吉祥寺北口システムが気になった記事をクリップしています。タイトルから元記事にリンクしています。タグは記事タイトルを形態素分析しています。たまにコメントをつけています。
VU
VU#164934 – PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement
164934
(1)
allows
(25)
and
(3289)
can
(241)
Compromise
(17)
credentials
(18)
deleted
(7)
Deploy
(28)
Device
(113)
Facilitate
(2)
lateral
(1)
movement
(7)
of
(3341)
PDQ
(3)
Reuse
(7)
That
(197)
VU
(109)
VU#244112 – Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement
244112
(1)
Are
(214)
attacks
(134)
due
(48)
enforcement
(17)
Insufficient
(5)
multiple
(132)
Services
(6355)
SMTP
(17)
Spoofing
(13)
susceptible
(5)
to
(3295)
VU
(109)
VU#312260 – Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
312260
(1)
50
(318)
after
(85)
and
(3289)
earlier
(11)
Free
(274)
in
(2447)
Lighttpd
(6)
Use
(177)
version
(160)
VU
(109)
Vulnerability
(515)
VU#456537 – RADIUS protocol susceptible to forgery attacks.
456537
(1)
attacks
(134)
Forgery
(7)
Protocol
(58)
RADIUS
(18)
susceptible
(5)
to
(3295)
VU
(109)
VU#253266 – Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
253266
(1)
Allow
(28)
Arbitrary
(26)
Code
(400)
in
(2447)
Injection
(59)
Keras
(10)
Lambda
(205)
layers
(2)
Models
(50)
TensorFlow
(48)
VU
(109)
VU#421644 – HTTP/2 CONTINUATION frames can be utilized for DoS attacks
421644
(1)
attacks
(134)
BE
(151)
can
(241)
CONTINUATION
(5)
DoS
(194)
for
(5179)
Frames
(4)
HTTP
(335)
utilized
(1)
VU
(109)
VU#417980 – Implementations of UDP-based application protocols are vulnerable to network loops
417980
(1)
Application
(184)
Are
(214)
Based
(69)
implementations
(8)
Loops
(2)
Network
(399)
of
(3341)
Protocols
(6)
to
(3295)
UDP
(32)
VU
(109)
vulnerable
(40)
VU#488902 – CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions
488902
(1)
BE
(151)
Conditions
(18)
CPU
(256)
execution
(116)
Hardware
(36)
May
(112)
race
(13)
Speculative
(8)
to
(3295)
Utilizing
(2)
VU
(109)
vulnerable
(40)
VU#132380 – Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
132380
(1)
EDK
(4)
implementation
(26)
in
(2447)
IP
(348)
NetworkPkg
(3)
Stack
(107)
VU
(109)
Vulnerabilities
(210)
VU#347067 – Multiple BGP implementations are vulnerable to improperly formatted BGP updates
347067
(1)
Are
(214)
BGP
(27)
formatted
(1)
implementations
(8)
improperly
(1)
multiple
(132)
to
(3295)
Updates
(389)
VU
(109)
vulnerable
(40)
VU#127587 – Python Parsing Error Enabling Bypass CVE-2023-24329
127587
(1)
2023
(1931)
24329
(2)
Bypass
(67)
CVE-
(1427)
Enabling
(17)
Error
(21)
Parsing
(12)
Python
(163)
VU
(109)
VU#913565 – Hard-coded credentials in Technicolor TG670 DSL gateway router
670
(10)
913565
(2)
coded
(3)
credentials
(18)
DSL-
(8)
Gateway
(182)
Hard
(18)
in
(2447)
Router
(28)
Technicolor
(4)
TG-
(7)
VU
(109)
VU#913565 – Hard-coded credentials in Technicolor TG670 DSL gateway router
670
(10)
913565
(2)
coded
(3)
credentials
(18)
DSL-
(8)
Gateway
(182)
Hard
(18)
in
(2447)
Router
(28)
Technicolor
(4)
TG-
(7)
VU
(109)
VU#782720 – TCG TPM2.0 implementations vulnerable to memory corruption
782720
(1)
corruption
(31)
implementations
(8)
memory
(105)
TCG
(12)
to
(3295)
TPM
(11)
VU
(109)
vulnerable
(40)
VU#434994 – Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
434994
(1)
Conditions
(18)
due
(48)
Flaws
(10)
implementations
(8)
in
(2447)
multiple
(132)
race
(13)
to
(3295)
TOCTOU
(5)
UEFI
(18)
various
(6)
VU
(109)
VU#506989 – Microsoft Windows gives unprivileged user access to system32\config files
32
(141)
506989
(1)
Access
(296)
Config
(63)
files
(67)
gives
(12)
Microsoft
(4459)
