VARIoT IoT vulnerabilities database

An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device. Siemens SICAM RTUs SM-2556 COM Module firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SM-2556 communication module is a protocol component for LAN/WAN communication with a Fast Ethernet interface that can be connected to the SICAM1703 and SICAMRTU substation controllers. Multiple Siemens SICAM RTU Products are prone to multiple security vulnerabilities. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. Siemens SICAM RTUs is a substation controller of Siemens (Siemens) in Germany. SM-2556 COM Modules is used in one of the communication modules for LAN/WAN. Products using the following firmware are affected: ENOS00; ERAC00; ETA2; ETLS00; MODi00; DNPi00. SEC Consult Vulnerability Lab Security Advisory < 20171114-0 > ======================================================================= title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00 vulnerable version: FW 1549 Revision 07 fixed version: none, see Workaround section below CVE number: CVE-2017-12737 (authentication bypass) CVE-2017-12738 (XSS) CVE-2017-12739 (web server) impact: critical homepage: www.siemens.com found: 2017-08-17 by: SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "Siemens is a global powerhouse focusing on the areas of electrification, automation and digitalization. One of the world's largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of systems for power generation and transmission as well as medical diagnosis." Source: https://www.siemens.com/global/en/home/company/about.html Business recommendation: ------------------------ SEC Consult recommends not to use this device in production until a thorough security review has been performed by security professionals and all identified issues have been resolved. The device must not be accessible from untrusted networks. Vulnerability overview/description: ----------------------------------- 1) Authentication Bypass (client-side "authentication" enforcement) The web interface (TCP port 80) suffers from an authentication bypass vulnerability that allows unauthenticated attackers to access arbitray functionality and information (i.e. password lists) available through the webserver. 2) Reflected Cross-Site Scripting The web interface provides a "ping" functionality. This form is vulnerable to reflected cross-site-scripting because of missing input handling and output encoding. 3) Outdated Webserver (GoAhead) The used webserver version contains known weaknesses. Proof of concept: ----------------- 1) Authentication Bypass Use a browser which has JavaScript disabled ("Authentication" checks are performed client-side) and open legitimate URLs directly. Examples: http://<hostname>/start.asp http://<hostname>/pwliste.asp http://<hostname>/goform/webforms_readmem?start_addr=0&length=100 2) Reflected Cross-Site Scripting All parameters in "webforms_ping" are vulnerable to reflected XSS: http://<hostname>/goform/webforms_ping?ip_address=1.1.1.com%3Cscript%3Ealert(%27XSS%20proof-of-concept%27)%3C/script%3E1&length_data=32&count_pings=4&timeout=1 3) Outdated Webserver The used version of "GoAhead" webserver is 2.1.7 (released in Oct. 2003) This version has known vulnerabilities: http://aluigi.altervista.org/adv/goahead-adv3.txt https://web.archive.org/web/20080314153252/http:/data.goahead.com:80/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp Vulnerable / tested versions: ----------------------------- SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00 (FW 1549 Revision 07) Vendor contact timeline: ------------------------ 2017-09-25: Encrypted advisory sent to Siemens ProductCERT 2017-10-02: Requesting status update. 2017-10-09: Vendor states that the "affected device is out of service" and provides workaround (disable webserver). They are "still assessing the next steps". 2017-11-02: Requesting status update. 2017-11-06: Siemens ProductCERT will reach out to development team and keep us posted. 2017-11-08: Siemens ProductCERT prepares advisory. 2017-11-08: Asking about planned release date. 2017-11-13: Siemens ProductCERT provides planned release date (2017-11-14) 2017-11-14: Coordinated public release. Solution: --------- No firmware update is available as the device is no longer supported by the vendor. Workaround: ----------- According to the vendor the webserver can be disabled to mitigate all the vulnerabilities documented in this advisory. The webserver is optional and only used for commissioning and debugging purposes. The vendor published the following document for further information: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf Advisory URL: ------------- https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail: research at sec-consult dot com Web: https://www.sec-consult.com Twitter: https://twitter.com/sec_consult EOF SEC Consult Vulnerability Lab / @2017

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144. IBM WebSphere MQ Contains a resource management vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 125144 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause the excessive resource consumption thereby denying service to other legitimate users

