Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-32294: Zimbra Security Advisories - Zimbra :: Tech Center

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the “zmprove ca” command). It is visible in cleartext on port UDP 514 (aka the syslog port).

CVE
#xss#csrf#vulnerability#web#apache#memcached#nodejs#js#git#java#php#nginx#ssrf#buffer_overflow#auth#ssl

The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:

Note: only supported versions are referenced, however older unsupported versions often have the same vulnerabilities and should be upgraded to supported versions as soon as possible.
(going back to ZCS 7.1.3)

Bug#

Summary

CVE-ID

CVSS
Score

Zimbra
Rating

Fix Release or
Patch Version

Reporter

Memcached poisoning with unauthenticated request.

CVE-2022-27924

Medium

9.0.0 Patch 24, 8.8.15 Patch 31

Simon Scannell of Sonarsource

RCE through mboximport from authenticated user.

CVE-2022-27925

Medium

9.0.0 Patch 24, 8.8.15 Patch 31

Mikhail Klyuchnikov of Positive Technologies

Proxy Servlet Open Redirect Vulnerability

CVE-2021-35209

Medium

9.0.0 Patch 16, 8.8.15 Patch 23

Simon Scannell of Sonarsource

Open Redirect Vulnerability in preauth servlet

CVE-2021-34807

Low

9.0.0 Patch 16, 8.8.15 Patch 23

Simon Scannell of Sonarsource

Stored XSS Vulnerability in ZmMailMsgView.java

CVE-2021-35208

Medium

9.0.0 Patch 16, 8.8.15 Patch 23

Simon Scannell of Sonarsource

XSS vulnerability in Zimbra Web Client via loginErrorCode

CVE-2021-35207

Medium

9.0.0 Patch 16, 8.8.15 Patch 23

Heap-based buffer overflow vulnerabilities in PHP < 7.3.10

9.8

Critical

9.0.0 Patch 13

Upstream, see CVE-2019-9641, CVE-2019-9640

Heap-based buffer overflow vulnerabilities in PHP < 7.3.10

9.8

Critical

8.8.15 Patch 20

Upstream, see CVE-2019-9641, CVE-2019-9640

Upgraded Apache to 2.4.46 to avoid multiple vulnerabilities.

7.8

High

9.0.0 Patch 13

Upstream, see CVE-2019-0211, CVE-2019-0217

Upgraded Apache to 2.4.46 to avoid multiple vulnerabilities.

7.8

High

8.8.15 Patch 20

Upstream, see CVE-2019-0211, CVE-2019-0217

XXE (CWE-776) vulnerability in saml consumer store servlet (Network Edition)

CVE-2020-35123

Medium

9.0.0 Patch 10

Primerica

XXE (CWE-776) vulnerability in saml consumer store servlet (Network Edition)