System
(332)
to
(3295)
unprivileged
(1)
user
(133)
VU
(109)
Windows
(3425)
VU#114757 – Acronis backup software contains multiple privilege escalation vulnerabilities
114757
(1)
Acronis
(21)
Backup
(81)
contains
(26)
escalation
(31)
multiple
(132)
privilege
(44)
Software
(386)
VU
(109)
Vulnerabilities
(210)
VU#896979 – IPTV encoder devices contain multiple vulnerabilities
896979
(1)
contain
(14)
Devices
(127)
Encoder
(3)
IPTV
(3)
multiple
(132)
VU
(109)
Vulnerabilities
(210)
VU#490028 – Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector
490028
(1)
AES-CFB
(1)
initialization
(1)
insecure
(9)
Microsoft
(4459)
MS-NRPC
(3)
Netlogon
(8)
Protocol
(58)
Remote
(203)
Uses
(27)
vector
(12)
VU
(109)
Windows
(3425)
VU#174059 – GRUB2 bootloader is vulnerable to buffer overflow
174059
(1)
bootloader
(2)
Buffer
(37)
Grub
(6)
is
(1010)
overflow
(107)
to
(3295)
VU
(109)
vulnerable
(40)
VU#872016 – Microsoft SMBv3 compression remote code execution vulnerability
872016
(1)
Code
(400)
Compression
(12)
execution
(116)
Microsoft
(4459)
Remote
(203)
SMBv
(17)
VU
(109)
Vulnerability
(515)
JVNVU#94295606: Eaton 製 HMiSoft VU3 に複数の脆弱性
94295606
(2)
Eaton
(5)
HMiSoft
(2)
JVNVU
(2305)
VU
(109)
脆弱性
(5912)
複数
(2396)
JVNVU#94295606: Eaton 製 HMiSoft VU3 に複数の脆弱性
94295606
(2)
Eaton
(5)
HMiSoft
(2)
JVNVU
(2305)
VU
(109)
脆弱性
(5912)
複数
(2396)
VU#354840 – Microsoft Windows Type 1 font parsing remote code execution vulnerabilities
354840
(1)
Code
(400)
execution
(116)
font
(22)
Microsoft
(4459)
Parsing
(12)
Remote
(203)
Type
(149)
VU
(109)
Vulnerabilities
(210)
Windows
(3425)
VU#782301 – pppd vulnerable to buffer overflow due to a flaw in EAP packet processing
782301
(1)
Buffer
(37)
due
(48)
EAP
(9)
flaw
(22)
in
(2447)
overflow
(107)
packet
(10)
pppd
(3)
Processing
(27)
to
(3295)
VU
(109)
vulnerable
(40)
VU#390745 – OpenSMTPD vulnerable to local privilege escalation and remote code execution
390745
(1)
and
(3289)
Code
(400)
escalation
(31)
execution
(116)
local
(78)
OpenSMTPD
(7)
privilege
(44)
Remote
(203)
to
(3295)
VU
(109)
vulnerable
(40)
VU#335217 – Multiple caching service providers are vulnerable to HTTP cache poisoning
335217
(1)
Are
(214)
cache
(25)
caching
(6)
HTTP
(335)
multiple
(132)
poisoning
(7)
Providers
(21)
Service
(812)
to
(3295)
VU
(109)
vulnerable
(40)
VU#941987 – Apple devices vulnerable to arbitrary code execution in SecureROM
941987
(1)
apple
(3294)
Arbitrary
(26)
Code
(400)
Devices
(127)
execution
(116)
in
(2447)
SecureROM
(1)
to
(3295)
VU
(109)
vulnerable
(40)
VU#125336 – Microsoft Office for Mac cannot properly disable XLM macros
125336
(1)
cannot
(6)
disable
(10)
for
(5179)
Mac
(528)
macros
(5)
Microsoft
(4459)
Office
(613)
properly
(9)
VU
(109)
XLM
(7)
VU#672565 – Exim fails to properly handle trailing backslashes in string_interpret_escape()
672565
(1)
backslashes
(1)
escape
(8)
Exim
(15)
fails
(10)
handle
(5)
in
(2447)
interpret
(1)
properly
(9)
string
(5)
to
(3295)
trailing
(1)
VU
(109)
VU#918987 – Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks
918987
(1)
Are
(214)
attacks
(134)
Bluetooth
(137)
br
(275)
Devices
(127)
EDR
(78)
Key
(83)
negotiation
(2)
supported
(21)
to
(3295)
VU
(109)
vulnerable
(40)
VU#489481 – Cylance Antivirus Products Susceptible to Concatenation Bypass
489481
(1)
Antivirus
(26)
Bypass
(67)
Concatenation
(1)
Cylance
(14)
products
(99)
susceptible
(5)
to
(3295)
VU
(109)
VU#790507 – Oracle Solaris vulnerable to arbitrary code execution via /proc/self
790507
(1)
Arbitrary