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network. The SM-2556 communication module is a protocol component for LAN/WAN communication with a Fast Ethernet interface that can be connected to the SICAM1703 and SICAMRTU substation controllers. Multiple Siemens SICAM RTU Products are prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. Siemens SICAM RTUs is a substation controller of Siemens (Siemens) in Germany. SM-2556 COM Modules is used in one of the communication modules for LAN/WAN. Products using the following firmware are affected: ENOS00; ERAC00; ETA2; ETLS00; MODi00; DNPi00. SEC Consult Vulnerability Lab Security Advisory < 20171114-0 > ======================================================================= title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00 vulnerable version: FW 1549 Revision 07 fixed version: none, see Workaround section below CVE number: CVE-2017-12737 (authentication bypass) CVE-2017-12738 (XSS) CVE-2017-12739 (web server) impact: critical homepage: www.siemens.com found: 2017-08-17 by: SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "Siemens is a global powerhouse focusing on the areas of electrification, automation and digitalization. One of the world's largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of systems for power generation and transmission as well as medical diagnosis." Source: https://www.siemens.com/global/en/home/company/about.html Business recommendation: ------------------------ SEC Consult recommends not to use this device in production until a thorough security review has been performed by security professionals and all identified issues have been resolved. The device must not be accessible from untrusted networks. Vulnerability overview/description: ----------------------------------- 1) Authentication Bypass (client-side "authentication" enforcement) The web interface (TCP port 80) suffers from an authentication bypass vulnerability that allows unauthenticated attackers to access arbitray functionality and information (i.e. password lists) available through the webserver. 2) Reflected Cross-Site Scripting The web interface provides a "ping" functionality. This form is vulnerable to reflected cross-site-scripting because of missing input handling and output encoding. 3) Outdated Webserver (GoAhead) The used webserver version contains known weaknesses. Proof of concept: ----------------- 1) Authentication Bypass Use a browser which has JavaScript disabled ("Authentication" checks are performed client-side) and open legitimate URLs directly. Examples: http://<hostname>/start.asp http://<hostname>/pwliste.asp http://<hostname>/goform/webforms_readmem?start_addr=0&length=100 2) Reflected Cross-Site Scripting All parameters in "webforms_ping" are vulnerable to reflected XSS: http://<hostname>/goform/webforms_ping?ip_address=1.1.1.com%3Cscript%3Ealert(%27XSS%20proof-of-concept%27)%3C/script%3E1&length_data=32&count_pings=4&timeout=1 3) Outdated Webserver The used version of "GoAhead" webserver is 2.1.7 (released in Oct. 2003) This version has known vulnerabilities: http://aluigi.altervista.org/adv/goahead-adv3.txt https://web.archive.org/web/20080314153252/http:/data.goahead.com:80/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp Vulnerable / tested versions: ----------------------------- SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00 (FW 1549 Revision 07) Vendor contact timeline: ------------------------ 2017-09-25: Encrypted advisory sent to Siemens ProductCERT 2017-10-02: Requesting status update. 2017-10-09: Vendor states that the "affected device is out of service" and provides workaround (disable webserver). They are "still assessing the next steps". 2017-11-02: Requesting status update. 2017-11-06: Siemens ProductCERT will reach out to development team and keep us posted. 2017-11-08: Siemens ProductCERT prepares advisory. 2017-11-08: Asking about planned release date. 2017-11-13: Siemens ProductCERT provides planned release date (2017-11-14) 2017-11-14: Coordinated public release. Solution: --------- No firmware update is available as the device is no longer supported by the vendor. Workaround: ----------- According to the vendor the webserver can be disabled to mitigate all the vulnerabilities documented in this advisory. The webserver is optional and only used for commissioning and debugging purposes. The vendor published the following document for further information: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf Advisory URL: ------------- https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail: research at sec-consult dot com Web: https://www.sec-consult.com Twitter: https://twitter.com/sec_consult EOF SEC Consult Vulnerability Lab / @2017

