herolab.usd.de
Open in
urlscan Pro
82.98.104.253
Public Scan
URL:
https://herolab.usd.de/security-advisories/
Submission: On February 08 via api from US — Scanned from DE
Submission: On February 08 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://herolab.usd.de/
<form role="search" method="get" class="et_pb_menu__search-form" action="https://herolab.usd.de/">
<input type="search" class="et_pb_menu__search-input" placeholder="Suche …" name="s" title="Suchen nach:">
</form>Text Content
* Unsere Leistungen
* Über uns
* Wie wir arbeiten
* Unsere Expert*innen
* Unsere Plattformen und Tools
* Security Research
* Unser Engagement
* Security Advisories
* Responsible Disclosure
* LabNews
* Meet the Team
* usd AG
* English
* Unsere Leistungen
* Über uns
* Wie wir arbeiten
* Unsere Expert*innen
* Unsere Plattformen und Tools
* Security Research
* Unser Engagement
* Security Advisories
* Responsible Disclosure
* LabNews
* Meet the Team
* usd AG
* English
* Unsere Leistungen
* Über uns
* Wie wir arbeiten
* Unsere Expert*innen
* Unsere Plattformen und Tools
* Security Research
* Unser Engagement
* Security Advisories
* Responsible Disclosure
* LabNews
* Meet the Team
* usd AG
* English
* Unsere Leistungen
* Über uns
* Wie wir arbeiten
* Unsere Expert*innen
* Unsere Plattformen und Tools
* Security Research
* Unser Engagement
* Security Advisories
* Responsible Disclosure
* LabNews
* Meet the Team
* usd AG
* English
SECURITY ADVISORIES
Um Unternehmen vor Hackern und Kriminellen zu schützen, müssen wir
sicherstellen, dass unsere Fähigkeiten und Kenntnisse stets auf dem neuesten
Stand sind. Deshalb ist die Sicherheitsforschung für unsere Arbeit ebenso
wichtig wie der Aufbau einer Security Community zur Förderung des
Wissensaustausches. Denn mehr Sicherheit kann nur erreicht werden, wenn viele
sie zu ihrer Aufgabe machen.
Unsere CST Academy und das usd HeroLab sind wesentliche Bestandteile unserer
Sicherheitsmission. Das Wissen, das wir in unserer praktischen Arbeit und durch
unsere Forschung gewinnen, teilen wir in Schulungen und Publikationen. In diesem
Zusammenhang veröffentlicht das usd HeroLab eine Reihe von Beiträgen zu
aktuellen Schwachstellen und Sicherheitsproblemen – stets im Einklang mit den
Leitsätzen unserer Responsible Disclosure Policy.
Immer im Namen unserer Mission: „more security“.
Hier finden Sie die Security Advisories der vergangenen Monate:
01/2023
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2022-0030 | JELLYFIN
Product: Jellyfin
Vulnerability Type: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
More details: usd-2022-0030
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2022-0031 | JELLYFIN
Product: Jellyfin
Vulnerability Type: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
More details: usd-2022-0031
12/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2022-0042 | GITLAB COMMUNITY EDITION
Product: GitLab Community Edition
Vulnerability Type: Uncontrolled Search Path Element (CWE-427)
More details: usd-2022-0042
11/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2022-0008 | ACRONIS CYBER PROTECT
Product: Acronis Cyber Protect
Vulnerability Type: Authentication Bypass (CWE-305)
More details: usd-2022-0008
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2022-0035 | APACHE TOMCAT
Product: Apache Tomcat
Vulnerability Type: Improper Encoding or Escaping of Output (CWE-116)
More details: usd-2022-0035
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2022-0036 | APACHE TOMCAT
Product: Apache Tomcat
Vulnerability Type: Improper Restriction of XML External Entity Reference
(CWE-611)
More details: usd-2022-0036
10/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2022-0009 | FILERUN
Product: Filerun
Vulnerability Type: CWE-79: Improper Neutralization of Input During Web Page
Generation
More details: usd-2022-0009
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2022-0010 | FILERUN
Product: Filerun
Vulnerability Type: CWE-284: Improper Access Control
More details: usd-2022-0010
07/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0027 | CLEVERREACH
Product: CleverReach
Vulnerability Type: CWE-288: Authentication Bypass Using an Alternate Path or
Channel
More details: usd-2021-0027
