MidnightBSD

Advisories for bund

CVE-2022-33172

de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
bund de.fac2 1.34
CVE-2022-42982

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.

Products Affected

Vendor Product Version
bund bkg_professional_ntripcaster *
CVE-2023-3034

Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnerability@ncsc.ch 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
bund bkg_professional_ntripcaster *