(26)
Code
(400)
execution
(116)
Oracle
(873)
proc
(2)
Self
(24)
Solaris
(17)
to
(3295)
via
(72)
VU
(109)
vulnerable
(40)
VU#905115 – Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels
905115
(1)
Acknowledgement
(1)
and
(3289)
cause
(17)
Conditions
(18)
denial-of-service
(3)
FreeBSD
(43)
in
(2447)
kernels
(1)
Linux
(1215)
Maximum
(4)
May
(112)
MSS
(32)
multiple
(132)
Networking
(38)
SACK
(3)
Segment
(6)
Selective
(5)
size
(9)
TCP
(83)
VU
(109)
Vulnerabilities
(210)
VU#119704 – Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability
119704
(1)
escalation
(31)
Microsoft
(4459)
privilege
(44)
Scheduler
(7)
SetJobFileSecurityByName
(1)
Task
(18)
VU
(109)
Vulnerability
(515)
Windows
(3425)
VU#169249 – PrinterLogic Print Management Software fails to validate SSL certificates or the integrity of software updates.
169249
(1)
Certificates
(40)
fails
(10)
integrity
(7)
Management
(229)
of
(3341)
or
(98)
Print
(41)
PrinterLogic
(2)
Software
(386)
SSL
(308)
the
(4365)
to
(3295)
Updates
(389)
validate
(9)
VU
(109)
VU#174715 – MyCar Controls uses hard-coded credentials
174715
(1)
Controls
(59)
credentials
(18)
hard-coded
(5)
MyCar
(3)
Uses
(27)
VU
(109)
VU#192371 – VPN applications insecurely store session cookies
192371
(1)
Applications
(116)
cookies
(15)
insecurely
(3)
Session
(30)
Store
(613)
VPN
(265)
VU
(109)
VU#871675 – WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant
871675
(1)
and
(3289)
DESIGN
(179)
hostapd
(3)
implementation
(26)
in
(2447)
issues
(108)
supplicant
(3)
VU
(109)
Vulnerabilities
(210)
WPA
(23)
VU#166939 – Broadcom WiFi chipset drivers contain multiple vulnerabilities
166939
(1)
Broadcom
(31)
Chipset
(3)
contain
(14)
drivers
(22)
multiple
(132)
VU
(109)
Vulnerabilities
(210)
WiFi
(112)
VU#465632 – Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks
2013
(27)
465632
(1)
and
(3289)
Are
(214)
attacks
(134)
Exchange
(177)
Microsoft
(4459)
Newer
(2)
NTLM
(10)
relay
(26)
to
(3295)
VU
(109)
vulnerable
(40)
Vulnerability Note VU#581311 – TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks
581311
(1)
and
(3289)
attacks
(134)
authentication
(69)
Controller
(41)
deserialization
(2)
EAP
(9)
is
(1010)
lacks
(1)
Note
(304)
RMI
(1)
to
(3295)
TP-Link
(15)
VU
(109)
Vulnerability
(515)
vulnerable
(40)
Vulnerability Note VU#283803 – Integrated GPUs may allow side-channel and rowhammer attacks using WebGL (“Glitch”)
283803
(1)
Allow
(28)
and
(3289)
attacks
(134)
glitch
(5)
GPUs
(12)
Integrated
(23)
May
(112)
Note
(304)
rowhammer
(7)
side-channel
(8)
using
(213)
VU
(109)
Vulnerability
(515)
WebGL
(16)
Vulnerability Note VU#307983 – Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
307983
(1)
Action
(87)
AMF
(14)
and
(3289)
Are
(214)
deserialization
(2)
entities
(6)
External
(12)
Format
(20)
implementations
(8)
insecure
(9)
Java
(501)
Message
(59)
Note
(304)
references
(1)
to
(3295)
VU
(109)
Vulnerability
(515)
vulnerable
(40)
XML
(73)
Vulnerability Note VU#867968 – Microsoft Windows SMB Tree Connect Response memory corruption vulnerability
867968
(1)
Connect
(563)
corruption
(31)
memory
(105)
Microsoft
(4459)
Note
(304)
response
(312)
SMB
(53)
TREE
(17)
VU
(109)
Vulnerability
(515)
Windows
(3425)
Vulnerability Note VU#494015 – PHP FormMail Generator generates code with multiple vulnerabilities
494015
(1)
Code
(400)
FormMail
(3)
generates
(3)
Generator
(32)
multiple
(132)
Note
(304)
PHP
(175)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
with
(1607)