CVE-2020-35123

Medium

8.8.15 Patch 17

Primerica

XSS CWE-79 vulnerability in tinymce

n/a

6.1

Medium

9.0.0 Patch 5

Upstream, see CVE-2019-1010091

Memory Leak in nodejs library mem

n/a

5.5

Medium

9.0.0 Patch 5

Upstream, see WS-2018-0236

Persistent XSS

CVE-2020-13653

Minor

8.8.15 Patch 11, 9.0.0 Patch 4

Telenet

Unrestricted Upload of File with Dangerous Type CWE-434

CVE-2020-12846

6.0

Minor

8.8.16 Patch 10, 9.0.0 Patch 3

Telenet

Persistent XSS CWE-79

CVE-2020-11737

4.3

Minor

9.0.0 Patch 2

Zimbra

109174

Non-Persistent XSS CWE-79

CVE-2019-12427

4.3

Minor

8.8.15 Patch 1

Meridian Miftari

109141

Non-Persistent XSS CWE-79

CVE-2019-15313

4.3

Minor

8.8.15 Patch 1

Quang Bui

109124

Non-Persistent XSS CWE-79

CVE-2019-8947

2.6

Minor

-

Issam Rabhi of Sysdream

109123

Persistent XSS CWE-79

CVE-2019-8946

2.6

Minor

-

Issam Rabhi of Sysdream

109122

Persistent XSS CWE-79

CVE-2019-8945

3.5

Minor

-

Issam Rabhi of Sysdream

109117

Persistent XSS CWE-79

CVE-2019-11318

3.5

Minor

8.8.12 Patch 1

Mondher Smii

109127

SSRF CWE-918 / CWE-807

CVE-2019-9621

4.0

Minor

8.7.11 Patch11
8.8.9 Patch10
8.8.10 Patch8
8.8.11 Patch4
8.8.12

An Trinh

109096

Blind SSRF CWE-918

CVE-2019-6981

4.0

Minor

8.7.11 Patch11
8.8.9 Patch10
8.8.10 Patch8
8.8.11 Patch4
8.8.12

An Trinh

109129

XXE CWE-611
(8.7.x only)

