US-CERT.gov

Feliratkozás US-CERT.gov hírcsatorna csatornájára
CERT publishes vulnerability advisories called "Vulnerability Notes." Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
Frissítve: 37 perc 30 másodperc

VU#176301: Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

szo, 10/06/2018 - 15:14
Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines.
Kategóriák: Biztonsági hírek

VU#581311: TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

sze, 09/26/2018 - 15:18
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands,as well as utilizes an outdated vulnerable version of Apache commons-collections,which may allow an attacker to implement deserialization attacks and control the EAP Controller server.
Kategóriák: Biztonsági hírek

VU#598349: Problems with automatic DNS registration and autodiscovery

sze, 09/05/2018 - 13:53
Problems with automatic DNS registration and autodiscovery. If an attacker with access to the network adds a malicious device to the network with the name 'WPAD',such an attacker may be able to utilize DNS autoregistration and autodiscovery to act as a proxy for victims on the network,resulting in a loss of confidentiality and integrity of any network activity.
Kategóriák: Biztonsági hírek

VU#906424: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface

k, 08/28/2018 - 04:23
Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call(ALPC)interface,which can allow a local user to obtain SYSTEM privileges.
Kategóriák: Biztonsági hírek

VU#332928: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

k, 08/21/2018 - 16:37
Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities,which may allow a remote,unauthenticated attacker to execute arbitrary commands on a vulnerable system.
Kategóriák: Biztonsági hírek

VU#982149: Intel processors are vulnerable to level 1 terminal fault (L1TF) cache information disclosure via speculative execution side channel

sze, 08/15/2018 - 15:10
Multiple Intel processors may be vulnerable to one or more L1 data cache information disclosure and terminal fault attacks via a speculative execution side channel. These attacks are known as L1 Terminal Fault:SGX,L1 Terminal Fault:OS/SMM,and L1 Terminal Fault:VMM.
Kategóriák: Biztonsági hírek

VU#641765: Linux kernel IP fragment re-assembly vulnerable to denial of service

sze, 08/15/2018 - 04:49
The Linux kernel,versions 3.9+,IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets.
Kategóriák: Biztonsági hírek

VU#787952: Several Android mobile devices contain multiple vulnerabilities within OEM-pre-installed apps

sze, 08/15/2018 - 01:59
Many Android mobile devices come with OEM-pre-installed apps. Some apps have been identified as having incorrect access control settings,allowing in some circumstances malicious third-party apps to exploit and bypass system permissions and settings. Additionally,some Android and iOS apps embed a hard-coded cryptographic key and/or use a weak cryptographic algorithm allows for an attacker to obtain elevated access to vulnerable mobile apps.
Kategóriák: Biztonsági hírek

VU#857035: IKEv1 Main Mode Vulnerable to Brute Force Attacks

k, 08/14/2018 - 23:40
Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.
Kategóriák: Biztonsági hírek

VU#962459: Linux Kernel TCP implementation vulnerable to Denial of Service

h, 08/06/2018 - 19:18
The Linux kernel,versions 4.9+,is vulnerable to denial of service conditions with low rates of specially modified packets.
Kategóriák: Biztonsági hírek

VU#307144: mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

p, 08/03/2018 - 14:52
mingw-w64 produces a executable Windows files without a relocations table by default,which breaks compatibility with ASLR.
Kategóriák: Biztonsági hírek

VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

h, 07/23/2018 - 16:51
Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange,which may allow a remote attacker to obtain the encryption key used by the device.
Kategóriák: Biztonsági hírek