Rocket Software Unidata vulnerabilities
9 known vulnerabilities affecting rocket_software/unidata.
Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH4
Vulnerabilities
Page 1 of 1
CVE-2023-28503P1CRITICALCVSS 9.8PoCfixed in 8.2.43.30032023-03-29
CVE-2023-28503 [CRITICAL] CWE-798 CVE-2023-28503: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.
nvd
CVE-2023-28502P1CRITICALCVSS 9.8PoCfixed in 8.2.43.30032023-03-29
CVE-2023-28502 [CRITICAL] CWE-120 CVE-2023-28502: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.
nvd
CVE-2023-28504P2CRITICALCVSS 9.8fixed in 8.2.43.30032023-03-29
CVE-2023-28504 [CRITICAL] CWE-120 CVE-2023-28504: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user.
nvd
CVE-2023-28501P2CRITICALCVSS 9.8fixed in 8.2.4.30032023-03-29
CVE-2023-28501 [CRITICAL] CWE-190 CVE-2023-28501: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.
nvd
CVE-2023-28505P3HIGHCVSS 8.8fixed in 8.2.43.30032023-03-29
CVE-2023-28505 [HIGH] CWE-120 CVE-2023-28505: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit.
nvd
CVE-2023-28506P3HIGHCVSS 8.8fixed in 8.2.43.30032023-03-29
CVE-2023-28506 [HIGH] CWE-120 CVE-2023-28506: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit.
nvd
CVE-2023-28507P3CRITICALCVSS 9.8fixed in 8.2.43.30032023-03-29
CVE-2023-28507 [CRITICAL] CWE-400 CVE-2023-28507: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.
nvd
CVE-2023-28508P3HIGHCVSS 8.8fixed in 8.2.43.30032023-03-29
CVE-2023-28508 [HIGH] CWE-120 CVE-2023-28508: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process.
nvd
CVE-2023-28509P3HIGHCVSS 7.5fixed in 8.2.43.30032023-03-29
CVE-2023-28509 [HIGH] CWE-327 CVE-2023-28509: Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 bui
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.
nvd