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0031 (CVE-2022-22689) | CA HARVEST SOFTWARE CHANGE MANAGER
Product: CA Harvest Software Change Manager
Vulnerability Type: CWE-1236: Improper Neutralization of Formula Elements in a
CSV File
More details: usd-2021-0031
06/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0010 | VODAFONE STATION
Product: Vodafone Station
Vulnerability Type: CWE-284: Improper Access Control
More details: usd-2021-0010
05/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0025 (CVE-2021-41766) | APACHE KARAF
Product: Apache Karaf
Vulnerability Type: CWE-502: Deserialization of Untrusted Data
More details: usd-2021-0025
04/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0028 (CVE-2022-25241) | FILECLOUD
Product: Filecloud
Vulnerability Type: CWE-352: Cross-Site Request Forgery (CSRF)
More details: usd-2021-0028
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0029 (CVE-2022-25242) | FILECLOUD
Product: Filecloud
Vulnerability Type: CWE-352: Cross-Site Request Forgery (CSRF)
More details: usd-2021-0029
03/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2019-0050 (CVE-2019-17085) | MICRO FOCUS HPE OPERATIONS AGENT
Product: Micro Focus HPE Operations Agent
Vulnerability Type: CWE-611 Improper Restriction of XML External Entity
Reference
More details: usd-2019-0050
02/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0019 | ZULIP
Product: Zulip Server
Vulnerability Type: CWE-918: Server-Side Request Forgery (SSRF)
More details: usd-2021-0019
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0034 (CVE-2022-23961) | THRUK MONITORING
Product: Thruk Monitoring
Vulnerability Type: CWE-79: Improper Neutralization of Input During Web Page
Generation ('Cross-site Scripting')
More details: usd-2021-0034
01/2022
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0023 | GRAFANA
Product: Grafana
Vulnerability Type: CWE-20: Improper Input Validation
More details: usd-2021-0023
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0024 | GRAFANA
Product: Grafana
Vulnerability Type: CWE-20: Improper Input Validation
More details: usd-2021-0024
12/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0009 | VMWARE WORKSPACE ONE INTELLIGENT HUB
Product: VMware Workspace ONE Intelligent Hub
Vulnerability Type: Hidden Functionality (Backdoor)
More details: usd-2021-0009
11/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0032 | SUSE CVE DATABASE (SUSE.COM)
Product: SUSE CVE database
Vulnerability Type: Cross-site Scripting (XSS)
More details: usd-2021-0032
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0006 (CVE-2021-28376) | CHRONOENGINE CHRONOFORMS V7
Product: ChronoEngine Forms v7
Vulnerability Type: Path Traversal
More details: usd-2021-0006
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0007 (CVE-2021-28377) | CHRONOENGINE CHRONOFORUMS
Product: ChronoEngine Forums
Vulnerability Type: Path Traversal
More details: usd-2021-0007
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2020-0106 (CVE-2021-25273) | SOPHOS UTM
Product: Sophos UTM
Vulnerability Type: Cross-site Scripting (XSS)
More details: usd-2020-0106
10/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0020 | MICROSOFT EXCHANGE SERVER ECP
Product: Microsoft Exchange Server
Vulnerability Type: Server-side Request Forgery (SSRF)
More details: usd-2021-0020
09/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0002 | EGOSECURE AGENT
Product: EgoSecure Agent
Vulnerability Type: Symlink Vulnerability
More details: usd-2021-0002
USD-2020-0105 | CORNERSTONE EDITOR
Product: Themeco Cornerstone Editor
Vulnerability Type: Stored Cross-Site Scripting
More details: usd-2020-0105
08/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0012 | TIBCO ACTIVEMATRIX BUSINESSWORKS
Product: TIBCO BusinessWorks
Vulnerability Type: Weak Password Requirements
More details: usd-2021-0012
07/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0015 (CVE-2021-33617) | PASSWORD MANAGER PRO
Product: Password Manager Pro
Vulnerability Type: User Enumeration
More details: usd-2021-0015
USD-2021-0016 | KEYCLOAK
Product: Keycloak
Vulnerability Type: Multi-Factor-Authentication Brute-Force
More details: usd-2021-0016
06/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0021 | MICROSOFT EXCHANGE SERVER OWA
