Lucene search
K

3702 matches found

CERT
CERT
added 2018/09/26 12:0 a.m.670 views

TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

Overview The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an...

10CVSS8.2AI score0.18763EPSS
Exploits1References5
CERT
CERT
added 2018/09/05 12:0 a.m.761 views

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

Overview Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Description The Web Proxy...

7.6CVSS6.9AI score0.5389EPSS
Exploits12References2
CERT
CERT
added 2018/08/28 12:0 a.m.739 views

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface

Overview Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call ALPC interface, which can allow a local user to obtain SYSTEM privileges. Description The Microsoft Windows task scheduler SchRpcSetSecurity API contains a...

7.8CVSS7.2AI score0.18386EPSS
Exploits7References6
CERT
CERT
added 2018/08/21 12:0 a.m.621 views

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

Overview Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript...

9.3CVSS8.3AI score0.92499EPSS
Exploits4References23
CERT
CERT
added 2018/08/15 12:0 a.m.689 views

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

Overview Intel processors are vulnerable to one or more L1 data cache information disclosure and terminal fault attacks via a speculative execution side channel. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Description Speculative...

7.3CVSS7.5AI score0.08101EPSS
Exploits0References6
CERT
CERT
added 2018/08/14 12:0 a.m.586 views

Android and iOS apps contain multiple vulnerabilities

Overview Android apps, including those pre-installed on some mobile devices, contain multiple vulnerabilities. All of these vulnerabilities were reported by Kryptowire. Vulnerabilities in pre-installed apps were presented at DEF CON 26 and a set of different vulnerabilities were previously...

7.5CVSS7.9AI score0.00986EPSS
Exploits0References6
CERT
CERT
added 2018/08/14 12:0 a.m.832 views

Linux kernel IP fragment re-assembly vulnerable to denial of service

Overview The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets. Description CWE-400: Uncontrolled Resource Consumption 'Resource Exhaustion' - CVE-2018-5391The Linux kernel, versions 3.9+, is vulnerable to a...

7.8CVSS7.9AI score0.24575EPSS
Exploits0References1
CERT
CERT
added 2018/08/14 12:0 a.m.537 views

IKEv1 Main Mode vulnerable to brute force attacks

Overview Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. CVE-2018-5389It is well known, that the aggressive mode of IKEv1 PSK is vulnerable...

5.9CVSS5.8AI score0.03038EPSS
Exploits1References3
CERT
CERT
added 2018/08/06 12:0 a.m.644 views

TCP implementations vulnerable to Denial of Service

Overview The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets. Description CWE-400: Uncontrolled Resource Consumption 'Resource Exhaustion' - CVE-2018-5390Linux kernel versions 4.9+ can be...

7.8CVSS6.8AI score0.7354EPSS
Exploits0References3
CERT
CERT
added 2018/08/03 12:0 a.m.531 views

mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

Overview mingw-w64 produces a executable Windows files without a relocations table by default, which breaks compatibility with ASLR. Description ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table...

7.5CVSS7.3AI score0.01426EPSS
Exploits0References3
CERT
CERT
added 2018/07/23 12:0 a.m.585 views

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Overview Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Description CWE-325: Missi...

8CVSS6.3AI score0.00802EPSS
Exploits1References3
CERT
CERT
added 2018/05/23 12:0 a.m.637 views

strongSwan VPN charon server vulnerable to buffer underflow

Overview strongSwan VPN's charon server prior to version 5.6.3 does not check packet length and may allow buffer underflow, resulting in denial of service. Description CWE-124: Buffer Underwrite 'Buffer Underflow' - CVE-2018-5388In strokesocket.c, a missing packet length check could allow a buffe...

6.5CVSS7.1AI score0.04009EPSS
Exploits0References2
CERT
CERT
added 2018/05/21 12:0 a.m.590 views

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

Overview CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". Description Speculative execution is a technique used by many modern processors to improve performance by...

5.6CVSS7AI score0.60631EPSS
Exploits2References11
CERT
CERT
added 2018/05/14 12:0 a.m.538 views

OpenPGP and S/MIME mail client vulnerabilities

Overview Mail clients may leak plaintext messages while decrypting OpenPGP and S/MIME messages. Description Email clients supporting the OpenPGP or S/MIME standards may be vulnerable to a CBC/CFB gadget attack which may allow an attacker to inject content into an encrypted email which would...

