VU#400865: Cisco Trust Anchor module (TAm) improperly checks code and Cisco...
CVE-2019-1649:Secure Boot Tampering,also known as Thrangrycat The logic that handles Cisco's Secure Boot improperly checks an area of code that manages the Field Programmable Gate Array(FPGA). The...
View ArticleVU#119704: Microsoft Windows Task Scheduler SetJobFileSecurityByName...
Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The front-end components of Task Scheduler,such as schtasks.exe,are interfaces that allow for...
View ArticleVU#877837: Multiple vulnerabilities in Quest Kace System Management Appliance
CVE-2018-5404:The Quest Kace System Management(K1000)Appliance allows an authenticated,remote attacker with least privileges('User Console Only' role)to potentially exploit multiple Blind SQL Injection...
View ArticleVU#576688: Microsoft Windows RDP can bypass the Windows lock screen
In Windows a session can be locked,which presents the user with a screen that requires authentication to continue using the session. Session locking can happen over RDP in the same way that a local...
View ArticleVU#905115: Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment...
CVE-2019-11477:SACK Panic(Linux>=2.6.29). A sequence of specifically crafted selective acknowledgements(SACK)may trigger an integer overflow,leading to a denial of service or possible kernel...
View ArticleVU#129209: LLVMs Arm stack protection feature can be rendered ineffective
The stack protection feature provided in the LLVM Arm backend is an optional mitigating feature used to protect against buffer overflows. It works by adding a cookie value between local variables and...
View ArticleVU#790507: Oracle Solaris vulnerable to arbitrary code execution via /proc/self
The process file system(/proc)in Oracle Solaris 11 and Solaris 10 provides a self/alias that refers to the current executing process's PID subdirectory with state information about the process....
View ArticleVU#489481: Cylance Antivirus Products Susceptible to Concatenation Bypass
Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality that uses a machine learning algorithm(specifically,a neural network)to classify executables as malicious or...
View ArticleVU#605641: HTTP/2 implementations do not robustly handle abnormal traffic and...
The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections. While it generally...
View ArticleVU#918987: Bluetooth BR/EDR supported devices are vulnerable to key...
Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate Core...
View ArticleVU#672565: Exim fails to properly handle trailing backslashes in...
Exim is a message transfer agent(MTA)that can be used on Unix-like operating systems. All versions up to and including 4.92.1 of Exim do not properly handle trailing backslash characters in the...
View ArticleVU#719689: Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom...
The Cobham EXPLORER 710 is a portable satellite terminal used to provide satellite telecommunications and internet access. For consistency,“device” mentioned in the following section is defined as the...
View ArticleVU#763073: iTerm2 with tmux integration is vulnerable to remote command...
iTerm2 is a popular terminal emulator for macOS that supports terminal multiplexing using tmux integration and is frequently used by developers and system administrators. A vulnerability,identified as...
View ArticleVU#927237: Pulse Secure VPN contains multiple vulnerabilities
Pulse Secure released an out-of-cycle advisory along with software patches for the various affected products on April 24,2019. This addressed a number of vulnerabilities including a Remote Code...
View ArticleVU#766427: Multiple D-Link routers vulnerable to remote command execution
Several D-Link routers contain CGI capability that is exposed to users as/apply_sec.cgi,and dispatched on the device by the binary/www/cgi/ssi. This CGI code contains two flaws: The/apply_sec.cgi code...
View ArticleVU#125336: Microsoft Office for Mac cannot properly disable XLM macros
XLM macros Up to and including Microsoft Excel 4.0,a macro format called XLM was available. XLM macros predate the VBA macros that are more common with modern Microsoft Office systems,however current...
View ArticleVU#941987: Apple devices vulnerable to arbitrary code execution in SecureROM
A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. SecureROM,which is located within the...
View ArticleVU#873161: Telos Automated Message Handling System contains multiple...
Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community(IC)security marking requirements. AMHS versions prior to version 4.1.5.5 contain multiple XSS vulnerabilities and...
View ArticleVU#619785: Citrix Application Delivery Controller and Citrix Gateway web...
Citrix has published a security bulletin that mentions a vulnerability that can be exploited to achieve arbitrary code execution by a remote,unauthenticated attacker. Although the bulletin does not...
View ArticleVU#849224: Microsoft Windows CryptoAPI fails to properly validate ECC...
The Microsoft Windows CryptoAPI,which is provided by Crypt32.dll,fails to validate ECC certificates in a way that properly leverages the protections that ECC cryptography should provide. As a result,an...
View Article