Product: Microsoft Exchange Server OWA
Vulnerability Type: Server-Side Request Forgery (SSRF)
More details: usd-2021-0021
USD-2021-0011 (CVE-2021-32718) | RABBITMQ
Product: RabbitMQ
Vulnerability Type: Cross-Site Scripting
More details: usd-2021-0011
05/2021
IHR TITEL
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0008 (CVE-2021-21990) | VMWARE WORKSPACE ONE
Product: VMWare Workspace ONE
Vulnerability Type: Cross-site Scripting
More details: usd-2021-0008
USD-2021-0014 (CVE-2021-3485) | BITDEFENDER ENDPOINT SECURITY TOOLS FOR LINUX
Product: Bitdefender Endpoint Security Tools for Linux
Vulnerability Type: Improper Input Validation
More details: usd-2021-0014
04/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0001 | MICROSOFT WINDOWS
Product: Windows 10
Vulnerability Type: Symlink Vulnerability
More details: usd-2021-0001
03/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2021-0005 (CVE-2021-30356) | CHECK POINT IDENTITY AGENT
Product: Check Point Identity Agent, Affected Version: < R81.018.0000
Vulnerability Type: Symlink Vulnerability
More details: usd-2021-0005
02/2021
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2019-0069 | ZEN CART
Product: Zen Cart, Affected Version: 1.5.6d
Vulnerability Type: XSS
More details: usd-2019-0069
USD-2019-0072 (CVE-2020-6577) | IT-RECHT KANZLEI PLUGIN FOR ZEN CART
Product: IT-Recht Kanzlei Plugin for Zen Cart, Affected Version: v1.5.6c (Zen
Cart deutsch version)
Vulnerability Type: SQL Injection
More details: usd-2019-0072
01/2021
IHR TITEL
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2020-0028 (CVE-2021-28042) | MAILOPTIMIZER
Product: Mailoptimizer, Affected Version: 4.3
Vulnerability Type: Path Traversal
More details: usd-2020-0028
10/2020
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2020-0026 (CVE-2020-27976) | OSCOMMERCE PHOENIX CE
Product: OScommerce Phoenix CE, Affected Version: 1.0.5.4
Vulnerability Type: Authenticated RCE
More details: usd-2020-0026 (CVE-2020-27976)
USD-2020-0027 (CVE-2020-27975) | OSCOMMERCE PHOENIX CE
Product: OScommerce Phoenix CE, Affected Version: < 1.0.5.4
Vulnerability Type: Cross Site Request Forgery (CSRF
More details: usd-2020-0027 (CVE-2020-27975)
USD-2020-0029 (CVE-2020-27974) | NEOPOST MAIL ACCOUNTING SOFTWARE PRO
Product: NeoPost Mail Accounting Software Pro, Affected Version: 5.0.6
Vulnerability Type: Reflected XSS
More details: usd-2020-0029 (CVE-2020-27974)
USD-2020-0030 (CVE-2020-1455 ) | SQL SERVER MANAGEMENT STUDIO
Product: SQL Server Management Studio (SSMS), Affected Version: 18.4
Vulnerability Type: Symbolic Link Vulnerability
More details: usd-2020-0030 (CVE-2020-1455)
09/2020
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2020-0048 (CVE-2020-24708) | GOPHISH
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting
More details: usd-2020-0048 (CVE-2020-24708)
USD-2020-0049 (CVE-2020-24709) | GOPHISH
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting
More details: usd-2020-0049 (CVE-2020-24709)
USD-2020-0050 (CVE-2020-24712) | GOPHISH
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: non-persistent self Cross-Site Scripting
More details: usd-2020-0050 (CVE-2020-24712)
USD-2020-0051 (CVE-2020-24711) | GOPHISH
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Improper Restriction of Rendered UI Layers or Frames
More details: usd-2020-0051 (CVE-2020-24711)
USD-2020-0052 (CVE-2020-24707) | GOPHISH
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: CSV Injection
More details: usd-2020-0052 (CVE-2020-24707)
USD-2020-0053 (CVE-2020-24713) | GOPHISH
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Insufficient Session Expiration
More details: usd-2020-0053 (CVE-2020-24713)
USD-2020-0054 (CVE-2020-24710) | GOPHISH
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting
More details: usd-2020-0054 (CVE-2020-24710)
USD-2020-0059 (CVE-2020-15862) | NET-SNMP
Product: Net-SNMP, Affected Version: 5.7.3
Vulnerability Type: Elevation of Privileges
More details: usd-2020-0059 (CVE-2020-15862)
USD-2020-0060 (CVE-2020-15861) | NET-SNMP
Product: Net-SNMP, Affected Version: 5.7.3
Vulnerability Type: Elevation of Privileges
More details: usd-2020-0060 (CVE-2020-15861)
07/2020
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2020-0023 (CVE-2020-14170) | BITBUCKET SERVER