5.9CVSS5.6AI score0.04219EPSS
Exploits2References3
CERT
CERT
added 2018/05/08 12:0 a.m.573 views

Hardware debug exception documentation may result in unexpected behavior

Overview In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions...

7.8CVSS7.3AI score0.18696EPSS
Exploits9References2
CERT
CERT
added 2018/05/03 12:0 a.m.511 views

Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")

Overview Some platforms with integrated GPUs, such as smartphones, may allow both side-channel and rowhammer attacks via WebGL, which may allow a remote attacker to compromise the browser on an affected platform. An attack technique that leverages these vulnerabilities is called "GLitch."...

5.8CVSS5AI score0.00594EPSS
Exploits0References2
CERT
CERT
added 2018/04/10 12:0 a.m.520 views

Microsoft Outlook retrieves remote OLE content without prompting

Overview When a Rich Text RTF email is previewed in Microsoft Outlook, remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user's password hash, which may be cracked by an attacker. Description Microsoft Outlo...

6.5CVSS6.7AI score0.09024EPSS
Exploits0References2
CERT
CERT
added 2018/03/29 12:0 a.m.587 views

Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed

Overview When the Microsoft update for meltdown is installed on a Windows 7 x64 or Windows Server 2008 R2 x64 system, an unprivileged process may be able to read and write the entire memory space available to the Windows kernel. Description The update that Microsoft has released for meltdown on x...

7.8CVSS7.1AI score0.08915EPSS
Exploits2References3
CERT
CERT
added 2018/03/27 12:0 a.m.556 views

Navarino Infinity web interface is affected by multiple vulnerabilities.

Overview Navarino Infinity web interface up to version 2.2 is affected by multiple vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2018-5384| Navarino Infinity exposes an unauthenticated script that is prone to blind sq...

9.8CVSS8.8AI score0.04635EPSS
Exploits3References3
CERT
CERT
added 2018/03/19 12:0 a.m.1300 views

Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

Overview Bouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS-V1 keystore. Description Bouncy Castle is a cryptographic library for C and Java applications, including Android applications. BKS is a...

4.4CVSS5AI score0.00262EPSS
Exploits0References3
CERT
CERT
added 2018/02/27 12:0 a.m.643 views

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Overview Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

9.8CVSS8.3AI score0.04636EPSS
Exploits4References3
CERT
CERT
added 2018/02/15 12:0 a.m.568 views

Quagga bgpd is affected by multiple vulnerabilities

Overview The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution. Description CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer - CVE-2018-5378...

9.8CVSS8.3AI score0.74599EPSS
Exploits0References5
CERT
CERT
added 2018/02/01 12:0 a.m.523 views

Pulse Secure Linux client GUI fails to validate SSL certificates

Overview The Pulse Secure Linux client GUI fails to validate SSL certificates, which can allow an attacker to modify connection settings. Description Pulse Secure is an SSL VPN solution. The Linux Pulse Secure client GUI is implemented using WebKit, and the actions taken using the GUI are...

6.5CVSS6.2AI score0.00616EPSS
Exploits0References1
CERT
CERT
added 2018/01/04 12:0 a.m.1196 views

CPU hardware vulnerable to side-channel attacks

Overview CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre. Description CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take...

5.6CVSS6.6AI score0.93838EPSS
Exploits13References26
CERT
CERT
added 2017/12/12 12:0 a.m.631 views

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding

Overview TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". Description CWE-203: Information Exposure Through Discrepancy...

7.5CVSS7.1AI score0.24282EPSS
Exploits0References6
CERT
CERT
added 2017/11/29 12:0 a.m.570 views

Apple MacOS High Sierra disabled account authentication bypass

Overview Apple MacOS High Sierra fails to properly require authentication for disabled accounts, such as root account, which can allow an authenticated user to obtain root privileges. Description Apple MacOS High Sierra 10.13 contains a flaw in how it authenticates disabled accounts. When a...

