VU#119704: Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability
Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The front-end components of Task …
CERT
VU#400865: Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input
CVE-2019-1649:Secure Boot Tampering,also known as Thrangrycat The logic that handles the access controls to TAm within Cisco’s Secure Boot …
VU#169249: PrinterLogic Print Management Software fails to validate SSL certificates or the integrity of software updates.
PrinterLogic versions up to and including 18.3.1.96 are vulnerable to multiple attacks. The PrinterLogic agent,running as SYSTEM,does not …
VU#166939: Broadcom WiFi chipset drivers contain multiple vulnerabilities
Vulnerabilities in the open source brcmfmac driver: CVE-2019-9503:If the brcmfmac driver receives a firmware event frame from a remote …
Security weakness in popular VPN clients
Numerous enterprise VPN clients could be vulnerable to a potentially serious security weakness that could be used to spoof access by …
VU#192371: VPN applications insecurely store session cookies
Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications …
VU#871675: WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant
CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the …
VU#871675: Multiple vulnerabilities identified in WPA3 protocol design and implementations of hostapd and wpa_supplicant components
CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the …
US CERT Warns of N. Korean ‘Hoplight’ Trojan
The U.S. Computer Emergency Readiness Team has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to …
VU#192371: Multiple VPN applications insecurely store session cookies
Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications …
VU#174715: MyCar Controls uses hard-coded credentials
MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation,remote …
VU#465632: Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks
Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscriptionRequest,which …