179 matches found
Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
Overview Bouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS-V1 keystore. Description Bouncy Castle is a cryptographic library for C and Java applications, including Android applications. BKS is a...
Pulse Secure Linux client GUI fails to validate SSL certificates
Overview The Pulse Secure Linux client GUI fails to validate SSL certificates, which can allow an attacker to modify connection settings. Description Pulse Secure is an SSL VPN solution. The Linux Pulse Secure client GUI is implemented using WebKit, and the actions taken using the GUI are...
Apple Releases Security Update for macOS High Sierra
Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13. An attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU113765 and the Apple...
Clarifying the behavior of mandatory ASLR
Last week, the CERT/CC published an advisory describing some unexpected behavior they observed when enabling system-wide mandatory Address Space Layout Randomization ASLR using Windows Defender Exploit Guard WDEG and EMET on Windows 8 and above. In this blog post, we will explain the configuratio...
Clarifying the behavior of mandatory ASLR
Last week, the CERT/CC published an advisory describing some unexpected behavior they observed when enabling system-wide mandatory Address Space Layout Randomization ASLR using Windows Defender Exploit Guard WDEG and EMET on Windows 8 and above. In this blog post, we will explain the configuratio...
Windows ASLR Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability in Windows Address Space Layout Randomization ASLR that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages use...
Vendor BPC Silent on Patching SQL Injection in SmartVista Ecommerce Software
A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. BPC Banking Technologies of Switzerland has not acknowledged the vulnerability in its SmartVista suite of ecommerce and financial...
PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting
Summary ======= 1. Missing access control CVE-2017-11356 2. Multiple cross-site scripting CVE-2017-11355 Vendor ====== "Pegasystems Inc. is the leader in software for customer engagement and operational excellence. Pega’s adaptive, cloud-architected software – built on its unified Pega® Platform ...
Samsung Magician fails to update itself securely
Overview Samsung Magician fails to securely check for and retrieve updates, which an allow an authenticated attacker to execute arbitrary code with administrator privileges. Description Samsung Magician is a management utility for Samsung SSDs. Prior to version 5.0, Samsung Magician checks for an...
WiMAX CPE Authentication Bypass Vulnerability
Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi implemented in libmtkhttpdplugin.so. title: Various WiMAX CPEs Authentication Bypass product: see "Vulnerable...
IBM Releases Security Update
IBM has released a security update to address a vulnerability in IBM Domino server IMAP EXAMINE. An attacker could exploit this vulnerability to take control of an affected system. Available updates include: Domino 9.0.1 Feature Pack 8 Interim Fix 2 Domino 8.5.3 Fix Pack 6 Interim Fix 17 Users an...
Java AMF3 exposure remote code execution vulnerability-vulnerability warning-the black bar safety net
! Recently, a German security team @codewhitesec found a Java AMF3 plurality of functions to achieve vulnerability, the American CERT/CC also issued a safety warning. An attacker can remotely by tricking or controlling the service connection, in AMF3 reverse sequence operation when the execution ...
Beta Firmware Updates Available for Vulnerable Netgear Routers
Netgear has begun pushing out beta versions of firmware updates that will address a critical vulnerability that was disclosed late last week. The networking vendor also confirmed that many more routers in its Nighthawk line are vulnerable than originally reported. The flaw allows attackers to car...
IKE/IKEv2 protocol implementations may allow network amplification attacks
Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Description CWE-406: Insufficient Control of Network Message Volume Network Amplification IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios, an...
Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0026 Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 Description An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who...
Netgear Management System Vulnerable to RCE, Path Traversal Attacks
Netgear’s ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files. The problems affect the NMS300 product, a web-based system the company manufactures to help users monitor...
ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities
Overview ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7280The ReadyNet WRT300N-DD Wireless Router...
Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries
Overview Netgear G54/N150 Wireless Router WNR1000v3, firmware version 1.0.2.68 and possibly earlier, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-8263The Netgear G54/N150 Wireless...
CERT/CC: manipulate the Practical HTTP Host header
Report claims redirection on http://www.kb.cert.org using Host header, could not reproduce. Host header was used to generate content. Host header removed from all content generating code...
Popular Belkin Wi-Fi Routers vulnerable to Hackers
US-CERT has outlined about Wireless routers developed by Belkin supposedly containing several vulnerabilities. CERT in their Vulnerability Note VU201168 Vulnerability ID said, that Belkin’s N600 DB Wireless Dual-Band N+ Router, model F9K1102 v2 with firmware version 2.10.17 and very likely earlie...