VU#491944: Microsoft Windows Remote Desktop Gateway allows for...
Microsoft Windows Remote Desktop Gateway(RD Gateway)is a Windows Server component that provides access to Remote Desktop services without requiring the client system to be present on the same network...
View ArticleVU#335217: Multiple caching service providers are vulnerable to HTTP cache...
CDNs use HTTP caching software to provide high availability and high performance by distributing the service spatially relative to end-users. The HTTP caching software interprets the HTTP request from...
View ArticleVU#338824: Microsoft Internet Explorer Scripting Engine memory corruption...
Microsoft has released Security Advisory ADV200001,which describes a memory corruption vulnerability in the Scripting Engine. This vulnerability is being exploited in the wild.
View ArticleVU#390745: OpenSMTPD vulnerable to local privilege escalation and remote code...
OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol(SMTP)that is part of the OpenBSD Project. OpenSMTPD's smtp_mailaddr()function is responsible for validating...
View ArticleVU#261385: Cisco Discovery Protocol (CDP) enabled devices are vulnerable to...
CVE-2020-3110 Cisco's Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value(TLV). The CVSS score reflected below is...
View ArticleVU#597809: IBM ServeRAID Manager exposes unauthenticated Java Remote Method...
IBM ServeRAID Manager includes an embedded instance of Java version 1.4.2. Both ServeRAID Manager and Java 1.4.2 are no longer supported. ServeRAID Manager uses a Java Remote Method Invocation(RMI)on...
View ArticleVU#498544: ZyXEL pre-authentication command injection in weblogin.cgi
CWE-78:Improper Neutralization of Special Elements used in an OS Command('OS Command Injection') Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program...
View ArticleVU#782301: pppd vulnerable to buffer overflow due to a flaw in EAP packet...
PPP is the protocol used for establishing internet links over dial-up modems,DSL connections,and many other types of point-to-point links including Virtual Private Networks(VPN)such as Point to Point...
View ArticleVU#872016: Microsoft SMBv3 compression remote code execution vulnerability
Microsoft Server Message Block 3.1.1(SMBv3)contains a vulnerability in the way that it handles connections that use compression. This vulnerability may allow a remote,unauthenticated attacker to...
View ArticleVU#425163: Machine learning classifiers trained via gradient descent are...
This vulnerability results from using gradient descent to determine classification of inputs via a neural network. As such,it is a vulnerability in the algorithm. In plain terms,this means that the...
View ArticleVU#354840: Microsoft Windows Type 1 font parsing remote code execution...
Adobe Type Manager,which is provided by atmfd.dll,is a kernel module that is provided by Windows and provides support for OpenType fonts. Two vulnerabilities in the Microsoft Windows Adobe Type Manager...
View ArticleVU#944837: Vertiv Avocent UMG-4000 vulnerable to command injection and...
The Vertiv Avocent UMG-4000 contains multiple vulnerabilities that could allow an authenticated attacker with administrative privileges to remotely execute arbitrary code. The web interface does not...
View ArticleVU#962085: Versiant LYNX Customer Service Portal is vulnerable to stored...
The Versiant LYNX Customer Service Portal(CSP)is a"full-service customer portal that provides real-time information to terminal operators on the status of shipments into and out of a marine container...
View ArticleVU#660597: Periscope BuySpeed is vulnerable to stored cross-site scripting
Periscope BuySpeed is a"tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed version 14.5 is vulnerable to stored cross-site scripting,which could allow a...
View ArticleVU#576779: Netgear httpd upgrade_check.cgi stack buffer overflow
OverviewMultiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root...
View ArticleVU#290915: F5 BIG-IP contains multiple vulnerabilities including...
OverviewF5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command...
View ArticleVU#174059: GRUB2 bootloader is vulnerable to buffer overflow
OverviewThe GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled. DescriptionGRUB2 is a multiboot boot...
View ArticleVU#116713: NCR SelfServ ATM dispenser software contains multiple vulnerabilities
OverviewNCR SelfServ automated teller machines (ATMs) running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the...
View ArticleVU#815655: NCR SelfServ ATM BNA contains multiple vulnerabilities
OverviewNCR SelfServ automated teller machines (ATMs) running APTRA XFS 04.02.01 and 05.01.00 are vulnerable to physical attacks on the communications bus between the host computer and the bunch note...
View ArticleVU#221785: Diebold Nixdorf ProCash 2100xe USB ATM does not adequately secure...
OverviewDiebold Nixdorf 2100xe USB automated teller machines (ATMs) are vulnerable to physical attacks on the communication channel between the cash and check deposit module (CCDM) and the host...
View Article