Vulnerabilities > Rocketsoftware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2023-28502 | Out-of-bounds Write vulnerability in Rocketsoftware Unidata and Universe Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user. | 9.8 |
| 2023-03-29 | CVE-2023-28503 | Improper Authentication vulnerability in Rocketsoftware Unidata and Universe Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user. | 9.8 |
| 2023-03-29 | CVE-2023-28504 | Out-of-bounds Write vulnerability in Rocketsoftware Unidata and Universe Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user. | 9.8 |
| 2023-03-29 | CVE-2023-28507 | Resource Exhaustion vulnerability in Rocketsoftware Unidata and Universe Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes. | 9.8 |
| 2023-03-29 | CVE-2023-28501 | Integer Overflow or Wraparound vulnerability in Rocketsoftware Unidata and Universe Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user. | 9.8 |
| 2022-12-01 | CVE-2022-36431 | Unrestricted Upload of File with Dangerous Type vulnerability in Rocketsoftware Trufusion An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. | 9.8 |
| 2022-06-17 | CVE-2021-45024 | XXE vulnerability in Rocketsoftware Ags-Zena 4.2.1 ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). | 9.8 |