VU#290915: F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

Overview F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system. Description F5 BIG-IP devices...

4d

VU#576779: Netgear httpd upgrade_check.cgi stack buffer overflow

Overview Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root privileges. Description Many Netgear devices contain an embedded web server, which is provided by the httpd process, to provide administrative capabilities....

3w

VU#257161: Treck IP stacks contain multiple vulnerabilities

Overview Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. Description Treck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various...

4w

VU#339275: Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

Overview The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. Description The UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network....

Jun 2020

VU#636397: IP-in-IP protocol routes arbitrary traffic by default

Overview IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device. Description IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be encapsulated inside another IP packets. This is very similar...

Jun 2020

VU#127371: iOS contains an unspecified kernel vulnerability

iOS contains an unspecified kernel vulnerability. This vulnerability can allow code execution with kernel privileges. This vulnerability is being used by the public unc0ver 5.0 jailbreak utility,which claims to support all devices from iOS 11 through 13.5,excluding versions 12.3-12.3.2 and 12.4.2-12.4.5. It is also reported that this jailbreak works...

May 2020

VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Low Energy(BLE)Core Configuration. Like Bluetooth Classic(BR/ER),BLE is used for low-power short-range communications,but has significantly lower power consumption,making it ideal for Internet of Things(IoT)and...

May 2020

VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate(BR/EDR)Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection,two Bluetooth devices must pair with...

May 2020

VU#366027: Samsung Qmage codec for Android Skia library does not properly validate image files

The Samsung May 2020 Android Security Update notes that"a possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution."Samsung identifies this vulnerability as SVE-2020-16747,more commonly known as CVE-2020-8899. Google Project Zero performed extensive fuzz testing on the Qmage(or Quram,or qmg)code that...

May 2020

VU#660597: Periscope BuySpeed is vulnerable to stored cross-site scripting

Periscope BuySpeed is a"tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed version 14.5 is vulnerable to stored cross-site scripting,which could allow a local,authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization,leading...

Apr 2020