ADVISORIES

Our team is always looking for interesting bugs during our day to day operations. We plan on updating this page with any advisories we responsibly disclosed as a result of this research. From time to time we will post an accompanying blog post that demonstrates how to develop a proof of concept exploit for a discovered vulnerability.

VULNERABILITY DISCLOSURE PROCESS

  • Securifera will make every attempt to contact the product vendor using whatever communication channels are discoverable for the vendor. (web form, email,social media, phone number)

  • Securifera will provide all relevant vulnerability details to the vendor to assist in discovery and mitigation.

  • Securifera will maintain confidentiality regarding vulnerability information throughout the duration of the responsible disclosure process within the agreed upon disclosure window, typically 90 days.

  • Securifera will assign a CVE number to the vulnerability if the vendor is not a MITRE CNA or does not have an agreed upon timeline for issuance of a CVE by a MITRE CNA.

  • Securifera will release a public advisory on the Securifera website or social media after the completion of the responsible disclosure process with accompanying vulnerability details.

  • Securifera will perform public disclosure at an arbitrary date of its choosing if the vendor is unreachable by Securifera using the above mentioned communication methods or if the vendor becomes unresponsive for more than 30 days.

VULNERABILITY DISCLOSURE SCOPE

All vulnerabilities discovered in third-party software while performing vulnerability research, penetration testing, or red team assessments that do not fall within the scope of an existing vendor CNA.

IAVA 2015-A-0127

AHLTA Client Remote Stack Buffer Overflow

IAVA 2015-A-0127

IAVA Notice
Exploit

CVE-2015-2898

MEDCIN Engine Stack-Based Buffer Overflow

CVE-2015-2898

Advisory
US-CERT

CVE-2015-2899

MEDCIN Engine Heap-Based Buffer Overflow

CVE-2015-2899

Advisory
US-CERT

CVE-2015-2900

MEDCIN Engine Out-of-Bounds Memory Write

CVE-2015-2900

Advisory
US-CERT

CVE-2015-2901

MEDCIN Engine Data Section Buffer Overflow

CVE-2015-2901

Advisory
US-CERT

CVE-2015-6006

MEDCIN Engine Numeric Truncation Error to Buffer Overflow

CVE-2015-6006

Advisory
US-CERT

CVE-2015-7244

MobaXTerm 8.2 Unauthenticated X11 Tampering

CVE-2015-7244

Advisory
US-CERT

CVE-2015-8268

Idera Uptime Infrastructure Monitor 7.6 Debian Agent File Inclusion

CVE-2015-8268

USCERT

CVE-2015-8277

Flexera Flexnet Publisher Stack-Based Buffer Overflow

CVE-2015-8277

Advisory
US-CERT

CVE-2016-2345

Solarwinds Dameware Mini Remote Control Stack Buffer Overflow

CVE-2016-2345

Advisory
US-CERT

CVE-2016-3962

Meinberg NTP Time Server Remote Buffer Overflow

CVE-2016-3962

Advisory
ICS-Cert

CVE-2016-3988

Meinberg NTP Time Server Remote Buffer Overflow

CVE-2016-3988

Advisory
ICS-Cert

CVE-2016-3989

Meinberg NTP Time Server Improper Access Controls

CVE-2016-3989

Advisory
ICS-Cert

CVE-2016-3147

Landesk Management Suite Collector Service Stack Buffer Overflow

CVE-2016-3147

Advisory
NIST

CVE-2017-18044

Commvault Remote Command Injection Vulnerability

CVE-2017-18044

Advisory
NIST

CVE-2018-6546

Plays.tv (Raptr) Remote Binary Execution

CVE-2018-6546

Advisory
NIST

CVE-2018-6547

Plays.tv (Raptr) Remote Arbitrary File Write

CVE-2018-6547

Advisory
NIST

CVE-2018-16156

Fujitsu PaperStream IP (TWAIN) 1.42 DLL Hijack Privilege Escalation

CVE-2018-16156

Advisory
NIST

CVE-2018-20053

Cerner Connectivity Engine 4 Remote Command Injection Vulnerability

CVE-2018-20053

Advisory
NIST

CVE-2018-20735

BMC Patrol Agent Privilege Escalation Vulnerability

CVE-2018-20735

Advisory
NIST

CVE-2019-8352

BMC PATROL Agent Static Encryption Key For User Credentials

CVE-2019-8352

Advisory
NIST

CVE-2019-4279

IBM WebSphere Application Server ND Remote Code Execution

CVE-2019-4279

Advisory

CVE-2019-1077

Microsoft Visual Studio Elevation of Privilege Vulnerability

CVE-2019-1077

Advisory

CVE-2019-1267

Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability

CVE-2019-1267

Advisory

CVE-2019-1317

Microsoft Windows Update Orchestrator Elevation of Privilege

CVE-2019-1317

Advisory
NIST

CVE-2019-14450

Repetier-Server File Creation Directory Traversal Vulnerability

CVE-2019-14450

Advisory
NIST

CVE-2019-14451

Repetier-Server Insufficient File Upload Validation

CVE-2019-14451

Advisory
NIST

CVE-2019-18232

SafeNet Sentinel LDK License Manager Privilege Escalation

CVE-2019-18232

Advisory
NIST

CVE-2019-15595

Ubiquiti UniFi Video Server Remote Command Execution

CVE-2019-15595

Advisory
NIST

CVE-2019-17180

Valve Steam Client Elevation of Privilege Vulnerability

CVE-2019-17180

Advisory
NIST

CVE-2020-8146

Ubiquiti UniFi Video Controller Elevation of Privilege Vulnerability

CVE-2020-8146

Advisory
Ubiquiti

CVE-2020-4448

IBM WebSphere Application Server ND Remote Code Execution

CVE-2020-4448

Advisory
MITRE

CVE-2020-10626

Schneider Electric EcoStruxure IT Gateway Escalation of Privilege

CVE-2020-10626

Advisory
MITRE

SEC-2020-0001

LISTSERV Maestro Remote Code Execution via EL Injection

SEC-2020-0001

Advisory

CVE-2020-35593

BMC PATROL Agent Executable Hijack Escalation of Privilege

CVE-2020-35593

Advisory

SHSA-982686

Telerik Deserialization RCE in Siemens Healthineers Syngo.via

SHSA-982686

Advisory

CVE-2021-27198

VisualWare MyConnection Server Remote Code Execution Vulnerability

CVE-2021-27198

Advisory

CVE-2021-32089

Motorola FX9500 RFID Reader Remote Code Execution Vulnerability

CVE-2021-32089

Advisory

CVE-2021-27445

MesaLabs AmegaView Local Privilege Escalation Vulnerability

CVE-2021-27445

Advisory

CVE-2021-27447

MesaLabs AmegaView Unauth Remote Command Injection Vulnerability

CVE-2021-27447

Advisory

CVE-2021-27449

MesaLabs AmegaView Auth Remote Command Injection Vulnerability

CVE-2021-27449

Advisory

CVE-2021-27451

MesaLabs AmegaView Improper Authentication Vulnerability

CVE-2021-27451

Advisory

CVE-2021-27453

MesaLabs AmegaView Authentication Bypass Vulnerability

CVE-2021-27453

Advisory

CVE-2021-35047

Fidelis Network and Deception Remote Command Injection Vulnerability

CVE-2021-35047

Advisory

CVE‐2021‐35048

Fidelis Network and Deception Unauth SQL Injection Vulnerability

CVE‐2021‐35048

Advisory

CVE‐2021‐35049

Fidelis Network and Deception Remote Command Injection Vulnerability

CVE‐2021‐35049

Advisory

CVE‐2021‐35050

