KLCERT advisories

KLCERT-20-007: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-006: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-005: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-004: Remote Code Execution on TigerVNC version prior to 1.10.1

23 March 2020

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
KLCERT-20-003: Remote Code Execution on Emerson OpenEnterprise SCADA Server version 2.83 and all versions of OpenEnterprise 3.1 through 3.3.3

23 March 2020

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server version 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
KLCERT-20-002: XXE on Moxa’s cellular management software OnCell Central Manager Version lower than 2.4.1

16 March 2020

Moxa’s cellular management software OnCell Central Manager Version lower than 2.4.1 was affected to XML Externl Entity (XXE) due to vulnerable third-party component usage (Apache Flex BlazeDS). Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-20-001: Remote Code Execution on Moxa’s cellular management software OnCell Central Manager Version lower than 2.4.1

16 March 2020

Moxa’s cellular management software OnCell Central Manager Version lower than 2.4.1 was affected to Remote Code Execution due to vulnerable third-party component usage (Apache Flex BlazeDS). Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-032: Denial of Service in RDesktop before 1.8.4

30 October 2019

RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5.
KLCERT-19-031: CODESYS V3 Password transmission vulnerability

13 August 2019

Attacker able to decrypt captured credentials.
KLCERT-19-030: Hasplm cookie without HTTPOnly attribute

05 June 2019

Hasplm cookie does not have a HTTPOnly attribute. This allows malicious javascript to steal these cookie.