9.3CVSS7.3AI score0.36886EPSS
Exploits6References3
CERT
CERT
added 2017/11/21 12:0 a.m.502 views

Install Norton Security for Mac does not verify SSL certificates

Overview Install Norton Security for Mac, prior to version 7.6, does not validate SSL certificates. Description CWE-295: Improper Certificate Validation - CVE-2017-15528The Install Norton Security for Mac installer, versions prior to 7.6, fails to properly validate SSL certificates provided by...

4.3CVSS4.1AI score0.00614EPSS
Exploits0References2
CERT
CERT
added 2017/11/17 12:0 a.m.513 views

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard

Overview Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly...

7AI score
Exploits0References5
CERT
CERT
added 2017/11/15 12:0 a.m.2860 views

Microsoft Office Equation Editor stack buffer overflow

Overview Microsoft Equation Editor contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Equation Editor is a component that comes with Microsoft Office. It is an out-of-process COM server that ...

9.3CVSS9AI score0.99945EPSS
Exploits33References9
CERT
CERT
added 2017/11/03 12:0 a.m.530 views

IEEE P1735 implementations may have weak cryptographic protections

Overview The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plainte...

7.8CVSS7.4AI score0.00455EPSS
Exploits0References2
CERT
CERT
added 2017/11/02 12:0 a.m.524 views

Savitech USB audio drivers install a new root CA certificate

Overview Savitech provides USB audio drivers for a number of specialized audio products. Some versions of the Savitech driver package silently install a root CA certificate into the Windows trusted root certificate store. Description Savitech provides USB audio drivers for a number of specialized...

7.4CVSS7.3AI score0.01458EPSS
Exploits1References7
CERT
CERT
added 2017/10/16 12:0 a.m.679 views

Infineon RSA library does not properly generate RSA key pairs

Overview The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. This vulnerability is often cited as "ROCA" in the media. Description...

5.9CVSS5.7AI score0.09825EPSS
Exploits0References6
CERT
CERT
added 2017/10/16 12:0 a.m.817 views

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...

8.1CVSS8AI score0.04575EPSS
Exploits1References3
CERT
CERT
added 2017/10/12 12:0 a.m.717 views

NXP Semiconductors MQX RTOS contains multiple vulnerabilities

Overview The NXP Semiconductors MQX RTOS prior to version 5.1 contains a buffer overflow in the DHCP client, which may lead to memory corruption allowing an attacker to execute arbitrary code, as well as an out of bounds read in the DNS client which may lead to a denial of service. Description Th...

8.1CVSS8.3AI score0.13021EPSS
Exploits3References4
CERT
CERT
added 2017/10/02 12:0 a.m.589 views

Dnsmasq contains multiple vulnerabilities

Overview Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. Description Multiple vulnerabilities have been reported in dnsmasq.CWE-122: Heap-based Buffer Overflow - CVE-2017-14491 CWE-122: Heap-based Buffer Overflow - CVE-2017-14492 CWE-121: Stack-based Buffer Overflow -...

9.8CVSS8.9AI score0.93307EPSS
Exploits32References2
CERT
CERT
added 2017/09/13 12:0 a.m.989 views

Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability

Overview The Microsoft .NET framework fails to properly parse WSDL content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The PrintClientProxy method in the WSDL-parsing component of the Microsoft .NET framework fails to properly...

9.3CVSS8.3AI score0.88698EPSS
Exploits14References2
CERT
CERT
added 2017/09/12 12:0 a.m.620 views

Multiple Bluetooth implementation vulnerabilities affect many devices

Overview A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in worst case allow an unauthenticated attacker to perfor...

8.8CVSS9.3AI score0.2285EPSS
Exploits28References8
CERT
CERT
added 2017/09/08 12:0 a.m.562 views

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Overview Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying...

6.4CVSS4.6AI score0.00309EPSS
Exploits0References2
CERT
CERT
added 2017/09/06 12:0 a.m.888 views

Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

Overview Apache Struts 2 framework, versions 2.5 to 2.5.12, with REST plugin insecurely deserializes untrusted XML data. A remote, unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application. Description CWE-502: Deserialization of...