CVE-2019-9670

6.4

Major

8.7.11 Patch10

Khanh Van Pham
An Trinh

109097

Insecure object deserialization CWE-502

CVE-2019-6980

5.4

Major

8.7.11 Patch9
8.8.9 Patch10
8.8.10 Patch7
8.8.11 Patch3
8.8.12

An Trinh

109093

XXE CWE-611

CVE-2018-20160

6.4

Major

8.7.x see 109129 above
8.8.9 Patch9
8.8.10 Patch5
8.8.11 Patch1
8.8.12

An Trinh

109017

Non-Persistent XSS CWE-79

CVE-2018-14013

4.3

Minor

8.7.11 Patch8
8.8.9 Patch9
8.8.10 Patch5
8.8.11

Issam Rabhi of Sysdream

109020

Persistent XSS CWE-79

CVE-2018-18631

5.0

Major

8.7.11 Patch7
8.8.9 Patch7
8.8.10 Patch2
8.8.11

Netragard

109018

Non-Persistent CWE-79

CVE-2018-14013

2.6

Minor

8.7.11 Patch7
8.8.9 Patch6
8.8.10 Patch1
8.8.11

Issam Rabhi of Sysdream

109021

Limited Content Spoofing CWE-345

CVE-2018-17938

4.3

Minor

8.8.10

Sumit Sahoo

109012

Account Enumeration CWE-203

CVE-2018-15131

5.0

Major

8.7.11 Patch6
8.8.8 Patch9
8.8.9 Patch3

Danielle Deibler

108970

Persistent XSS CWE-79

CVE-2018-14425

3.5

Minor

8.8.8 Patch7
8.8.9 Patch1

Diego Di Nardo

108902

Persistent XSS CWE-79

CVE-2018-10939

3.5

Minor

8.6.0 Patch11
8.7.11 Patch4
8.8.8 Patch4

Diego Di Nardo

108963

Verbose Error Messages CWE-209

CVE-2018-10950

3.5

Minor

8.7.11 Patch3
8.8.8

Netragard

108962

Account Enumeration CWE-203

CVE-2018-10949

5.0

Major

8.7.11 Patch3
8.8.8

Netragard

108894

Persistent XSS CWE-199

CVE-2018-10951

3.6

Minor

8.6.0 Patch10
8.7.11 Patch3
8.8.8

Netragard

97579

CSRF CWE-352

CVE-2015-7610

5.8

Major

8.6.0 Patch10
8.7.11 Patch2
8.8.8 Patch1

Fortinet’s FortiGuard Labs

108786

Persistent XSS CWE-79

CVE-2018-6882

4.3

Minor

8.6.0 Patch10
8.7.11 Patch1
8.8.7
8.8.8

Stephan Kaag of Securify

108265

Persistent XSS CWE-79

CVE-2017-17703

4.3

Minor

8.6.0 Patch9
8.7.11 Patch1
8.8.3

Veit Hailperin

107963

Host header injection CWE-20

-

4.3

Minor

8.8.0 Beta2

-

107948

107949

Persistent XSS CWE-79

CVE-2018-10948

3.5

Minor

8.6.0 Patch10
8.7.11 Patch3
8.8.0 Beta2

Lucideus
Phil Pearl

107925

Persistent XSS - snippet CWE-79

CVE-2017-8802

3.5

Minor

8.6.0 Patch9
8.7.11 Patch1
8.8.0 Beta2

Compass Security

107878

Persistent XSS - location CWE-79

CVE-2017-8783

4.0

Minor

8.7.10

Stephan Kaag of Securify

107712

Improper limitation of file paths CWE-22

CVE-2017-6821

4.0

Minor

8.7.6

Greg Solovyev, Phil Pearl

107684

Improper handling of privileges CWE-280

CVE-2017-6813

4.0

Major

8.6.0 Patch9
8.7.6

Greg Solovyev

106811

XXE CWE-611

CVE-2016-9924

5.8

Major

8.6.0 Patch10
8.7.4

Alastair Gray

106612

Persistent XSS CWE-79

CVE-2017-7288

4.3

Minor

8.6.0 Patch11
8.7.1

Sammy Forgit

105001
105174

XSS CWE-79

CVE-2016-5721

4.3
2.1

Minor

8.6.0 Patch11
8.7.0

Secu

104552
104703

XSS CWE-79

CVE-2016-3999

4.3

Minor

8.7.0

Nam Habach

104477

Open Redirect CWE-601

CVE-2016-4019

4.3

Minor

8.7.0

Zimbra

104294
104456

CSRF CWE-352

CVE-2016-3406

2.6

Minor

8.6.0 Patch8
8.7.0

Zimbra

104222

104910
105071

105175

XSS CWE-79

CVE-2016-3407

4.3
3.5
4.3
2.1

Minor

8.6.0 Patch11
8.7.0

Zimbra

103997

104413
104414
104777

104791

XSS CWE-79

CVE-2016-3412

3.5

Minor

8.7.0

Zimbra

103996

XXE (Admin) CWE-611-

CVE-2016-3413

2.6

Minor

8.6.0 Patch11
8.7.0

Zimbra

103961
104828

CSRF CWE-352

CVE-2016-3405

4.3

Minor

8.6.0 Patch8
8.7.0

Zimbra

103959

CSRF CWE-352

CVE-2016-3404

4.3

Minor

8.6.0 Patch8
8.7.0

Zimbra

103956

103995
104475
104838

104839

XSS CWE-79

CVE-2016-3410

4.3

Minor

8.6.0 Patch11
8.7.0

Zimbra

103609

XSS CWE-79

CVE-2016-3411

3.5

Minor

8.6.0 Patch11
8.7.0

Zimbra

102637

XSS CWE-79

CVE-2016-3409

4.3

Minor

8.6.0 Patch11
8.7.0

Peter Nguyen

102276

Deserialization of Untrusted Data CWE-502

CVE-2016-3415

5.8

Major

8.7.0

Zimbra

102227

Deserialization of Untrusted Data CWE-502

n/a

7.5

Major

8.7.0

Upstream, see
CVE-2015-4852

102029

CWE-674

CVE-2016-3414

4.0

Minor

8.6.0 Patch7
8.7.0

Zimbra

101813

XSS CWE-79

CVE-2016-3408

