https://github.com/clientIO/joint/pull/1406
🔴Severity: HIGH
❔ Details: The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.
☢ References: https://github.com/clientIO/joint/pull/1406
⚠ CVE: CVE-2016-0718
🔴Severity: HIGH
❔ Details: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
☢ References: http://www.openwall.com/lists/oss-security/2016/05/17/12
🔴Severity: HIGH
❔ Details: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
☢ References: http://www.openwall.com/lists/oss-security/2016/05/17/12
⚠ CVE: CVE-2017-17480
🔴Severity: HIGH
❔ Details: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
☢ References: https://github.com/uclouvain/openjpeg/issues/1044
🔴Severity: HIGH
❔ Details: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
☢ References: https://github.com/uclouvain/openjpeg/issues/1044
GitHub
Similar vulnerable functions related to CVE-2017-14041 · Issue #1044 · uclouvain/openjpeg
There are two functions similar to vulnerable function with id CVE-2017-14041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041 with issue id (#997 ). Below is the patch for CVE-2017-140...
⚠ CVE: CVE-2017-7864
🔴Severity: HIGH
❔ Details: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the ttsizereset function in truetype/ttobjs.c.
☢ References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
🔴Severity: HIGH
❔ Details: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the ttsizereset function in truetype/ttobjs.c.
☢ References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
⚠ CVE: CVE-2016-10328
🔴Severity: HIGH
❔ Details: FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cffparserrun function in cff/cffparse.c.
☢ References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
🔴Severity: HIGH
❔ Details: FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cffparserrun function in cff/cffparse.c.
☢ References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
⚠ CVE: CVE-2021-23926
🟡Severity: MEDIUM
❔ Details: The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
☢ References: https://issues.apache.org/jira/browse/XMLBEANS-517
🟡Severity: MEDIUM
❔ Details: The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
☢ References: https://issues.apache.org/jira/browse/XMLBEANS-517
⚠ CVE: CVE-2021-20617
🔴Severity: HIGH
❔ Details: Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
☢ References: https://www.acmailer.jp/info/de.cgi?id=101
🔴Severity: HIGH
❔ Details: Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
☢ References: https://www.acmailer.jp/info/de.cgi?id=101
www.acmailer.jp
acmailer│無料で使えるメール配信CGI「エーシーメーラー」│インフォメーション
無料で使えるメール配信CGI。フリーなのに、空メールもデコメールも不着メールの削除も予約配信も差込送信もできる高機能。動作確認済みサーバーの報告。
⚠ CVE: CVE-2021-20618
🔴Severity: HIGH
❔ Details: Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
☢ References: https://www.acmailer.jp/info/de.cgi?id=101
🔴Severity: HIGH
❔ Details: Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
☢ References: https://www.acmailer.jp/info/de.cgi?id=101
www.acmailer.jp
acmailer│無料で使えるメール配信CGI「エーシーメーラー」│インフォメーション
無料で使えるメール配信CGI。フリーなのに、空メールもデコメールも不着メールの削除も予約配信も差込送信もできる高機能。動作確認済みサーバーの報告。