SSD安全公告-QNAP QTS未经认证的远程代码执行漏洞
漏洞概要 以下安全公告描述了QNAP QTS的一个内存损坏漏洞,成功利用该漏洞会造成QNAP QTS 4.3.x和4.2.x版本(包括4.3.3.0299)未经验证的远程代码执行。 威联通科技(QNAP Systems, Inc)专注于为企业,中小型企业,SOHO和家庭用户提供文件共享,虚拟化,存储管理和监控应用的网络解决方案。 QNAP QTS是标准的智能NAS操作系统,支持所有文件共享,存储,备份,虚拟化和多媒体QNAP设备。
Buffer Overflow
SSD Advisory – Huawei P8 wkupccpu debugfs Kernel Buffer Overflow
Vulnerability Summary The following advisory describes a buffer overflow found in Huawei P8 Lite ALE-21 HI621sft, operating system versions EMUI 3.1 – wkupccpu debugfs driver. Huawei Technologies Co. Ltd. is “a multinational networking and telecommunications equipment and services company, it is the largest telecommunications equipment manufacturer in the world and the second largest smartphone manufacturer …
SSD Advisory – Huawei P8 wkupccpu debugfs Kernel Buffer Overflow Read More »
SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution
Vulnerability Summary The following advisory describes a memory corruption vulnerability that can lead to an unauthenticated remote code execution in QNAP QTS versions 4.3.x and 4.2.x, including the 4.3.3.0299. QNAP Systems, Inc. “specializes in providing networked solutions for file sharing, virtualization, storage management and surveillance applications to address corporate, SMB, SOHO and home user needs. …
SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution Read More »
SSD Advisory – Dasan Unauthenticated Remote Code Execution
Vulnerability Summary The following advisory describes a buffer overflow that leads to remote code execution found in Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 Dasan Networks GPON ONT WiFi Router “is indoor type ONT dedicated for FTTH (Fibre to the Home) or FTTP (Fiber to the Premises) deployments. That …
SSD Advisory – Dasan Unauthenticated Remote Code Execution Read More »
SSD Advisory – GraphicsMagick Multiple Vulnerabilities
Vulnerabilities summary The following advisory describes two (2) vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler’s SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and …
SSD Advisory – GraphicsMagick Multiple Vulnerabilities Read More »
SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow
Vulnerability Summary The following advisory describes a JavaScript execMenuItem off-by-One heap buffer overflow, that can potentially lead to Remote Code Execution, found in Adobe Reader DC version 15.23.20056.213124. Credit An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address …
SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow Read More »
SSD Advisory – Iceni Infix Multiple Crashes
Crashes Summary An independent security researcher has reported 36 different crashes in Iceni Infix. We decided to publish 1 sample out of the 36 crashes – if you want to get the remaining 35 crashes, please contact us via email ssd [at] beyondsecurity (dot) com. “Infix PDF Editor and Infix PDF Editor Pro is popular …
SSD Advisory – HPE Intelligent Management Center (iMC) Code Execution
Vulnerability Summary The following advisory describes a Stack Buffer Overflow vulnerability found in HPE Intelligent Management Center version v7.2 (E0403P10) Enterprise, this vulnerability leads to an exploitable remote code execution. HPE Intelligent Management Center (iMC) delivers comprehensive management across campus core and data center networks. iMC converts meaningless network data to actionable information to keep …
SSD Advisory – HPE Intelligent Management Center (iMC) Code Execution Read More »
SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing. IBM Informix Dynamic Server has many features that cater to a variety of user groups, including developers and …
SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow
Vulnerability Summary The following advisory describes a Buffer Overflow vulnerability found in Bitdefender Engine PE. Bitdefender provides the Bitdefender “antimalware” engine for integration with other security vendors products. The engine is used in Bitdefender’s own products, for example in Bitdefender Internet Security 2017 and below. The antimalware engine is the core of the product, among …
SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow Read More »
SSD Advisory – Linksys PPPoE Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Linksys EA, XAC and AC series devices. The vulnerabilities has been found in the way the Linksys devices (EA, XAC and AC series) handle the Point-to-point protocol over Ethernet (PPPoE) Discovery (PPPoED) process allowing an unprivileged active attacker on the same network segment (layer2) …
SSD Advisory – Linksys PPPoE Multiple Vulnerabilities Read More »
Know your community – Stefan Esser
One of the first names I knew of when I entered into the security field was Stefan Esser (@i0n1c). The guy that dropped 10 0-days in 2013 during SyScan, Founder of SektionEins GmbH, CEO of Antid0te UG, Speaker in all major security conferences and today’s one of the most talented security researchers. I had the …
