Security Advisories

 

Um Unternehmen vor Hackern und Kriminellen zu schützen, müssen wir sicherstellen, dass unsere Fähigkeiten und Kenntnisse stets auf dem neuesten Stand sind. Deshalb ist die Sicherheitsforschung für unsere Arbeit ebenso wichtig wie der Aufbau einer Security Community zur Förderung des Wissensaustausches. Denn mehr Sicherheit kann nur erreicht werden, wenn viele sie zu ihrer Aufgabe machen.

Unsere CST Academy und das usd HeroLab sind wesentliche Bestandteile unserer Sicherheitsmission. Das Wissen, das wir in unserer praktischen Arbeit und durch unsere Forschung gewinnen, teilen wir in Schulungen und Publikationen. In diesem Zusammenhang veröffentlicht das usd HeroLab eine Reihe von Beiträgen zu aktuellen Schwachstellen und Sicherheitsproblemen – stets im Einklang mit den Leitsätzen unserer Responsible Disclosure Policy.

Immer im Namen unserer Mission: „more security“.

Hier finden Sie die Security Advisories der vergangenen Monate:

03/2024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0029 | SONIX Technology Webcam

Product: SONIX Technology Webcam
Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)

More details: usd-2023-0029

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0038 | SAP

Product: SAP Fiori Sample Shop
Vulnerability Type: Improper Access Control (CWE-284)

More details: usd-2023-0038

02/2024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0027 | FileCloud

Product: FileCloud Drive
Vulnerability Type: Dependency on Vulnerable Third-Party Component (CWE-1395)

More details: usd-2023-0027

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0009 | Zimperium

Product: Zimperium Mobile Threat Defense
Vulnerability Type: Improper Verification of Cryptographic Signature (CWE-347)

More details: usd-2023-0009

01/2024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0046 (CVE-2024-23759) | Gambio

Product: Gambio
Vulnerability Type: Deserialization of Untrusted Data (CWE-502)

More details: usd-2023-0046

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0047 (CVE-2024-23763) | Gambio

Product: Gambio
Vulnerability Type: SQL Injection (CWE-89)

More details: usd-2023-0047

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0048 (CVE-2024-23761) | Gambio

Product: Gambio
Vulnerability Type: Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)

More details: usd-2023-0048

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0049 (CVE-2024-23762) | Gambio

Product: Gambio
Vulnerability Type: Unrestricted Upload of File with Dangerous Type (CWE-434)

More details: usd-2023-0049

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0050 (CVE-2024-23760) | Gambio

Product: Gambio
Vulnerability Type: Plaintext Storage of Password (CWE-256)

More details: usd-2023-0050

12/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0066 (CVE-2023-23634) | Documize

Product: Documize
Vulnerability Type: SQL Injection (CWE-89)

More details: usd-2022-0066

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0065 (CVE-2023-23633) | Documize

Product: Documize
Vulnerability Type: Broken Access Control (CWE-284)

More details: usd-2022-0065

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0033 (CVE-2022-1274) | Keycloak

Product: Keycloak
Vulnerability Type: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

More details: usd-2021-0033

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0029 | Filerun

Product: Filerun
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0029

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0064 (CVE-2022-47532) | Filerun

Product: Filerun
Vulnerability Type: SQL Injection (CWE-89)

More details: usd-2022-0064

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0051 (CVE-2023-31292) | Planfocus

Product: Planfocus
Vulnerability Type: Insufficient Session Expiration (CWE-613)

More details: usd-2022-0051

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0052 (CVE-2023-31294) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Formula Elements in a CSV File (CWE-1236)

More details: usd-2022-0052

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0053 (CVE-2023-31295) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Formula Elements in a CSV File (CWE-1236)

More details: usd-2022-0053

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0054 (CVE-2023-31296) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Formula Elements in a CSV File (CWE-1236)

More details: usd-2022-0054

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0055 (CVE-2023-31299) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2022-0055

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0056 (CVE-2023-31302) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2022-0056

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0057 (CVE-2023-31300) | Planfocus

Product: Planfocus
Vulnerability Type: Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

More details: usd-2022-0057

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0058 (CVE-2023-31297) | Planfocus

Product: Planfocus
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0058

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0059 (CVE-2023-31301) | Planfocus

Product: Planfocus
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0059

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0060 (CVE-2023-31298) | Planfocus