Product: Bitbucket Server, Affected Version: 5.4.0 <= version < 7.3.1
Vulnerability Type: Server Side Request Forgery
More details: usd-2020-0023 (CVE-2020-14170)
USD-2020-0024 (CVE-2020-14171) | BITBUCKET SERVER
Product: Bitbucket Server, Affected Version: 4.9.0 <= version < 7.2.4
Vulnerability Type: Unencrypted Service
More details: usd-2020-0024 (CVE-2020-14171)
USD-2020-0041 (CVE-2020-11476) | CONCRETE5 CMS
Product: Concrete5 CMS, Affected Version: 8.5.2
Vulnerability Type: Unrestricted Upload of File with Dangerous Type
More details: usd-2020-0041 (CVE-2020-11476)
06/2020
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2020-0038 (CVE-2020-11474) | NCP SECURE ENTERPRISE WINDOWS CLIENT
Product: NCP Secure Enterprise Windows Client, Affected Version: 10.14
Vulnerability Type: Privileged File Write
More details: usd-2020-0038 (CVE-2020-11474)
USD-2020-0031 (CVE-2020-10984) | GAMBIO GX
Product: Gambio GX, Affected Version: 4.0.0.0
Vulnerability Type: Cross-Site-Request-Forgery (CSRF)
More details: usd-2020-0031 (CVE-2020-10984)
USD-2020-0033 (CVE-2020-10982) | GAMBIO GX
Product: Gambio GX, Affected Version: 4.0.0.0
Vulnerability Type: Blind SQL Injection
More details: usd-2020-0033 (CVE-2020-10982)
USD-2020-0034 (CVE-2020-10983) | GAMBIO GX
Product: Gambio GX, Affected Version: 4.0.0.0
Vulnerability Type: Blind SQL Injection
More details: usd-2020-0034 (CVE-2020-10983)
USD-2020-0035 (CVE-2020-10985) | GAMBIO GX
Product: Gambio GX, Affected Version: 4.0.0.0
Vulnerability Type: Stored Cross-Site Scripting (XSS)
More details: usd-2020-0035 (CVE-2020-10985)
USD-2020-0016 (CVE-2020-5836) | SYMANTEC ENDPOINT PROTECTION
Product: Symantec Endpoint Protection, Affected Version: 14.2.2.1
Vulnerability Type: Hardlink Vulnerability
More details: usd-2020-0016 (CVE-2020-5836)
04/2020
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2019-0057 (CVE-2019-19213) | USERLIKE CHAT
Product: Userlike Chat, Vulnerability Type: Cross-Site Scripting
More details: usd-2019-0057 (CVE-2019-19213)
USD-2019-0058 (CVE-2019-19214) | USERLIKE CHAT
Product: Userlike Chat, Vulnerability Type: Insufficient Filtering
More details: usd-2019-0058 (CVE-2019-19214)
USD-2019-0059 (CVE-2019-19217) | CONTROL-M/AGENT
Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: OS Command Injection
More details: usd-2019-0059 (CVE-2019-19217)
USD-2019-0060 ( CVE-2019-19216) | CONTROL-M/AGENT
Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: Insecure File Copy
More details: usd-2019-0060 (CVE-2019-19216)
USD-2019-0061 (CVE-2019-19215) | CONTROL-M/AGENT
Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: Remote Buffer Overflow
More details: usd-2019-0061 (CVE-2019-19215)
USD-2019-0064 (CVE-2019-19220) | CONTROL-M/AGENT
Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: OS Command Injection
More details: usd-2019-0064 (CVE-2019-19220)
USD-2019-0065 (CVE-2019-19219) | CONTROL-M/AGENT
Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: Arbitrary File Download
More details: usd-2019-0065 (CVE-2019-19219)
USD-2019-0066 (CVE-2019-19218) | CONTROL-M/AGENT
Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: Insecure Password Storage
More details: usd-2019-0066 (CVE-2019-19218)
USD-2019-0068 | CHOCOLATEY PYTHON 3 PACKAGE
Product: Python 3 package for chocolatey, Affected Version: 3.8.1
Vulnerability Type: Weak File Permissions
More details: usd-2019 -0068
USD-2019-0070 (CVE-2020-6579) | MAILBEEZ PLUGIN FOR ZENCART
Product: MailBeez Plugin for ZenCart, Affected Version: v3.9.21
Vulnerability Type: XSS
More details: usd-2019-0070 (CVE-2020-6579)
USD-2020-0006 (CVE-2020-10515) | STARFACE UCC CLIENT
Product: STARFACE UCC Client, Affected Version: v6.7.0.180
Vulnerability Type: Binary Planting
More details: usd- 2020-0006 (CVE-2020-10515)
02/2020
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2020-0001 (CVE-2020-6582) | NAGIOS NRPE
Product: Nagios NRPE, Affected Version: v.3.2.1
Vulnerability Type: Memory Corruption (Heap Overflow)
More details: usd-2020-0001 (CVE-2020-6582)
USD-2020-0002 (CVE-2020-6581) | NAGIOS NRPE
Product: Nagios NRPE, Affected Version: v.3.2.1
Vulnerability Type: Insufficient Filtering of Configuration file
More details: usd-2020-0002 (CVE-2020-6581)