Vulnerability Note VU#768331 – ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation
768331
(1)
Agent
(83)
CounterACT
(2)
escalation
(31)
ForeScout
(4)
is
(1010)
Note
(304)
privilege
(44)
SecureConnector
(2)
to
(3295)
VU
(109)
Vulnerability
(515)
vulnerable
(40)
Vulnerability Note VU#548487 – BSD libc contains a buffer overflow vulnerability in link_ntoa()
548487
(1)
BSD
(14)
Buffer
(37)
contains
(26)
in
(2447)
libc
(4)
Link
(153)
Note
(304)
ntoa
(1)
overflow
(107)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#582384 – Multiple Netgear routers are vulnerable to arbitrary command injection
582384
(1)
Arbitrary
(26)
Are
(214)
Command
(76)
Injection
(59)
multiple
(132)
NETGEAR
(37)
Note
(304)
Routers
(14)
to
(3295)
VU
(109)
Vulnerability
(515)
vulnerable
(40)
Vulnerability Note VU#624539 – Ragentek Android OTA update mechanism vulnerable to MITM attack
624539
(1)
Android
(2148)
Attack
(173)
mechanism
(7)
MITM
(2)
Note
(304)
OTA
(15)
Ragentek
(4)
to
(3295)
Update
(1095)
VU
(109)
Vulnerability
(515)
vulnerable
(40)
Vulnerability Note VU#346175 – Imagely NextGen Gallery plugin for WordPress contains a local file inclusion vulnerability
346175
(1)
contains
(26)
File
(134)
for
(5179)
Gallery
(35)
Imagely
(1)
inclusion
(6)
local
(78)
Nextgen
(8)
Note
(304)
plugin
(53)
VU
(109)
Vulnerability
(515)
WordPress
(449)
Vulnerability Note VU#633847 – NTP.org ntpd contains multiple denial of service vulnerabilities
633847
(1)
contains
(26)
Denial
(34)
multiple
(132)
Note
(304)
NTP
(71)
ntpd
(15)
of
(3341)
org
(402)
Service
(812)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#624539 – Ragentek Android OTA update mechanism vulnerable to MITM attack
Android
(2148)
Attack
(173)
mechanism
(7)
MITM
(2)
Note
(304)
OTA
(15)
Ragentek
(4)
to
(3295)
Update
(1095)
VU
(109)
Vulnerability
(515)
vulnerable
(40)
Vulnerability Note VU#243144 – Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability
condition
(9)
contains
(26)
copy
(18)
Kernel
(80)
Linux
(1215)
mechanism
(7)
memory
(105)
Note
(304)
on
(1868)
race
(13)
subsystem
(23)
VU
(109)
Vulnerability
(515)
Write
(19)
Vulnerability Note VU#123799 – libbpg contains a type confusion vulnerability that leads to out of bounds write
bounds
(5)
confusion
(6)
contains
(26)
Leads
(19)
libbpg
(2)
Note
(304)
of
(3341)
out
(146)
That
(197)
to
(3295)
Type
(149)
VU
(109)
Vulnerability
(515)
Write
(19)
Vulnerability Note VU#797896 – CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables
assign
(1)
CGI
(37)
Client
(133)
Environment
(37)
from
(593)
Header
(13)
HTTP
(335)
internal
(21)
Note
(304)
Proxy
(31)
requests
(23)
servers
(36)
to
(3295)
VALUES
(9)
variables
(3)
VU
(109)
Vulnerability
(515)
Web
(9079)
Vulnerability Note VU#690343 – Acer Portal app for Android does not properly validate SSL certificates
Acer
(18)
Android
(2148)
App
(782)
Certificates
(40)
Does
(28)
for
(5179)
Not
(117)
Note
(304)
Portal
(110)
properly
(9)
SSL
(308)
validate
(9)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#143335 – mDNSResponder contains multiple memory-based vulnerabilities
contains
(26)
mDNSResponder
(2)
memory-based
(1)
multiple
(132)
Note
(304)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#778696 – Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass
and
(3289)
Are
(214)
authentication
(69)
Bypass
(67)
contain
(14)
Cryptographic
(8)
hard-coded
(5)
keys
(27)
NETGEAR
(37)
Note
(304)
to
(3295)
VU
(109)
Vulnerability
(515)
vulnerable
(40)