4.3

Minor

8.6.0 Patch11
8.7.0

Volexity

100885
100899

CSRF CWE-352

CVE-2016-3403

5.8

Major

8.6.0 Patch8
8.7.0

Sysdream

99810

CWE-284 CWE-203

CVE-2016-3401

3.5

Minor

8.7.0

Zimbra

99167

Account Enumeration CWE-203

CVE-2016-3402

2.6

Minor

8.7.0

Zimbra

101435
101436

Persistent XSS CWE-79

CVE-2015-7609

6.4
2.3

Major

8.6.0 Patch5
8.7.0

Fortinet’s FortiGuard Labs

101559

100133
99854
99914

96973

XSS CWE-79

CVE-2015-2249

3.5

Minor

8.6.0 Patch5
8.7.0

Zimbra

99236

XSS Vuln in YUI components in ZCS

n/a

4.3

Minor

8.6.0 Patch5

Upstream, see
CVE-2012-5881
CVE-2012-5882
CVE-2012-5883

98358

98216

98215

Non-Persistent XSS CWE-79

CVE-2015-2249

4.3

Minor

8.6.0 Patch2
8.7.0

Cure53

97625

Non-Persistent XSS CWE-79

CVE-2015-2230

3.5

Minor

8.6.0 Patch2

MWR InfoSecurity

96105

Improper Input Validation CWE-20

CVE-2014-8563

5.8

Major

8.0.9
8.5.1
8.6.0

83547

CSRF Vulnerability CWE-352

CVE-2015-6541

5.8

Major

8.5.0

iSEC Partners, Sysdream

87412

92825
92833

92835

XSS Vulnerabilities CWE-79
(8.0.7 Patch
contains 87412)

CVE-2014-5500

4.3

Minor

8.0.8
8.5.0

83550

Session Fixation CWE-384

CVE-2013-5119

5.8

Major

8.5.0

-

91484

Patch ZCS8 OpenSSL for CVE-2014-0224

n/a

6.8

Major

8.0.3+Patch
8.0.4+Patch
8.0.5+Patch
8.0.6+Patch
8.0.7+Patch

Upstream, see
CVE-2014-0224

88708

Patch ZCS8 OpenSSL for CVE-2014-0160

n/a

5.0

Major

8.0.3+Patch
8.0.4+Patch
8.0.5+Patch
8.0.6+Patch
8.0.7+Patch
8.0.7

Upstream, see
CVE-2014-0160

85499

Upgrade to OpenSSL 1.0.1f

n/a

4.3
4.3
5.8

Major

8.0.7

Upstream, see
CVE-2013-4353
CVE-2013-6449
CVE-2013-6450

84547

XXE CWE-611

CVE-2013-7217

6.4
(not 10.0)

Critical

7.2.2_Patch3
7.2.3_Patch
7.2.4_Patch2
7.2.5_Patch
7.2.6
8.0.3_Patch3
8.0.4_Patch2
8.0.5_Patch
8.0.6

Private

85478

XSS vulnerability in message view

-

6.4

Major

8.0.7

Alban Diquet
of iSEC Partners

85411

Local root privilege escalation

-

6.2

Major

8.0.7

Matthew David

85000

Patch nginx for CVE-2013-4547

n/a

7.5

Major

7.2.7
8.0.7

Upstream, see
CVE-2013-4547

80450
80131
80445
80132

Upgrade to JDK 1.6 u41
Upgrade OpenSSL to 1.0.0k
Upgrade to JDK 1.7u15+
Upgrade to OpenSSL 1.0.1d

n/a

2.6

Minor

7.2.3
7.2.3
8.0.3
8.0.3

Upstream, see
CVE-2013-0169

80338

Local file inclusion via skin/branding feature CWE-22

CVE-2013-7091

5.0

Critical

6.0.16_Patch
7.1.1_Patch6
7.1.3_Patch3
7.2.2_Patch2
7.2.3
8.0.2_Patch
8.0.3

Private

77655

Separate keystore for CAs used for X509 authentication

-

5.8

Major

8.0.7

Private

75424

Upgrade to Clamav 0.97.5

n/a

4.3
4.3
4.3

Minor

7.2.1

Upstream, see
CVE-2012-1457
CVE-2012-1458
CVE-2012-1459

64981

Do not allow HTTP GET for login

-

6.8

Major

7.1.3_Patch
7.1.4

Private

Related news

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who

Ubuntu Security Notice USN-6936-1

Ubuntu Security Notice 6936-1 - It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code.

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on

Weakness risk-patterns: A Red Hat way to identify poor software practices in the secure development lifecycle

Red Hat strives to get better at what we do, faster at how we do it, while maintaining high quality results. In modern software development, that means focusing on security as early as possible into our software development process, and continuously driving improvements by listening and acting upon early feedback in the Secure Development Lifecycle (SDL). One important tool toward that goal is the Common Weakness Enumeration (CWE), a community-developed taxonomy of flaws. We use CWE classifications to gather intelligence and data to visualize clustering common weaknesses. We can then better

15M+ Services & Apps Remain Sitting Ducks for Known Exploits

Scans of the Internet find that millions of computers, virtual machines, and containers are vulnerable to one or more of the hundreds of cyberattacks currently used in the wild, despite being patchable.