Product: Planfocus
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0060

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0061 (CVE-2023-31293) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Access Control (CWE-284)

More details: usd-2022-0061

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0032 (CVE-2023-43057) | IBM QRadar SIEM

Product: IBM QRadar SIEM
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2023-0032

11/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0025 (CVE-2023-45878) | Gibbon Edu

Product: Gibbon Edu
Vulnerability Type: Arbitrary File Write (CWE-434)

More details: usd-2023-0025

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0024 (CVE-2023-45881) | Gibbon Edu

Product: Gibbon Edu
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2023-0024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0022 (CVE-2023-45880) | Gibbon Edu

Product: Gibbon Edu
Vulnerability Type: Path-Traversal (CWE-23)

More details: usd-2023-0022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0019 (CVE-2023-45879) | Gibbon Edu

Product: Gibbon Edu
Vulnerability Type: HTML Injection (CWE-79)

More details: usd-2023-0019

10/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0015 (CVE-2023-38193) | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type:  Improper Neutralization of Special Elements used in a Command (CWE-77)

More details: usd-2023-0015

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0014 (CVE-2023-38190) | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (CWE-89)

More details: usd-2023-0014

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0013 (CVE-2023-38194) | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0013

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0012 (CVE-2023-38191) | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0012

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0011 (CVE-2023-38192) | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0011

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0020 (CVE-2023-36806) | Contao

Product: Contao
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0020

09/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0017 | SAP Partner Portal

Product: SAP Partner Portal
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0017

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0046 (CVE-2023-26457) | SAP HTTP Content Server

Product: SAP HTTP Content Server
Vulnerability Type: Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644)

More details: usd-2022-0046

08/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0010 | ThingsBoard

Product: ThingsBoard
Vulnerability Type: Server-Side Template Injection (CWE-1336)

More details: usd-2023-0010

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0002 (CVE-2023-41364) | tine Groupware

Product: tine Groupware
Vulnerability Type: SQL-Injection (CWE-89)

More details: usd-2023-0002

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0028 (CVE-2023-29347) | Windows Admin Center

Product: Windows Admin Center
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0028

07/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0004 (CVE-2023-25201) | MultiTech Conduit AP MTCAP2-L4E1

Product: MultiTech Conduit AP MTCAP2-L4E1
Vulnerability Type: CSRF (CWE-352)

More details: usd-2023-0004

06/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0014 | Foswiki

Product: Foswiki
Vulnerability Type: Path Traversal (CWE-23)

More details: usd-2022-0014

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0011 | Foswiki

Product: Foswiki
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0011

05/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0048 (CVE-2022-45144) | Tracim

Product: Tracim
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0048

04/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0034 (CVE-2022-37955) | Microsoft Windows

Product: Microsoft Windows
Vulnerability Type: Improper Link Resolution Before File Access (CWE-59)  - Privilege Escalation

More details: usd-2022-0034

03/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0049 | Friendica
Product: Friendica
Vulnerability Type: Cross-Site Request Forgery (CSRF) (CWE-352)

More details: usd-2022-0049

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0050 | Friendica

Product: Friendica
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0050

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0001 | Friendica

Product: Friendica
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2023-0001

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0002 (CVE-2023-28868) | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Improper Access Control (CWE-284) - Arbitrary File Delete

More details: usd-2022-0002

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0003 (CVE-2023-28869) | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Improper Access Control (CWE-284) - Arbitrary File Read

More details: usd-2022-0003

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0004 (CVE-2023-28870) | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Incorrect Default Permissions (CWE-276) - Insecure File Permissions

More details: usd-2022-0004

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0005 (CVE-2023-28871) | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Improper Access Control (CWE-284) - Insecure Registry Export

More details: usd-2022-0005

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0006 (CVE-2023-28872) | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Improper Access Control (CWE-284) - Privilege Escalation

More details: usd-2022-0006

02/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0032 (CVE-2023-28873) | Seafile

Product: Seafile
Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

More details: usd-2022-0032

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0033 (CVE-2023-28874) | Seafile

Product: Seafile
Vulnerability Type: URL Redirection to Untrusted Site (CWE-601)

More details: usd-2022-0033

01/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0030 (CVE-2023-23636) | Jellyfin

Product: Jellyfin
Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

More details: usd-2022-0030

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0031 (CVE-2023-23635) | Jellyfin

Product: Jellyfin
Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

More details: usd-2022-0031