Archive for June, 2019

CVE-2019-7230

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
Source: NIST
CVE-2019-7230

CVE-2019-7232

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.
Source: NIST
CVE-2019-7232

CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Source: NIST
CVE-2018-20843

Raspberry Pi Used in JPL Breach

NASA report shows exfiltration totaling more than 100 GB of information since 2009.
Source: DarkReading
Raspberry Pi Used in JPL Breach

CVE-2019-12940 (livezilla)

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.
Source: NIST
CVE-2019-12940 (livezilla)

CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
Source: NIST
CVE-2019-12384

CVE-2019-12869

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
Source: NIST
CVE-2019-12869

CVE-2019-12939 (livezilla)

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
Source: NIST
CVE-2019-12939 (livezilla)

CVE-2019-12292

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
Source: NIST
CVE-2019-12292

CVE-2019-12870

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
Source: NIST
CVE-2019-12870