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple. Targets of the malicious operation included a healthcare research organization

Unpatched Zimbra Platforms Are Probably Compromised, CISA Says

Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email

Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn

Even if the security bug is not another Heartbleed, prepare like it might be, they note — it has potentially sprawling ramifications.

Zimbra Zip Path Traversal

This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a path traversal issue in Zimbra Collaboration Suite's ZIP implementation that can result in the extraction of an arbitrary file to an arbitrary location on the host. This issue is exploitable on Zimbra Collaboration Suite Network Edition versions 9.0.0 Patch 23 and below as well as Zimbra Collaboration Suite Network Edition versions 8.8.15 Patch 30 and below.

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925 (CVSS score: 7.2)

Thousands of Zimbra mail servers backdoored in large scale attack

Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: ZVS Tags: cve-2022-27925 Tags: web shell Tags: cve-2022-37042 Tags: authentication Tags: RCE Researchers found that a known RCE vulnerability in Zimbra Collaboration was chained with a new authentication vulnerability to drop backdoor web shells on thousands of servers (Read more...) The post Thousands of Zimbra mail servers backdoored in large scale attack appeared first on Malwarebytes Labs.

CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary

CVE-2021-4234: Access Server Release Notes | OpenVPN

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

CVE-2022-32535: Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.

CVE-2022-32535: Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.

CVE-2022-32535: Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.

CVE-2022-21938: Product Security Advisories

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.

New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2022-22721: Apache HTTP Server 2.4 vulnerabilities

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2022-22721: Apache HTTP Server 2.4 vulnerabilities

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2021-44790: Apache HTTP Server 2.4 vulnerabilities

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVE-2021-44790: Apache HTTP Server 2.4 vulnerabilities

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVE-2021-34565: VDE-2021-027 | CERT@VDE

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.

CVE-2020-9490: Apache HTTP Server 2.4 vulnerabilities

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

CVE-2020-2956: Oracle Critical Patch Update Advisory - April 2020

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVE-2020-2956: Oracle Critical Patch Update Advisory - April 2020

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVE-2019-2999: Oracle Critical Patch Update Advisory - October 2019

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Ja...

CVE-2019-2808: Oracle Critical Patch Update Advisory - July 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-0542: Red Hat Customer Portal - Access to 24x7 support and knowledge

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.

CVE-2018-2637: Oracle Critical Patch Update - January 2018

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/A...

CVE-2017-10378: Oracle Critical Patch Update - October 2017

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2017-3600: Oracle Critical Patch Update Advisory - April 2017

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2016-5612: Oracle Critical Patch Update - October 2016

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVE-2016-3471: Oracle Critical Patch Update - July 2016

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

CVE-2016-4343: PHP: PHP 7 ChangeLog

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

CVE-2016-2105

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

CVE-2016-0502: Oracle Critical Patch Update - January 2016

Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVE-2015-0395: Oracle Critical Patch Update Advisory - January 2015

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVE-2015-0391: Oracle Critical Patch Update Advisory - January 2015

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

CVE-2015-0395: Oracle Critical Patch Update Advisory - January 2015

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVE-2015-0395: Oracle Critical Patch Update Advisory - January 2015

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVE-2014-4288: Oracle Critical Patch Update - October 2014

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.

CVE-2014-6469: Oracle Critical Patch Update - October 2014

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.

CVE-2014-4265: Oracle Critical Patch Update - July 2014

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVE-2014-4265: Oracle Critical Patch Update - July 2014

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVE-2014-4265: Oracle Critical Patch Update - July 2014

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVE-2014-4265: Oracle Critical Patch Update - July 2014

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVE-2014-4260: Oracle Critical Patch Update - July 2014

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CVE-2013-5802: Oracle Critical Patch Update - October 2013

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.

CVE-2013-5807: Oracle Critical Patch Update - October 2013

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

CVE-2011-2729: Apache Tomcat® - Apache Tomcat 7 vulnerabilities

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907