Security Advisories

From time to time, we also break stuff. This is the place we might talk about it.

• MZ-21-02-Trendmicro.txt
  Critical Vulnerabilities in Trend Micro Deep Security Agent for Linux [MZ-21-02]
• MZ-20-03-Net-Deserialization.txt
  Multiple deserialization vulnerabilities in the .Net runtime [MZ-20-03]
• MZ-20-02-Netgear-Orbi-Pro-Security.txt
  [CVE-2020-11549, CVE-2020-11550, CVE-2020-11551] Critical Vulnerabilities in NETGEAR Orbi Pro WiFi Mesh System [MZ-20-02]
• MZ-19-03-CISCO-ISE.txt
  Unauthenticated persistent cross-site scripting injection into the administrative console of CISCO ISE web application via DHCP request [MZ-19-03]
• MZ-19-01-Cisco-Phones.txt
  [CVE-2019-1716 CVE-2019-1763 CVE-2019-1766 CVE-2019-1765 CVE-2019-1764] Multiple vulnerabilities in Cisco IP Phone 7800 and 8800 series [MZ-19-01]
• MZ-17-01-Conexant-Keylogger.txt
  [CVE-2017-8360] Keylogger in recent Hewlett-Packard Audio Driver [MZ-17-01]
• MZ-15-03-GOOD-Auth-Delegation.txt
  Insecure application-coupling in Good Authentication Delegation [MZ-15-03]
• MZ-15-02-Xceedium-Xsuite.txt
  Multiple Vulnerabilities in Xceedium Xsuite [MZ-15-02]
• MZ-14-02-Siemens-Unify-OpenStage.txt
  Multiple Vulnerabilities in Siemens OpenStage VoIP Phones [MZ-14-02]
• MZ-14-01-Ekahau-RTLS.txt
  Multiple vulnerabilities in Ekahau wireless Real-Time Location System [MZ-14-01]
• MZ-13-07_SAMwin_Collisions.txt
  SAMwin Contact Center Suite - Collisions in Password Hashing Algorithm [MZ-13-07]
• MZ-13-06_SAMwin_Architectural_Issues.txt
  SAMwin Contact Center Suite - Architectural issues lead to database compromise [MZ-13-06]
• MZ-13-05-Blackberry_Z10-qconnDoor.txt
  CVE-2014-2389: BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05] (added: April 8th, 2014)
• MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt
  CVE-2014-2388: Blackberry Z10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04] (added: August 12th, 2014)
• MZ-13-03-GOOD-XSS.txt
  XSS in Good for Enterprise administration console [MZ-13-03] (added: September 25th, 2015)

Responsible Disclosure

We take responsibility serious, and do coordinated responsible disclosure. Please have a look at our disclosure policies.