Vulnerability Note VU#754056 – Fonality contains a hard-coded password and embedded SSL private key
and
(3289)
contains
(26)
Embedded
(22)
Fonality
(2)
hard-coded
(5)
Key
(83)
Note
(304)
password
(107)
Private
(126)
SSL
(308)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#785823 – Lantronix xPrintServer contains multiple vulnerabilities
contains
(26)
Lantronix
(2)
multiple
(132)
Note
(304)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
xPrintServer
(2)
Vulnerability Note VU#586503 – Chef Manage deserializes cookie data insecurely
Chef
(23)
Cookie
(141)
data
(834)
deserializes
(2)
insecurely
(3)
manage
(25)
Note
(304)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#718152 – NTP.org ntpd contains multiple vulnerabilities
contains
(26)
multiple
(132)
Note
(304)
NTP
(71)
ntpd
(15)
org
(402)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#862384 – libarchive contains a heap-based buffer overflow due to improper input validation
Buffer
(37)
contains
(26)
due
(48)
heap-based
(3)
improper
(10)
input
(13)
libarchive
(3)
Note
(304)
overflow
(107)
to
(3295)
Validation
(31)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#369800 – Little CMS 2 DefaultICCintents double-free vulnerability
CMS
(160)
DefaultICCintents
(2)
double-free
(3)
little
(11)
Note
(304)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#505560 – Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities
Accellion
(5)
Appliance
(69)
contains
(26)
File
(134)
FTA
(7)
multiple
(132)
Note
(304)
Transfer
(60)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#229047 – Allround Automations PL/SQL Developer v11 performs updates over HTTP
Allround
(2)
Automations
(2)
Developer
(363)
HTTP
(335)
Note
(304)
over
(141)
performs
(2)
Pl
(6)
SQL
(301)
Updates
(389)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#267328 – HP Data Protector does not perform authentication and contains an embedded SSL private key
An
(393)
and
(3289)
authentication
(69)
contains
(26)
data
(834)
Does
(28)
Embedded
(22)
HP
(193)
Key
(83)
Not
(117)
Note
(304)
perform
(5)
Private
(126)
Protector
(12)
SSL
(308)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#615456 – Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access
Access
(296)
authenticate
(2)
BlueDriver
(2)
Bluetooth
(137)
Does
(28)
for
(5179)
Lemur
(1)
LSB
(3)
Monitors
(7)
Not
(117)
Note
(304)
Users
(195)
vehicle
(30)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#270232 – Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability
BGP
(27)
bgpd
(2)
Buffer
(37)
contains
(26)
enabled
(20)
for
(5179)
Note
(304)
overflow
(107)
peers
(1)
Quagga
(3)
VPNv
(1)
VU
(109)
Vulnerability
(515)
with
(1607)
Vulnerability Note VU#444472 – QNAP Signage Station and iArtist Lite contain multiple vulnerabilities
and
(3289)
contain
(14)
iArtist
(2)
Lite
(90)
multiple
(132)
Note
(304)
QNAP
(29)
Signage
(7)
Station
(122)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#485744 – Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability
Buffer
(37)
contains
(26)
Flexera
(3)
FlexNet
(2)
lmgrd
(2)
Note
(304)
overflow
(107)
Publisher
(16)
Software
(386)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#981271 – Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol
An
(393)
Devices
(127)
keyboard
(18)
Mouse
(14)
multiple
(132)
Note
(304)
proprietary
(2)
Protocol
(58)
unsafe
(4)
Use
(177)
VU
(109)
Vulnerability
(515)
Wireless
(57)
Vulnerability Note VU#507216 – Hirschmann “Classic Platform” switches reveal administrator password in SNMP community string by default
