CVEs & Advisories

At Context we are committed to ensuring and improving the security of our clients. Whether for clients or our own purposes, we regularly carry out independent security audits and vulnerability research against third-party software and hardware products.

Identifier Description Product Author Date
CVE-2018-12944 Persistent Cross-Site Scripting (XSS) SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12943 Cross Site Scripting (XSS) SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12942 SQL Injection SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12941 Remote Code Execution SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12940 Unrestricted File Upload SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12939 Directory Traversal SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-6493 SQL Injection HP Network Automation Tilman Bender, Dennis Herrmann and Bastian Kanbach June 2018
CVE-2018-6492 Cross-Site Scripting (XSS) HP Network Automation Tilman Bender, Dennis Herrmann and Bastian Kanbach June 2018
Hyperoptic ZTE home routers Hardcoded account allows compromise of all Hyperoptic ZTE home routers ZTE H298N and ZTE H298A Dan Cater April 2018
CVE-2017-9377 Command Injection Vulnerability on ClickShare Base Units ClickShare Base Units Claudio Moletta September 2017
CVE-2017-8419 Multiple stack and heap corruptions from malicious file Lame 3.99.5 MP3 Gareth Evans May 2017
Mitel 17-0002 Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) Mitel UC360 Tom Moreton February 2017
Mitel 17-0003 Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) Mitel UC360 Tom Moreton February 2017
CVE-2017-5669 Shmat syscall allows null-page protection bypass Linux Gareth Evans January 2017
CVE-2016-7742 Opening a maliciously crafted archive may lead to arbitrary code execution MacOS Gareth Evans December 2016
CVE-2016-7086 Local privileges escalation in VMware installer VMware Adam Bridge September 2016
CVE-2016-7988 No Permissions on SET_WIFI Broadcast receiver Android Tom Court August 2016
CVE-2016-7989 Unhandled ArrayIndexOutOfBounds exception in Android Runtime Android Tom Court August 2016
CVE-2016-7990 Integer overflow in libomacp.so Android Tom Court August 2016
CVE-2016-7991 omacp app ignores security fields in OMA CP message Android Tom Court August 2016
CVE-2016-5134 URL leakage via PAC script Chrome Paul Stone, Alex Chapman July 2016
CVE-2016-3763 Information disclosure vulnerability in Proxy Auto-Config Android Paul Stone, Alex Chapman July 2016
CVE-2016-1801 Information disclosure vulnerability in Proxy Auto-Config iOS/MacOS Paul Stone, Alex Chapman July 2016
CVE-2017-5384 Information disclosure via Proxy Auto-Config (PAC) Firefox Paul Stone, Alex Chapman July 2016
CVE-2014-3524 Command injection when loading Calc spreadsheets under Windows Calc James Kettle, Rohan Durve August 2014
CVE-2012-0160 .NET Framework Serialization Vulnerability .Net James Forshaw May 2012
CVE-2012-0161 .NET Framework Serialization Vulnerability .Net James Forshaw May 2012

As part of our coordinated disclosure policy, Context regularly reports vulnerabilities to manufacturers. This table shows the recent interesting issues credited to Context staff. These issues were found either during our own research, or on client engagements where the client was happy for us to disclose the issue.

Our disclosure policy

Context’s disclosure policy has been designed to protect our clients, vendors and users of affected products in equal measures. We believe that providing adequate time for a vendor to issue fixes for critical vulnerabilities, whilst maintaining disclosure timeframes provides the best balance for all parties involved. Context’s full disclosure policy can be found on our Coordinated Disclosure Policy Page.

CREST
CREST STAR
CHECK IT Health Check Service
CTAS - CESG Tailored Assurance Service
CBEST
Cyber Essentials
CESG Certified Product
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor