Advisories Archive - Page 2 of 5

Advisories

A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.

All releases are governed by our Vulnerability Disclosure Policy.

CVE-2020-9054: ZyXEL Firewall & NAS – Pre-auth Remote Command Execution via OS Command Injection

https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml

CVE-2019-5624: Metasploit – RCE via RubyZip (Zip Slip) Arbitrary File Write

https://voidsec.com/rubyzip-metasploit-bug

2019: Synology Cloud Station Drive v. <= 4.3.2-4450 - Local Privilege Escalation via Unquoted Service Path

(undisclosed)

2019: RubyZip Library – Arbitrary File Write (Zip Slip)

https://voidsec.com/rubyzip-metasploit-bug/

CVE-2019-11563: Shenzhen Sricctv Technology DeviceViewer v.<= 3.10.12.0 - User Field Stack Buffer Overflow RCE

https://voidsec.com/a-tale-of-a-kiosk-escape-sricam-cms-stack-buffer-overflow/

2019: Fastweb API – Multiple Vulnerabilities

https://www.fastweb.it/corporate/responsible-disclosure/

2018: PayPal Android Mobile APP & API – Multiple Vulnerabilities

(undisclosed)

CVE-2018-2658, CVE-2018-2659: Oracle JD Edwards EnterpriseOne Tools – Multiple XSS

https://www.oracle.com/security-alerts/cpujan2018.html

CVE-2018-6608: Opera Browser – WebRTC

https://www.cvedetails.com/cve/CVE-2018-6608/

2018: TIM Telecom Italia – Multiple Vulnerabilities

http://www.telecomitalia.com/tit/it/footer/responsible-disclosure.html