Administrator
(7)
by
(1069)
Classic
(34)
Community
(368)
default
(50)
Hirschmann
(2)
in
(2447)
Note
(304)
password
(107)
Platform
(727)
reveal
(11)
SNMP
(12)
string
(5)
Switches
(6)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#972224 – Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries
and
(3289)
DNS
(376)
for
(5179)
Huawei
(138)
insufficiently
(1)
Mobile
(558)
Note
(304)
Queries
(8)
random
(12)
Routers
(14)
Use
(177)
VALUES
(9)
VU
(109)
Vulnerability
(515)
WiFi
(112)
Vulnerability Note VU#544527 – OpenELEC and RasPlex have a hard-coded SSH root password
and
(3289)
hard-coded
(5)
Have
(72)
Note
(304)
OpenELEC
(2)
password
(107)
RasPlex
(2)
root
(52)
SSH
(59)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#753264 – IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects
commands
(9)
deserializing
(1)
Does
(28)
Gold
(10)
IPswitch
(4)
Not
(117)
Note
(304)
objects
(15)
validate
(9)
VU
(109)
Vulnerability
(515)
WhatsUp
(4)
when
(84)
XML
(73)
Vulnerability Note VU#820196 – Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input
data
(834)
fails
(10)
Firmware
(22)
Furuno
(4)
input
(13)
moduleserv
(1)
Note
(304)
properly
(9)
Recorder
(8)
sanitize
(3)
to
(3295)
Update
(1095)
user-provided
(1)
Utility
(8)
VDR
(7)
VOYAGE
(88)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#176160 – IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi
and
(3289)
contains
(26)
Gold
(10)
IPswitch
(4)
multiple
(132)
Note
(304)
SQLi
(1)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
WhatsUp
(4)
XSS
(55)
Vulnerability Note VU#377260 – Up.time agent for Windows contains multiple vulnerabilities
Agent
(83)
contains
(26)
for
(5179)
multiple
(132)
Note
(304)
Time
(187)
up
(193)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Windows
(3425)
Vulnerability Note VU#925497 – Dell System Detect installs root certificate and private key (DSDTestProvider)
and
(3289)
Certificate
(56)
DELL
(166)
Detect
(23)
DSDTestProvider
(5)
Installs
(14)
Key
(83)
Note
(304)
Private
(126)
root
(52)
System
(332)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#870761 – Dell Foundation Services installs root certificate and private key (eDellRoot)
and
(3289)
Certificate
(56)
DELL
(166)
eDellRoot
(9)
Foundation
(390)
Installs
(14)
Key
(83)
Note
(304)
Private
(126)
root
(52)
Services
(6355)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#672500 – EPSON Network Utility installs EpsonBidirectionalService with insecure permissions
Epson
(5)
EpsonBidirectionalService
(1)
insecure
(9)
Installs
(14)
Network
(399)
Note
(304)
permissions
(11)
Utility
(8)
VU
(109)
Vulnerability
(515)
with
(1607)
Vulnerability Note VU#566724 – Embedded devices use non-unique X.509 certificates and SSH host keys
and
(3289)
Certificates
(40)
Devices
(127)
Embedded
(22)
Host
(37)
keys
(27)
non-unique
(2)
Note
(304)
SSH
(59)
Use
(177)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#576313 – Apache Commons Collections Java library insecurely deserializes data
apache
(513)
Collections
(9)
Commons
(27)
data
(834)
deserializes
(2)
insecurely
(3)
Java
(501)
Library
(146)
Note
(304)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#925497 – Dell System Detect installs root certificate and private key (DSDTestProvider)
and
(3289)
Certificate
(56)
DELL
(166)
Detect
(23)
DSDTestProvider
(5)
Installs
(14)
Key
(83)
Note
(304)
Private
(126)
root
(52)
System
