Category Archives: Advisories

USN-5450-1: Subversion vulnerabilities

Read Time:21 Second

Evgeny Kotkov discovered that subversion servers did not properly follow
path-based authorization rules in certain cases. An attacker could
potentially use this issue to retrieve information about private paths.
(CVE-2021-28544)

Thomas Weißschuh discovered that subversion servers did not properly handle
memory in certain configurations. A remote attacker could potentially use
this issue to cause a denial of service or other unspecified impact.
(CVE-2022-24070)

Read More

CVE-2021-28508

Read Time:19 Second

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device.

Read More

CVE-2021-28509

Read Time:19 Second

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.

Read More

USN-5448-1: ncurses vulnerabilities

Read Time:1 Minute, 5 Second

It was discovered that ncurses was not properly checking array bounds
when executing the fmt_entry function, which could result in an
out-of-bounds write. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2017-10684)

It was discovered that ncurses was not properly checking user input,
which could result in it being treated as a format argument. An
attacker could possibly use this issue to expose sensitive
information or to execute arbitrary code. (CVE-2017-10685)

It was discovered that ncurses was incorrectly performing memory
management operations and was not blocking access attempts to
illegal memory locations. An attacker could possibly use this issue
to cause a denial of service. (CVE-2017-11112, CVE-2017-13729,
CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733,
CVE-2017-13734)

It was discovered that ncurses was not properly performing checks
on pointer values before attempting to access the related memory
locations, which could lead to NULL pointer dereferencing. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-11113)

It was discovered that ncurses was incorrectly handling loops in
libtic, which could lead to the execution of an infinite loop. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-13728)

Read More

CVE-2021-33014

Read Time:9 Second

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.

Read More

CVE-2021-33016

Read Time:10 Second

An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.

Read More

CVE-2021-4232

Read Time:16 Second

A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely.

Read More

[R1] Nessus Version 8.15.5 Fixes Multiple Third-Party Vulnerabilities

Read Time:28 Second

[R1] Nessus Version 8.15.5 Fixes Multiple Third-Party Vulnerabilities
Arnie Cabral
Thu, 05/26/2022 – 12:45

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (expat) was found to contain vulnerabilities, and an updated version has been made available by the provider.

Out of caution and in line with good practice, Tenable has opted to upgrade the expat component to address the potential impact of the issue. Nessus 8.15.5 updates expat to version 2.4.8 to address the identified vulnerabilities.

Read More

CVE-2021-34360

Read Time:25 Second

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later

Read More