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link. The SM-2556 communication module is a protocol component for LAN/WAN communication with a Fast Ethernet interface that can be connected to the SICAM1703 and SICAMRTU substation controllers. Multiple Siemens SICAM RTU Products are prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. Siemens SICAM RTUs is a substation controller of Siemens (Siemens) in Germany. SM-2556 COM Modules is used in one of the communication modules for LAN/WAN. Products using the following firmware are affected: ENOS00; ERAC00; ETA2; ETLS00; MODi00; DNPi00. SEC Consult Vulnerability Lab Security Advisory < 20171114-0 > ======================================================================= title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00 vulnerable version: FW 1549 Revision 07 fixed version: none, see Workaround section below CVE number: CVE-2017-12737 (authentication bypass) CVE-2017-12738 (XSS) CVE-2017-12739 (web server) impact: critical homepage: www.siemens.com found: 2017-08-17 by: SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "Siemens is a global powerhouse focusing on the areas of electrification, automation and digitalization. One of the world's largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of systems for power generation and transmission as well as medical diagnosis." Source: https://www.siemens.com/global/en/home/company/about.html Business recommendation: ------------------------ SEC Consult recommends not to use this device in production until a thorough security review has been performed by security professionals and all identified issues have been resolved. The device must not be accessible from untrusted networks. Vulnerability overview/description: ----------------------------------- 1) Authentication Bypass (client-side "authentication" enforcement) The web interface (TCP port 80) suffers from an authentication bypass vulnerability that allows unauthenticated attackers to access arbitray functionality and information (i.e. password lists) available through the webserver. 2) Reflected Cross-Site Scripting The web interface provides a "ping" functionality. This form is vulnerable to reflected cross-site-scripting because of missing input handling and output encoding. 3) Outdated Webserver (GoAhead) The used webserver version contains known weaknesses. Proof of concept: ----------------- 1) Authentication Bypass Use a browser which has JavaScript disabled ("Authentication" checks are performed client-side) and open legitimate URLs directly. Examples: http://<hostname>/start.asp http://<hostname>/pwliste.asp http://<hostname>/goform/webforms_readmem?start_addr=0&length=100 2) Reflected Cross-Site Scripting All parameters in "webforms_ping" are vulnerable to reflected XSS: http://<hostname>/goform/webforms_ping?ip_address=1.1.1.com%3Cscript%3Ealert(%27XSS%20proof-of-concept%27)%3C/script%3E1&length_data=32&count_pings=4&timeout=1 3) Outdated Webserver The used version of "GoAhead" webserver is 2.1.7 (released in Oct. 2003) This version has known vulnerabilities: http://aluigi.altervista.org/adv/goahead-adv3.txt https://web.archive.org/web/20080314153252/http:/data.goahead.com:80/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp Vulnerable / tested versions: ----------------------------- SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00 (FW 1549 Revision 07) Vendor contact timeline: ------------------------ 2017-09-25: Encrypted advisory sent to Siemens ProductCERT 2017-10-02: Requesting status update. 2017-10-09: Vendor states that the "affected device is out of service" and provides workaround (disable webserver). They are "still assessing the next steps". 2017-11-02: Requesting status update. 2017-11-06: Siemens ProductCERT will reach out to development team and keep us posted. 2017-11-08: Siemens ProductCERT prepares advisory. 2017-11-08: Asking about planned release date. 2017-11-13: Siemens ProductCERT provides planned release date (2017-11-14) 2017-11-14: Coordinated public release. Solution: --------- No firmware update is available as the device is no longer supported by the vendor. Workaround: ----------- According to the vendor the webserver can be disabled to mitigate all the vulnerabilities documented in this advisory. The webserver is optional and only used for commissioning and debugging purposes. The vendor published the following document for further information: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf Advisory URL: ------------- https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail: research at sec-consult dot com Web: https://www.sec-consult.com Twitter: https://twitter.com/sec_consult EOF SEC Consult Vulnerability Lab / @2017

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server <a href="https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"target="blank"> Has been considered a problem </a> But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. The vendor Internet Explorer Memory Corruption Vulnerability ". This vulnerability CVE-2017-11856 Is a different vulnerability.An attacker could gain the same user rights as the current user. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. Intel Unite App is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges. Intel Unite App 3.1.32.12, 3.1.41.18 and 3.1.45.26 are vulnerable. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. The admin portal is one of the management interfaces

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. plural Lenovo ThinkPad Product Realtek Audio drivers contain vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ThinkPad11e and other are notebook products of China Lenovo. Realtekaudiodriver is one of the audio drivers released by Realtek

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. Meinberg LANTIME The device firmware contains an information disclosure vulnerability.Information may be obtained. Meinberg LANTIME is an NTP time server of Germany Meinberg company. Web Configuration Utility is one of the Web configuration tools. A security vulnerability exists in the Web Configuration Utility on Meinberg LANTIME with firmware prior to 6.24.004. A remote attacker could exploit this vulnerability to read arbitrary files by sending the 'ntpclientcounterlogfile' parameter to cgi-bin/mainv2 or by other means

IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. Vendors report this vulnerability IBM X-Force ID: 128372 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The program enables access management control through integrated devices for web, mobile and cloud computing

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. Vendors have confirmed this vulnerability IBM X-Force ID: 128612 It is released as.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. The program enables access management control through integrated devices for web, mobile and cloud computing

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Synology SSO Server Contains an input validation vulnerability.Information may be obtained and information may be altered. Synology SSO Server is a server software provided by Synology, Taiwan, China, which provides single sign-on function. The SSOOauth.cgi file in versions prior to Synology SSO Server 2.1.3-0129 has a security vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. Synology DiskStation Manager (DSM) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. An attacker could exploit this vulnerability to execute client code

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. Synology Universal Search Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Universal Search is a Synology company's software for searching applications and files in Synology NAS. Highlight Preview is one of the highlighted components. Highlight Preview in versions prior to Synology Universal Search 1.0.5-0135 has a security vulnerability

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Synology Photo Station Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. Log Viewer is one of the log viewers

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. Photo Viewer is one of the picture viewing components

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. HelpViewer is one of the help viewer components. A security vulnerability exists in the HelpViewer component of Apple macOS High Sierra prior to 10.13.1

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.1; macOS High Sierra prior to 10.13.1; tvOS prior to 11.1; watchOS prior to 4.1

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. PCRE is one of the regular expression function libraries. A security vulnerability exists in the PCRE component prior to 8.40 in versions of Apple macOS High Sierra prior to 10.13.1