VU#756913: Pixars Tractor contains a stored cross-site scripting vulnerability
CWE-79:Improper Neutralization of Input During Web Page Generation – CVE-2018-5411 Pixar’s Tractor software,versions 2.2 and …
Browsing: CERT
VU#395981: Self-Encrypting Drives Have Multiple Vulnerabilities
CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user …
VU#317277: Texas Instruments Microcontrollers CC2640 and CC2650 are vulnerable to heap overflow
Texas Instruments Microcontrollers CC2640 and CC2650 are vulnerable to heap …
VU#317277: Texas Instrument Microcontrollers CC2640 and CC2650 are vulnerable to variable and heap overflow.
Texas Instrument Microcontrollers CC2640 and CC2650 are vulnerable to variable and heap …
VU#339704: Cisco ASA and FTD SIP Inspection denial-of-service vulnerability
Cisco Adaptive Security Appliance(ASA)Software and Cisco Firepower Threat Defense(FTD)software fails to properly parse SIP traffic,whcih …
Phishing is still the most commonly used attack on organizations, survey says
The survey found that the majority of cyberattacks – 75% – came from outsiders, while 25% were due to insiders. Cybercrooks are the …
VU#176301: Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App
Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and …
Securing IoT and Embedded Software With Static Analysis
The SEI CERT secure coding standard is a great choice for securing your code, especially if your application is embedded or …
VU#581311: TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux …
VU#598349: Automatic DNS registration and proxy autodiscovery allow spoofing of network services
Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks,resulting in a loss …
VU#598349: Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks.
Problems with automatic DNS registration and autodiscovery. If an attacker with access to the network adds a malicious device to the …
VU#598349: Problems with automatic DNS registration and autodiscovery
Problems with automatic DNS registration and autodiscovery. If an attacker with access to the network adds a malicious device to the …
Two CERT Alerts with No Known Solution
Six days after researchers discovered and publicly disclosed a vulnerability that affects the Ghostscript suite of software, a CERT alert …
VU#906424: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface
Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure …
VU#332928: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities
Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities,which may allow a remote,unauthenticated attacker to execute arbitrary …
SEI CERT releases open-source Source Code Analysis Laboratory for pinpointing vulnerabilities
The Software Engineering Institute’s (SEI) CERT Division at Carnegie Mellon University released an open-source static analysis …
VU#787952: Android and iOS apps contain multiple vulnerabilities
Android apps,including those pre-installed on some mobile devices,contain multiple vulnerabilities. All of these vulnerabilities were …
VU#982149: Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)
Intel processors may be vulnerable to one or more L1 data cache information disclosure and terminal fault attacks via a speculative …
VU#982149: Intel processors are vulnerable to level 1 terminal fault (L1TF) cache information disclosure via speculative execution side channel
Multiple Intel processors may be vulnerable to one or more L1 data cache information disclosure and terminal fault attacks via a …
VU#787952: Android apps contain multiple vulnerabilities
Android apps,including those pre-installed on some mobile devices,contain multiple vulnerabilities. All of these vulnerabilities were …
VU#641765: Linux kernel IP fragment re-assembly vulnerable to denial of service
The Linux kernel,versions 3.9+,IP implementation is vulnerable to denial of service conditions with low rates of specially modified …
VU#787952: Several Android mobile devices contain multiple vulnerabilities within OEM-pre-installed apps
Many Android mobile devices come with OEM-pre-installed apps. Some apps have been identified as having incorrect access control …
VU#857035: IKEv1 Main Mode Vulnerable to Brute Force Attacks
Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force …
VU#962459: TCP implementations vulnerable to Denial of Service
The Linux kernel versions 4.9+and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially …
CERT Analysis on IoT Botnet and DDoS Attacks
On October 21, 2016, a DDoS attack hit the DNS service provider Dyn. The company is a major DNS provider for many companies in the United …
VU#962459: Linux Kernel TCP implementation vulnerable to Denial of Service
The Linux kernel,versions 4.9+,is vulnerable to denial of service conditions with low rates of specially modified …
VU#307144: mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR
mingw-w64 produces a executable Windows files without a relocations table by default,which breaks compatibility with …
VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public …
VU#338343: strongSwan VPN charon server vulnerable to buffer underflow
strongSwan VPN's charon server prior to version 5.6.3 does not check packet length and may allow buffer underflow,resulting in denial …
VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Also known as"Variant …