8.1CVSS8.5AI score0.99461EPSS
Exploits23References4
CERT
CERT
added 2017/08/29 12:0 a.m.543 views

Akeo Consulting Rufus fails to update itself securely

Overview Akeo Consulting Rufus fails to securely check for and retrieve updates, which an allow an authenticated attacker to execute arbitrary code on a vulnerable system. Description Akeo Consulting Rufus 2.16 retrieves updates over HTTP. While Rufus does attempt to perform some basic signature...

8.1CVSS7.2AI score0.00963EPSS
Exploits0References3
CERT
CERT
added 2017/08/03 12:0 a.m.840 views

Microsoft Windows automatically executes code specified in shortcut files

Overview Microsoft Windows automatically executes code specified in shortcut LNK files. Description Microsoft Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. Clicking on a LNK or file has essentially the same outcome as clicking on the file that is...

9.3CVSS7.5AI score0.90026EPSS
Exploits20References3
CERT
CERT
added 2017/07/27 12:0 a.m.550 views

Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency

Overview Open Shortest Path First OSPF protocol implementations may improperly determine Link State Advertisement LSA recency for LSAs with MaxSequenceNumber. Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing...

8.2CVSS6.1AI score0.01693EPSS
Exploits0References3
CERT
CERT
added 2017/07/25 12:0 a.m.1310 views

Telerik Web UI contains cryptographic weakness

Overview The Telerik Web UI, versions R2 2017 2017.2.503 and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys. Description CWE-326: Inadequate Encryption Strength - CVE-2017-9248The Telerik.Web.UI.dll is vulnerable to a cryptographic...

9.8CVSS9.2AI score0.75098EPSS
Exploits5References4
CERT
CERT
added 2017/07/20 12:0 a.m.541 views

Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account

Overview Inmarsat Solutions offers a shipboard email client service, AmosConnect 8 AC8, which was designed to be utilized over satellite networks in a highly optimized manner. IOActive has identified two security vulnerabilities in the client software: On-board ship network access could provide...

10CVSS10AI score0.07413EPSS
Exploits0References5
CERT
CERT
added 2017/07/18 12:0 a.m.642 views

Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow

Overview Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3223Dahua IP camera products include an...

9.8CVSS10AI score0.05286EPSS
Exploits0References2
CERT
CERT
added 2017/06/19 12:0 a.m.523 views

Acronis True Image fails to update itself securely

Overview Acronis True Image fails to securely check for and retrieve updates, which an allow an authenticated attacker to execute arbitrary code with administrator privileges. Description Acronis True Image is a disk backup utility for Windows and Mac systems. Acronis True Image versions through...

8.8CVSS8.9AI score0.00474EPSS
Exploits0References2
CERT
CERT
added 2017/06/15 12:0 a.m.522 views

Samsung Magician fails to update itself securely

Overview Samsung Magician fails to securely check for and retrieve updates, which an allow an authenticated attacker to execute arbitrary code with administrator privileges. Description Samsung Magician is a management utility for Samsung SSDs. Prior to version 5.0, Samsung Magician checks for an...

8.8CVSS8.9AI score0.00344EPSS
Exploits0References2
CERT
CERT
added 2017/06/13 12:0 a.m.62 views

HPE SiteScope contains multiple vulnerabilities

Overview HPE's SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication. Description HPE's SiteScope is vulnerable to several vulnerabilities. The researcher reports that version 11.31.461 is affected; other versions may also be...

7.8CVSS7AI score0.04934EPSS
Exploits0References8
CERT
CERT
added 2017/06/08 12:0 a.m.52 views

CalAmp LMU-3030 devices may not authenticate SMS interface

Overview OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device, manufactured by CalAmp, has an SMS text message interface. We have found multiple deployments where no password was configured for this interface by the integrator / reseller...

9.3CVSS8.4AI score0.02047EPSS
Exploits0References1
CERT
CERT
added 2017/06/07 12:0 a.m.141 views

Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin

Overview WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to change the administrator password on the device. Description CWE-306: Missing Authentication for Critical Function -...

10CVSS10AI score0.05175EPSS
Exploits1References3
Total number of security vulnerabilities3702