VU#240785: Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs

Overview Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. Description The Atlassian Bitbucket Windows installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\Atlassian\Bitbucket\. By default, unprivileged...

3w

VU#466044: Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths

Overview Siemens Totally Integrated Administrator (TIA) fails to properly set the module search path to be used by a privileged Node.js component, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. The PCS neo administration console is reported to be affected as well. Description Siemens TIA runs a privileged...

4w

VU#794544: Heap-Based Buffer Overflow in Sudo

Overview A heap-based overflow has been discovered in sudo, which may allow a local attacker to execute commands with elevated administrator privileges. Description From the Sudo Main Page: Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as...

Feb 2021

VU#125331: Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs

Overview Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can...

Feb 2021

VU#434904: Dnsmasq is vulnerable to memory corruption and cache poisoning

Overview Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment. These vulnerabilities are also tracked as ICS-VU-668462...

Jan 2021

VU#843464: SolarWinds Orion API authentication bypass allows remote command execution

Overview The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands. Description The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The SolarWinds Orion API is embedded into the Orion Core and is used to interface with all SolarWinds...

Dec 2020

VU#429301: Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Veritas Backup Exec contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2019-1552 Veritas Backup Exec includes an OpenSSL component that specifies an OPENSSLDIR variable as /usr/local/ssl/. On the Windows platform,...

Dec 2020

VU#815128: Embedded TCP/IP stacks have memory corruption vulnerabilities

Overview Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU#96491057 as well as the name AMNESIA:33. Description Embedded TCP/IP stacks provide essential...

Dec 2020

VU#724367: VMware Workspace ONE Access and related components are vulnerable to command injection

Overview VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker to execute commands with unrestricted privileges on the underlying operating system. Description VMware Workspace One Access, Access Connector,...

Nov 2020

VU#231329: Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks

Overview The Replay Protected Memory Block (RPMB) protocol found in several storage specifications does not securely protect against replay attacks. An attacker with physical access can deceive a trusted component about the status of an RPBM write command or the content of an RPMB area. Description The RPMB protocol "...enables a device to store...

Nov 2020