Fidelis Network and Deception Insecure Credential Storage Vulnerability

CVE‐2021‐35050

Advisory

CVE-2022-24388

Fidelis Network and Deception Remote Command Injection Vulnerability

CVE-2022-24388

Advisory

CVE-2022-24389

Fidelis Network and Deception Remote Command Injection Vulnerability

CVE-2022-24389

Advisory

CVE-2022-24390

Fidelis Network and Deception Remote Command Injection Vulnerability

CVE-2022-24390

Advisory

CVE-2022-24391

Fidelis Network and Deception SQL Injection Vulnerability

CVE-2022-24391

Advisory

CVE-2022-24392

Fidelis Network and Deception Remote Command Injection Vulnerability

CVE-2022-24392

Advisory

CVE-2022-24393

Fidelis Network and Deception Remote Command Injection Vulnerability

CVE-2022-24393

Advisory

CVE-2022-24394

Fidelis Network and Deception Remote Command Injection Vulnerability

CVE-2022-24394

Advisory

CVE-2022-40021

QVidium Technologies Amino A140 Remote Command Injection

CVE-2022-40021

Advisory

CVE-2022-40022

Microsemi SyncServer S650 Remote Command Injection

CVE-2022-40022

Advisory

CVE-2022-42732

Siemens Healthineers syngo Dynamics Arbitrary File Read

CVE-2022-42732

Advisory

CVE-2022-42733

Siemens Healthineers syngo Dynamics Arbitrary File Read

CVE-2022-42733

Advisory

CVE-2022-42734

Siemens Healthineers syngo Dynamics Arbitrary File Write

CVE-2022-42734

Advisory

CVE-2022-42891

Siemens Healthineers syngo Dynamics Arbitrary File Write

CVE-2022-42891

Advisory

CVE-2022-42892

Siemens Healthineers syngo Dynamics Arbitrary File Write

CVE-2022-42892

Advisory

CVE-2022-42893

Siemens Healthineers syngo Dynamics Arbitrary File Write

CVE-2022-42893

Advisory

CVE-2022-42894

Siemens Healthineers syngo Dynamics Server-Side Request Forgery

CVE-2022-42894

Advisory

CVE-2022-46898

Vocera Report Console Arbitrary File Upload

CVE-2022-46898

Advisory

CVE-2022-46899

Vocera Report Console Task Exec Path Traversal

CVE-2022-46899

Advisory

CVE-2022-46900

Vocera Report Console Database Operations Access Control Violation

CVE-2022-46900

Advisory

CVE-2022-46901

Vocera Report Console SQL Import Path Traversal

CVE-2022-46901

Advisory

CVE-2022-46902

Vocera Report Console ZipSlip Path Traversal

CVE-2022-46902

Advisory

CVE-2022-48580

ScienceLogic SL1 Remote Command Injection

CVE-2022-48580

Advisory

CVE-2022-48581

ScienceLogic SL1 Remote Command Injection

CVE-2022-48581

Advisory

CVE-2022-48582

ScienceLogic SL1 Remote Command Injection

CVE-2022-48582

Advisory

CVE-2022-48583

ScienceLogic SL1 Remote Command Injection

CVE-2022-48583

Advisory

CVE-2022-48584

ScienceLogic SL1 Remote Command Injection

CVE-2022-48584

Advisory

CVE-2022-48585

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48585

Advisory

CVE-2022-48586

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48586

Advisory

CVE-2022-48587

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48587

Advisory

CVE-2022-48588

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48588

Advisory

CVE-2022-48589

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48589

Advisory

CVE-2022-48590

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48590

Advisory

CVE-2022-48591

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48591

Advisory

CVE-2022-48592

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48592

Advisory

CVE-2022-48593

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48593

Advisory

CVE-2022-48594

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48594

Advisory

CVE-2022-48595

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48595

Advisory

CVE-2022-48596

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48596

Advisory

CVE-2022-48597

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48597

Advisory

CVE-2022-48598

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48598

Advisory

CVE-2022-48599

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48599

Advisory

CVE-2022-48600

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48600

Advisory

CVE-2022-48601

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48601

Advisory

CVE-2022-48602

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48602

Advisory

CVE-2022-48603

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48603

Advisory

CVE-2022-48604

ScienceLogic SL1 SQL Injection Vulnerability

CVE-2022-48604

Advisory

CVE-2023-26263

Talend Data Catalog XML external entity (XXE) injection

CVE-2023-26263

Advisory

CVE-2023-33247

Talend Data Catalog Unauthenticated File Upload (RCE)

CVE-2023-33247

Advisory

CVE-2023-40239

Lexmark Printers XML external entity (XXE) injection

CVE-2023-40239

NIST
Advisory

CVE-2024-0980

Okta Verify Windows Remote Code Execution

CVE-2024-0980

Advisory