USD-2020-0003 | NAGIOS NRPE
Product: Nagios NRPE, Affected Version: v.3.2.1
Vulnerability Type: Wrong Packet Size Computation
More details: usd-2020-0003
USD-2020-0004 | NAGIOS NRPE
Product: Nagios NRPE, Affected Version: v.3.2.1
Vulnerability Type: Logic Error
More details: usd-2020-0004
01/2020
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2019-0049 (CVE-2019-19208) | CODIAD WEB IDE
Product: Codiad Web IDE, Affected Version: v.2.8.4
Vulnerability Type: PHP Code injection
More details: usd-2019-0049 (CVE-2019-19208)
USD-2019-0051 (CVE-2019-19209) | DOLIBARR ERP/CRM
Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.3
Vulnerability Type: Reflected XSS, SQL injection
More details: usd-2019-0051 (CVE-2019-19209)
USD-2019-0052 (CVE-2019-19210)| DOLIBARR ERP/CRM
Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.3
Vulnerability Type: Stored XSS
More details: usd-2019-0052 (CVE-2019-19210)
USD-2019-0053 (CVE-2019-19211)| DOLIBARR ERP/CRM
Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.4
Vulnerability Type: Reflected XSS
More details: usd-2019-0053 (CVE-2019-19211)
USD-2019-0054 (CVE-2019-19212)| DOLIBARR ERP/CRM
Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.3
Vulnerability Type: SQL injection
More details: usd-2019-0054 (CVE-2019-19212)
USD-2019-0067 | DOLIBARR ERP/CRM
Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.4
Vulnerability Type: SQL injection
More details: usd-2019-0067
10/2019
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2019-0016 (CVE-2019-15005) | BITBUCKET
Product: Bitbucket, Affected Version: < v6.6
Vulnerability Type: Broken Access Control
More details: usd-2019-0016 (CVE-2019-15005)
USD-2019-0045 (CVE-2019-6179) | XCLARITY
Product: XClarity, Affected Version: 2.2.0
Vulnerability Type: XML External Entity Processing
More details: usd-2019-0045
USD-2019-0046 (CVE-2019-12331) | PHPSPREADSHEET
Product: PhpSpreadsheet, Affected Version: <1.8.0
Vulnerability Type: XML External Entity (XXE)
More details: usd-2019-0046
07/2019
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2019-0001 | ADOBE EXPERIENCE MANAGER (AEM)
Product: Adobe Experience Manager (AEM), Affected Version: 6.3.2.2
Vulnerability Type: Code Injection
More details: usd-2019-0001
USD-2019-0002 | FEELING4DESIGN SUPER FORMS
Product: feeling4design Super Forms, Affected Version: Drag & Drop Form
Builder/1.0.0 – 4.4.8
Vulnerability Type: Path Traversal
More details: usd-2019-0002
USD-2019-0003 | FEELING4DESIGN SUPER FORMS
Product: feeling4design Super Forms, Affected Version: Drag & Drop Form
Builder/1.6.1 – 4.4.8
Vulnerability Type: Missing Server Side File Type Validation
More details: usd-2019-0003
USD-2019-0014 (CVE-2019-2709) | ORACLE TRANSPORTATION MANAGEMENT (OTM)
Product: Oracle Transportation Management (OTM), Affected Version: 6.4.3
Vulnerability Type: Reflected XSS
More details: usd-2019-0014
USD-2019-0015 | BITBUCKET
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Broken Access Control
More details: usd-2019-0015
USD-2019-0017 | BITBUCKET
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Sensitive Data Exposure/Credentials Disclosure
More details: usd-2019-0017
USD-2019-0018 | BITBUCKET
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: User Enumeration
More details: usd-2019-0018
USD-2019-0019 | BITBUCKET
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: File Enumeration
More details: usd-2019-0019
USD-2019-0020 | BITBUCKET
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Sensitive Data in URL
More details: usd-2019-0020
01/2019
IHR TITEL
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2018-0032 | RIVERBED STEELCENTRAL APPRESPONSE
Product: Riverbed SteelCentral AppResponse, Affected Version: 9.6
Vulnerability Type: Reflected Cross-Site-Scripting Vulnerability
More details: usd-2018-0032
USD-2018-0034 | DROPBEAR
Product: Dropbear, Affected Version: current master branch (commit
cb945f9f670e95305c7c5cc5ff344d1f2707b602)
Vulnerability Type: Username Enumeration
More details: usd-2018-0034
USD-2018-0035 | CISCO UNIFIED COMMUNICATIONS MANAGER
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18
(likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data
More details: usd-2018-0035
USD-2018-0036 | CISCO UNIFIED COMMUNICATIONS MANAGER
