Security advisories.

Software flaws found by Qualys.

The Qualys Vulnerability and Malware Research Labs (VMRL) is tasked with the investigation of software packages to find new flaws. Once found, we work with the software owner to get the flaw registered (CVEs), and then we assist with the quickest resolution possible by providing detailed technical information, including proof of concept code.

This list of advisories provides insight into the specific vulnerabilities reported.

• Jul 1, 2024

  regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (cve-2024-6387)

  Read the advisory
• Jan 30, 2024

  Heap-based buffer overflow in the glibc's syslog() (CVE-2023-6246)

  Read the advisory
• Jan 30, 2024

  Nontransitive comparison functions lead to out-of-bounds read & write in glibc's qsort()

  Read the advisory
• Oct 3, 2023

  Looney Tunables: Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)

  Read the advisory
• Jul 19, 2023

  Remote code execution in OpenSSH's forwarded ssh-agent (CVE-2023-38408)

  Read the advisory

  Accompanying code:
  rce-openssh-forwarded-ssh-agent.tar.gz

• Jun 6, 2023

  LPE and RCE in RenderDoc (CVE-2023-33865, CVE-2023-33864 and CVE-2023-33863)

  Read the advisory
• Nov 30, 2022

  Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)

  Read the advisory
• Oct 24, 2022

  Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)

  Read the advisory
• Feb 17, 2022

  Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine) (CVE-2021-44731)

  Read the advisory
• Jan 25, 2022

  pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

  Read the advisory
• Jul 20, 2021

  Denial of service (stack exhaustion) in systemd (PID 1) (CVE-2021-33910)

  Read the advisory

  Accompanying exploit:
  cve-2021-33910-crasher.c

• Jul 20, 2021

  Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)

  Read the advisory

  Accompanying exploit:
  cve-2021-33909-crasher.c
  cve-2021-33909-exploit.tar.gz

• May 4, 2021

  21Nails: Multiple Vulnerabilities in Exim Mail Server

  Read the advisory

  Patch

• Jan 26, 2021

  Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)

  Read the advisory
• May 19, 2020

  15 years later: Remote Code Execution in qmail (CVE-2005-1513)

  Read the advisory

  Accompanying exploit:
  remote-code-execution-qmail.tar.gz

• Feb 24, 2020

  LPE and RCE in OpenSMTPD's Default Install (CVE-2020-8794)

  Read the advisory

  Accompanying exploit:
  lpe-rce-opensmtpd-default-install-exploit.c

• Feb 24, 2020

  Local Information Disclosure in OpenSMTPD (CVE-2020-8793)

  Read the advisory

  Accompanying exploit:
  local-information-disclosure-opensmtpd-exploit.c

• Jan 28, 2020

  LPE and RCE in OpenSMTPD (CVE-2020-7247)

  Read the advisory

  Blog post: How to detect and remediate
  Patch available at https://www.openbsd.org/errata66.html

• Dec 11, 2019

  Local Privilege Escalation in OpenBSD's Dynamic Loader (CVE-2019-19726)

  Read the advisory
• Dec 4, 2019

  Authentication Vulnerabilities in OpenBSD (CVE-2019-19521)

  Read the advisory
• Jun 5, 2019

  The Return of the WIZard: RCE in Exim (CVE-2019-10149)

  Read the advisory
• Jan 9, 2019

  System Down: A systemd-journald Exploit

  Read the advisory

  Accompanying exploit:
  system-down.tar.gz

• Sep 25, 2018

  Mutagen Astronomy: Integer overflow in Linux's create_elf_tables() (CVE-2018-14634)

  Read the advisory

  Accompanying exploits:
  poc-exploit.c
  poc-suidbin.c

• Jun 11, 2018

  Team Password Manager Multiple Security Vulnerabilities

  Read the advisory
• May 17, 2018

  Procps-ng Audit Report

  Read the advisory

  Patches

• Apr 10, 2018

  Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability (DSA-2018-025)

  Read the advisory
• Mar 1, 2018

  Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates

  Read the advisory
• Dec 13, 2017

  Open-iSCSI Potential code execution vulnerability (CVE-2017-17840)

  Read the advisory
• Dec 11, 2017

  Memory Leak (CVE-2017-1000408) and Buffer Overflow (CVE-2017-1000409) in GNU C Library Dynamic Loader (ld.so)

  Read the advisory
• Oct 26, 2017

  Use of hard-coded cryptographic key (CVE-2017-14021) and hard-coded credentials (CVE-2017-14027) in multiple Korenix JetNet devices

  Read the advisory
• Sep 26, 2017

  Linux PIE/stack Corruption (CVE-2017-1000253)

  Read the advisory

  cve-2017-1000253.c - accompanying exploit for CentOS-7 kernel versions 3.10.0-514.21.2.el7.x86_64 and 3.10.0-514.26.1.el7.x86_64

• Aug 24, 2017

  Westermo Routers Multiple Vulnerabilities (ICSA-17-236-01)

  Read the advisory
• Jul 1, 2017

  Dell Active Roles Unquoted Service Path Vulnerability (KB232543)

