CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0CVE-2023-3935 – Wibu: Buffer Overflow in CodeMeter Runtime
https://notcve.org/view.php?id=CVE-2023-3935
13 Sep 2023 — A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Una vulnerabilidad de Desbordamiento del Búfer en el servicio de red Wibu CodeMeter Runtime hasta la versión 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitrión. • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2021-41057
https://notcve.org/view.php?id=CVE-2021-41057
14 Nov 2021 — In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. En WIBU CodeMeter Runtime versiones anteriores a 7.30a, la creación de un enlace simbólico CmDongles diseñado sobrescribirá el archivo enlazado sin comprobar los permisos • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2021-20094
https://notcve.org/view.php?id=CVE-2021-20094
16 Jun 2021 — A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. Se presenta una vulnerabilidad de denegación de servicio en las de Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para bloquear el CodeMeter Runtime Server • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 7%CPEs: 18EXPL: 1CVE-2021-20093
https://notcve.org/view.php?id=CVE-2021-20093
16 Jun 2021 — A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. Se presenta una vulnerabilidad de lectura excesiva del búfer en Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para revelar el contenido de la memoria de la pila o bloquear el CodeMeter Runtime Server • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16233
https://notcve.org/view.php?id=CVE-2020-16233
16 Sep 2020 — An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. Un atacante podría enviar un paquete especialmente diseñado que podría hacer que CodeMeter (todas las versiones anteriores a 7.10) devuelva paquetes que contengan datos de la pila • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14513
https://notcve.org/view.php?id=CVE-2020-14513
16 Sep 2020 — CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter (todas las versiones anteriores a 6.81) y el software que lo usa pueden bloquearse al procesar un archivo de licencia específicamente diseñado debido a campos de longitud no verificados • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14515
https://notcve.org/view.php?id=CVE-2020-14515
16 Sep 2020 — CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter (todas las versiones anteriores a 6.90 cuando se utilizan archivos de actualización con CmActLicense Firm Co... • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14519
https://notcve.org/view.php?id=CVE-2020-14519
16 Sep 2020 — This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. Esta vulnerabilidad permite a un atacante utilizar la API ... • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14517
https://notcve.org/view.php?id=CVE-2020-14517
16 Sep 2020 — Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. El cifrado del protocolo se puede romper fácilmente para CodeMeter (todas las versiones anteriores a 6.90 están afectadas, incluyendo la versión 6.90 o más reciente solo si CodeMeter Runtime es ejecutado como servi... • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-326: Inadequate Encryption Strength CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14509
https://notcve.org/view.php?id=CVE-2020-14509
16 Sep 2020 — Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. Se presentan múltiples vulnerabilidades de corrupción de la memoria en CodeMeter (todas las versiones anteriores a 7.10) donde el mecanismo del analizador de paquetes no verifica los campos de longitud. Un atacante podría enviar paquetes especialmente diseñados para e... • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-805: Buffer Access with Incorrect Length Value •