(332)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#870761 – Dell Foundation Services installs root certificate and private key (eDellRoot)
and
(3289)
Certificate
(56)
DELL
(166)
eDellRoot
(9)
Foundation
(390)
Installs
(14)
Key
(83)
Note
(304)
Private
(126)
root
(52)
Services
(6355)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#943167 – Voice over LTE implementations contain multiple vulnerabilities
contain
(14)
implementations
(8)
LTE
(241)
multiple
(132)
Note
(304)
over
(141)
VOICE
(106)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#361684 – Router devices do not implement sufficient UPnP authentication and security
and
(3289)
authentication
(69)
Devices
(127)
Do
(80)
Implement
(7)
Not
(117)
Note
(304)
Router
(28)
Security
(5710)
sufficient
(1)
UPnP
(16)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#903500 – Seagate and LaCie wireless storage products contain multiple vulnerabilities
and
(3289)
contain
(14)
LaCie
(4)
multiple
(132)
Note
(304)
products
(99)
Seagate
(15)
Storage
(202)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Wireless
(57)
Vulnerability Note VU#845332 – OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities
and
(3289)
contain
(14)
multiple
(132)
Note
(304)
OrientDB
(2)
prior
(4)
Studio
(448)
to
(3295)
version
(160)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#260780 – NetNanny uses a shared private key and root CA
and
(3289)
CA
(127)
Key
(83)
NetNanny
(1)
Note
(304)
Private
(126)
root
(52)
shared
(21)
Uses
(27)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#374268 – NTP Project ntpd reference implementation contains multiple vulnerabilities
contains
(26)
implementation
(26)
multiple
(132)
Note
(304)
NTP
(71)
ntpd
(15)
Project
(432)
reference
(11)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#550620 – Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link
DNS
(376)
implementations
(8)
Link
(153)
local
(78)
May
(112)
mDNS
(4)
Multicast
(2)
Note
(304)
originating
(1)
outside
(8)
Queries
(8)
respond
(7)
the
(4365)
to
(3295)
unicast
(2)
VU
(109)
Vulnerability
(515)
Vulnerability Note VU#529496 – Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys
and
(3289)
CA
(127)
Certificates
(40)
Digestor
(1)
fails
(10)
Installs
(14)
keys
(27)
Komodia
(2)
non-unique
(2)
Note
(304)
Private
(126)
properly
(9)
Redirector
(2)
root
(52)
SSL
(308)
to
(3295)
validate
(9)
VU
(109)
Vulnerability
(515)
with
(1607)
Lavasoft Information for VU#529496
for
(5179)
INFORMATION
(226)
Lavasoft
(1)
VU
(109)
Vulnerability Note VU#852879 – Network Time Protocol daemon (ntpd) contains multiple vulnerabilities
contains
(26)
daemon
(12)
multiple
(132)
Network
(399)
Note
(304)
ntpd
(15)
Protocol
(58)
Time
(187)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
Vulnerability Note VU#685996 – GNU Wget creates arbitrary symbolic links during recursive FTP download
Arbitrary
(26)
creates
(11)
DOWNLOAD
(68)
during
(53)
FTP
(59)
GNU
(53)
Links
(22)
Note
(304)
recursive
(1)
symbolic
(2)
VU
(109)
Vulnerability
(515)
Wget
(15)
Vulnerability Note VU#447516 – Linksys SMART WiFi firmware contains multiple vulnerabilities
contains
(26)
Firmware
(22)
Linksys
(4)
multiple
(132)
Note
(304)
Smart
(287)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
WiFi
(112)
Vulnerability Note VU#573356 – IBM WebSphere Application Server contains multiple vulnerabilities
Application
(184)
contains
(26)
IBM
(738)
multiple
(132)
Note
(304)
Server
(698)
VU
(109)
Vulnerabilities
(210)
Vulnerability
(515)
WebSphere
(2)