  Read the advisory
• Jul 1, 2017

  Unquoted Search Path Vulnerability (Active Roles Synchronization Service)

  Read the advisory

  Workaround and fix
  Active Roles 7.2 release notes

• Jun 27, 2017

  Multiple Vulnerabilities in Multiple Brickcom Devices (CVE-2017-9235, CVE-2017-9236, CVE-2017-9237, CVE-2017-9238)

  Read the advisory
• Jun 19, 2017

  The Stack Clash

  Read the advisory

  Accompanying exploits:
  solaris_rsh.c
  openbsd_at.c
  netbsd_cve-2017-1000375.c
  linux_offset2lib.c
  linux_ldso_hwcap.c
  linux_ldso_hwcap_64.c
  linux_ldso_dynamic.c
  freebsd_cve-2017-fgpu.c
  freebsd_cve-2017-fgpe.c
  freebsd_cve-2017-1085.c

• Jun 16, 2017

  Unquoted Search Path Vulnerability (Active Roles Administration Service)

  Read the advisory

  Workaround and fix
  Active Roles 7.2 release notes

• Jun 8, 2017

  Cron: group-crontab-to-root privilege escalation (CVE-2017-9525)

  Read the advisory
• May 30, 2017

  Sudo's get_process_ttyname() for Linux (CVE-2017-1000367)

  Read the advisory
• Mar 26, 2017

  D-Link Network Camera DCS-936L Weak CSRF Protection Vulnerability (CVE-2017-7851)

  Read the advisory

  DCS-936L Firmware Release

• Mar 12, 2017

  D-Link DIR-615 Router Multiple Vulnerabilities (CVE-2017-7404, CVE-2017-7405 and CVE-2017-7406)

  Read the advisory
• Mar 10, 2017

  Manage Engine OpManager Multiple Security Vulnerabilities

  Read the advisory
• Mar 7, 2017

  Multiple Vulnerabilities in ACTi Cameras Models from the D, B, I, and E series (CVE-2017-3184, CVE-2017-3185, CVE-2017-3186)

  Read the advisory
• Feb 28, 2017

  Session Fixation Vulnerability in Sophos Secure Web Appliance

  Read the advisory
• Feb 22, 2017

  Insecure CrossDomain.XML in D-Link DCS Series Cameras

  Read the advisory
• Jan 18, 2017

  Zoho ManageEngine OpManager Multiple Vulnerabilities

  Read the advisory
• Jan 12, 2017

  Multiple Vulnerabilities in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x

  Read the advisory
• Jan 3, 2017

  Information Disclosure vulnerability in Netgear DGN2200, DGND3700 & WNDR4500 routers (CVE-2016-5649, CVE-2016-5638)

  Read the advisory
• Dec 6, 2016

  Accellion FTP Multiple Security Vulnerabilities

  Read the advisory
• Nov 2, 2016

  Sensitive Information Disclosure Vulnerability in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x

  Read the advisory
• Oct 26, 2016

  Multiple Vulnerabilities in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x

  Read the advisory
• Jun 10, 2016

  Netgear D6000 and D3600 hard-coded cryptographic keys authentication bypass (CVE-2015-8288, CVE-2015-8289)

  Read the advisory
• Jan 14, 2016

  OpenSSH (CVE-2016-0777 and CVE-2016-0778)

  Read the advisory
• Oct 15, 2015

  LibreSSL (CVE-2015-5333 and CVE-2015-5334)

  Read the advisory
• Oct 2, 2015

  OpenSMTPD Audit Report (CVE-2015-7687)

  Read the advisory
• Aug 24, 2015

  login-utils: file name collision due to incorrect mkstemp use (CVE-2015-5224)

  Read the advisory
• Jul 23, 2015

  userhelper chfn() newline filtering and libuser passwd file handling (CVE-2015-3245 and CVE-2015-3246)

  Read the advisory

  roothelper.c - an unusual local root exploit

• Feb 12, 2015

  Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities

  Read the advisory
• Jan 27, 2015

  GHOST: glibc gethostbyname buffer overflow vulnerability (CVE-2015-0235)

  Read the advisory
• Jul 27, 2014

  ZeroCMS Persistent Cross-Site Scripting

  Read the advisory
• Feb 2, 2014

  Foscam Dynamic DNS Predictable Credentials Vulnerability (CVE-2014-1849)

  Read the advisory
• Jun 15, 2012

  ModSecurity and ModSecurity Core Rule Set Multipart Bypasses

  Read the advisory
• May 7, 2012

  Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2031)

  Read the advisory
• May 7, 2012

  Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2030)

  Read the advisory
• May 7, 2012

  Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2029)

  Read the advisory
• May 7, 2012

  Adobe Reader All Versions Memory Corruption - APB11-16 (CVE-2011-2098)

  Read the advisory
• May 7, 2012

  Memory Corruption when Apple Quicktime Parses .pct File (CVE-2012-0671)

  Read the advisory
• May 4, 2012

  Apache Reverse Proxy Security Bypass Vulnerability (CVE-2011-4317)

  Read the advisory