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18
(likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data
More details: usd-2018-0036
USD-2018-0037 | CISCO UNIFIED COMMUNICATIONS MANAGER
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18
(likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data
More details: usd-2018-0037
USD-2018-0038 | CISCO UNIFIED COMMUNICATIONS MANAGER
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18
(likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data
More details: usd-2018-0038
12/2018
IHR TITEL
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2018-0024 | SHPOCK APP
Product: Shpock App, Affected Version: Shpock App for Andriod & Iphone
Vulnerability Type: Username Enumeration
More details: usd-2018-0024
USD-2018-0025 (CVE-2018-7750) | SEP SESAM
Product: SEP sesam, Affected Version: 4.4.3.61
Vulnerability Type: Authentication Bypass
More details: usd-2018-0025 (CVE-2018-7750)
USD-2018-0026 (CVE-2018-18245) | NAGIOS CORE
Product: Nagios Core, Affected Version: 4.4.2
Vulnerability Type: Stored XSS
More details: usd-2018-0026 (CVE-2018-18245)
USD-2018-0027 (CVE-2018-18246) | ICINGA WEB 2
Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: CSRF
More details: usd-2018-0027 (CVE-2018-18246)
USD-2018-0028 (CVE-2018-18248) | ICINGA WEB 2
Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Reflected XSS
More details: usd-2018-0028 (CVE-2018-18248)
USD-2018-0029 (CVE-2018-18247) | ICINGA WEB 2
Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Stored XSS
More details: usd-2018-0029 (CVE-2018-18247)
USD-2018-0030 (CVE-2018-18249, CVE-2018-18250) | ICINGA WEB 2
Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Denial of Service, Sensitive Data disclosure
More details: usd-2018-0030 (CVE-2018-18249, CVE-2018-18250)
USD-2018-0031 (CVE-2018-13376) | FORTIGATE 900D
Product: Fortigate 900D, Affected Version: FW: V. 5.6.2 Build 1486 (GA)
Vulnerability Type: Sensitive Data disclosure
More details: usd-2018-0031 (CVE-2018-13376)
11/2018
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2018-0023 (CVE-2018-1000805) | PARAMIKO
Product: Paramiko , Affected Version: 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5,
1.17.6
Vulnerability Type: Authentication Bypass
More details: usd-2018-0023 (CVE-2018-1000805)
USD-2018-0021 (CVE-2018-15498) | SAFEQ PRO SMARTCARD V2
Product: SafeQ Pro SmartCard v2, Affected Version: V2
Vulnerability Type: Replay Attack
More details: usd-2018-0021 (CVE-2018-15498)
USD-2018-0020 (CVE-2018-18473) | PATLITE
Product: Patlite, Affected Version: NBM-D88N, Patlite NHL-3FB1, Patlite
NHL-3FV1N
Vulnerability Type: Backdoor
More details: usd-2018-0020 (CVE-2018-18473)
07/2018
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2018-0013 | LEXWARE PROFESSIONAL 2017
Product: Lexware professional 2017 , Affected Version: 17.02
Vulnerability Type: Improper Access Control
More details: usd-2018-0013
USD-2018-0014 | LEXWARE PROFESSIONAL 2017
Product: Lexware professional 2017, Affected Version: 17.02
Vulnerability Type: Improper Access Control
More details: usd-2018-0014
USD-2018-0015 | LEXWARE PROFESSIONAL 2017
Product: Lexware professional 2017, Affected Version: 17.02
Vulnerability Type: Improper Access Control
More details: usd-2018-0015
USD-2018-0016 | LEXWARE PROFESSIONAL 2017
Product: Lexware professional 2017, Affected Version: 17.02
Vulnerability Type: Denial of Service
More details: usd-2018-0016
USD-2018-0017 | LEXWARE PROFESSIONAL 2017
Product: Lexware professional 2017, Affected Version: 17.02
Vulnerability Type: Broken Authentication
Download: usd-2018-0017
06/2018
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2018-0006 | FIRSTSPIRIT SITEARCHITECT
Product: FirstSpirit SiteArchitect, Affected Version: 5.2
Vulnerability Type: Path Traversal
More details: usd-2018-0006
USD-2018-0012 | FIRSTSPIRIT SITEARCHITECT
Product: FirstSpirit SiteArchitect, Affected Version: 5.2
Vulnerability Type: Improper Access Control
More details: usd-2018-0012
USD-2018-0019 (CVE-2018-6462) | PDF-XCHANGE VIEWER
Product: Pdf-Xchange Viewer, Affected Version: 2.5.322.7 and earlier,
Vulnerability Type: Heap Overflow
More details: usd-2018-0019 (CVE-2018-6462)
05/2018
!!NICHT BEARBEITEN!!
