Monthly Archive: June 2021

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC...

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31199. Date published : 2021-06-08 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31201. Date published : 2021-06-08 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access. Date published...

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via...

For Eclipse Jetty versions

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This...

A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This...

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This...

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. Date published : 2021-06-08 https://bugzilla.redhat.com/show_bug.cgi?id=1947591

Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET request that specifies a hostname and port number. Date published : 2021-06-08 https://csirt.divd.nl/2021/05/11/Vembu-zero-days/ https://csirt.divd.nl/cases/DIVD-2020-00011/

Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a GET request that specifies a file’s name and content. Date published : 2021-06-08 https://csirt.divd.nl/2021/05/11/Vembu-zero-days/ https://csirt.divd.nl/cases/DIVD-2020-00011/

Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execution by placing a command in a GET request (issue 2 of 2). Date published : 2021-06-08 https://csirt.divd.nl/2021/05/11/Vembu-zero-days/ https://csirt.divd.nl/cases/DIVD-2020-00011/

Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execution by placing a command in a GET request (issue 1 of 2). Date published : 2021-06-08 https://csirt.divd.nl/2021/05/11/Vembu-zero-days/ https://csirt.divd.nl/cases/DIVD-2020-00011/