Your content goes here. Edit or remove this text inline or in the module Content
settings. You can also style every aspect of this content in the module Design
settings and even apply custom CSS to this text in the module Advanced settings.
USD-2018-0001 | STARFACE
Product: Starface, Affected Version: 6.4.3.34
Vulnerability Type: Reflected XSS
More details: usd-2018-0001
USD-2018-0002 | STARFACE
Product: Starface, Affected Version: 6.4.3.34
Vulnerability Type: Language Expression Injection
More details: usd-2018-0002
USD-2018-0003 | STARFACE
Product: Starface, Affected Version: 6.4.3.34
Vulnerability Type: SQL Injection
More details: usd-2018-0003
USD-2018-0004 | STARFACE
Product: Starface, Affected Version: 6.4.3.34
Vulnerability Type: Cross-site request forgery
More details: usd-2018-0004
USD-2018-0018 | PROJEKTRON BCS
Product: Projektron BCS, Affected Version: All versions before 7.38.45,
Vulnerability Type: Reflected XSS
More details: usd-2018-0018
USD AG
Kontakt
Impressum
Datenschutz
AGB
© 2022 usd AG
Meldung einer Schwachstelle oder eines Bugs
Code of Ethics
LabNews
SECURITY ADVISORIES ZU JELLYFIN
Jan 19, 2023
Die Analyst*innen des usd HeroLabs haben während der Durchführung ihrer
Sicherheitsanalysen die Multimedia-Anwendung Jellyfin untersucht. Hierbei wurden
zwei Cross-Site-Scripting Schwachstellen identifiziert, die es ermöglicht haben,
mit einem einfachen...
SECURITY ADVISORY ZU GITLAB
Dez 15, 2022
Die Analyst*innen des usd HeroLabs haben während der Durchführung ihrer
Sicherheitsanalysen GitLab, einen Dienst zur Versionsverwaltung von
Softwareprojekten, untersucht. Hierbei wurde eine Schwachstelle identifiziert,
die durch die aktuellen Standardeinstellungen in...
SECURITY ADVISORIES ZU APACHE TOMCAT
Nov 24, 2022
Die Analyst*innen des usd HeroLabs haben während der Durchführung ihrer
Sicherheitsanalysen den populären Open Source Webserver Apache Tomcat
untersucht. Hierbei wurden zwei Schwachstellen identifiziert, die es ermöglicht
haben, eingeschränkte Schreibrechte zu...
Datenschutz
Auf unserer Webseite werden von uns und eingebundenen Dritten technisch
erforderliche Cookies und, soweit Sie uns durch Aktivierung der jeweiligen
Checkbox hierzu Ihre freiwillige Einwilligung erteilen, auch Cookies und
Tracking-Technologien zu Analysezwecken eingesetzt. Eine Einwilligung kann
jederzeit mit Wirkung für die Zukunft widerrufen werden. Wenn Sie unter 16 Jahre
alt sind und Ihre Zustimmung zu freiwilligen Diensten geben möchten, müssen Sie
Ihre Erziehungsberechtigten um Erlaubnis bitten. Wir verwenden Cookies und
andere Technologien auf unserer Website. Einige von ihnen sind essenziell,
während andere uns helfen, diese Website und Ihre Erfahrung zu verbessern.
Personenbezogene Daten können verarbeitet werden (z. B. IP-Adressen), z. B. für
personalisierte Anzeigen und Inhalte oder Anzeigen- und Inhaltsmessung. Weitere
Informationen über die Verwendung Ihrer Daten finden Sie in unserer
Datenschutzerklärung. Sie können Ihre Auswahl jederzeit unter Einstellungen
widerrufen oder anpassen.
Datenschutz
* Technisch erforderlich
* Analyse und Performance
Alle akzeptieren
Speichern
Nur technisch notwendige Cookies akzeptieren
Individuelle Datenschutzeinstellungen
Cookie-Details Datenschutzerklärung Impressum
Ihre Cookie Einstellungen
Wenn Sie unter 16 Jahre alt sind und Ihre Zustimmung zu freiwilligen Diensten
geben möchten, müssen Sie Ihre Erziehungsberechtigten um Erlaubnis bitten. Wir
verwenden Cookies und andere Technologien auf unserer Website. Einige von ihnen
sind essenziell, während andere uns helfen, diese Website und Ihre Erfahrung zu
verbessern. Personenbezogene Daten können verarbeitet werden (z. B.
IP-Adressen), z. B. für personalisierte Anzeigen und Inhalte oder Anzeigen- und
Inhaltsmessung. Weitere Informationen über die Verwendung Ihrer Daten finden Sie
in unserer Datenschutzerklärung. Auf unserer Webseite werden von uns und
eingebundenen Dritten technisch erforderliche Cookies und, soweit Sie uns durch
Aktivierung der jeweiligen Checkbox hierzu Ihre freiwillige Einwilligung
erteilen, auch Cookies und Tracking-Technologien zu Analysezwecken eingesetzt.
Eine Einwilligung kann jederzeit mit Wirkung für die Zukunft widerrufen werden.
In unserer Datenschutzerklärung finden Sie weitere Informationen zu den
eingesetzten Cookies und Tracking-Technologien und beteiligten Drittanbietern.
Alle akzeptieren Speichern Nur technisch notwendige Cookies akzeptieren
Zurück
Ihre Cookie Einstellungen
Technisch erforderlich (2)
Diese Cookies helfen dabei, unsere Webseite nutzbar zu machen, indem sie zum
Beispiel Grundfunktionen wie Seitennavigation und Zugriff auf sichere Bereiche
der Webseite ermöglichen oder den Status Ihrer Cookie-Einstellungen speichern.
Unsere Webseite kann ohne diese Cookies nicht richtig funktionieren.
Cookie-Informationen anzeigen Cookie-Informationen ausblenden
Name Borlabs Cookie Anbieter usd AG, Impressum Zweck Speichert die Einstellungen
der Besucher, die in der Cookie Box von Borlabs Cookie ausgewählt wurden.
Datenschutzerklärung https://www.usd.de/datenschutz/ Cookie Name borlabs-cookie
Cookie Laufzeit 5 Tage
Name Technisch erforderlich Anbieter WordPress Zweck Diese Cookies helfen dabei,
unsere Webseite nutzbar zu machen, indem sie zum Beispiel Grundfunktionen wie
Seitennavigation und Zugriff auf sichere Bereiche der Webseite ermöglichen oder
den Status Ihrer Cookie-Einstellungen speichern. Unsere Webseite kann ohne diese
Cookies nicht richtig funktionieren. Datenschutzerklärung
https://www.usd.de/datenschutz/ Cookie Name wp* Cookie Laufzeit 5 Tage
Analyse und Performance (1)
Analyse und Performance
Wir nutzen diese Cookies und Tracking-Technologien auf unserer Webseite, um
nachzuvollziehen, wie Sie mit unserer Webseite interagieren und welche Inhalte
Sie am meisten interessieren. Wir bekommen so die Möglichkeit, die Performance
unserer Webseite ständig zu verbessern und deren Inhalte an Ihre Interessen
anzupassen. Diese Cookies und Tracking-Technologien werden ebenfalls verwendet,
um Funktionen der Webseite zuzulassen, die Ihnen eine möglichst komfortable
Nutzung ermöglichen.
Hierbei nutzen wir Dienste von Drittanbietern, die Informationen zu Ihrer
Nutzung unserer Webseite erhalten und diese möglicherweise auch zu eigenen
Zwecken mit weiteren Daten zusammenführen, die sie von Ihnen ggf. auch an
anderer Stelle erhalten haben.
Cookie-Informationen anzeigen Cookie-Informationen ausblenden
Akzeptieren Analyse und Performance Name Analyse und Performance Anbieter usd AG
Zweck Wir nutzen diese Cookies und Tracking-Technologien auf unserer Webseite,
um nachzuvollziehen, wie Sie mit unserer Webseite interagieren und welche
Inhalte Sie am meisten interessieren. Wir bekommen so die Möglichkeit, die
Performance unserer Webseite ständig zu verbessern und deren Inhalte an Ihre
Interessen anzupassen. Diese Cookies und Tracking-Technologien werden ebenfalls
verwendet, um Funktionen der Webseite zuzulassen, die Ihnen eine möglichst
komfortable Nutzung ermöglichen. Hierbei nutzen wir Dienste von Drittanbietern,
die Informationen zu Ihrer Nutzung unserer Webseite erhalten und diese
möglicherweise auch zu eigenen Zwecken mit weiteren Daten zusammenführen, die
sie von Ihnen ggf. auch an anderer Stelle erhalten haben. Datenschutzerklärung
https://www.usd.de/datenschutz/ Host(s) www.usd.de/ Cookie Name _pk. Cookie
Laufzeit 5 Tage
Datenschutzerklärung Impressum
╳