all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
All InfoSec / Cybersecurity News

Source: kb.cert.org / CERT Recently Published Vulnerability Notes

https://kb.cert.org/vuls/
Follow source RSS
VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates 2 weeks ago | kb.cert.org
attributes bgp path reset +6
VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router 2 weeks, 6 days ago | kb.cert.org
access attacker authentication authentication bypass +15
VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account 4 weeks, 1 day ago | kb.cert.org
account client daemon escalation +12
VU#287122: Parsec Remote Desktop App is prone to a local elevation of privilege due to … 1 month, 1 week ago | kb.cert.org
access app check code +18
VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329 1 month, 2 weeks ago | kb.cert.org
applications attackers basic blocklisting +10
VU#947701: Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution 1 month, 2 weeks ago | kb.cert.org
application code code execution exploitation +12
VU#813349: Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation 1 month, 4 weeks ago | kb.cert.org
conditions d-link driver escalation +14
VU#653767: Perimeter81 macOS Application Multiple Vulnerabilities 2 months ago | kb.cert.org
administrative privileges application command command injection +17
VU#913565: Hard-coded credentials in Technicolor TG670 DSL gateway router 2 months, 2 weeks ago | kb.cert.org
account authentication control credentials +13
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption 6 months, 4 weeks ago | kb.cert.org
access buffer buffer overflow command +19
VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2 8 months, 1 week ago | kb.cert.org
attack authentication basic buffer +23
VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities 8 months, 1 week ago | kb.cert.org
access application authentication authentication bypass +11
VU#709991: Netatalk contains multiple error and memory management vulnerabilities 10 months, 1 week ago | kb.cert.org
error management memory netatalk +1
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations 10 months, 2 weeks ago | kb.cert.org
conditions flaws race conditions uefi
VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly 10 months, 3 weeks ago | kb.cert.org
certificates email openssl
VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference 11 months, 2 weeks ago | kb.cert.org
vulnerable
VU#730793: Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference 11 months, 2 weeks ago | kb.cert.org
kerberos vulnerable
VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution. 11 months, 3 weeks ago | kb.cert.org
code code execution exchange forgery +6
VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers 11 months, 4 weeks ago | kb.cert.org
controls headers network network security +3
VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass 1 year, 1 month ago | kb.cert.org
boot bypass party secure boot +3
VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal 1 year, 1 month ago | kb.cert.org
muhttpd path path traversal vulnerable
VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations 1 year, 3 months ago | kb.cert.org
agent key sma ssh +2
VU#473698: CVE-2022-30295 - uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID 1 year, 4 months ago | kb.cert.org
cve dns id transaction id +1
VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID 1 year, 4 months ago | kb.cert.org
dns id transaction id uclibc
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location 1 year, 4 months ago | kb.cert.org
escalation location privilege privilege escalation +1
VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value 1 year, 4 months ago | kb.cert.org
coding escalation hard privilege +2
VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding 1 year, 5 months ago | kb.cert.org
data framework spring
VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS 1 year, 7 months ago | kb.cert.org
credentials mail services sms +1
VU#229438: Mobile device monitoring services do not authenticate API requests 1 year, 7 months ago | kb.cert.org
api device mobile mobile device +3
VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM 1 year, 7 months ago | kb.cert.org
software uefi vulnerabilities
VU#119678: Samba vfs_fruit module insecurely handles extended file attributes 1 year, 7 months ago | kb.cert.org
samba
VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location 1 year, 8 months ago | kb.cert.org
agent escalation location mcafee +4
VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities 1 year, 8 months ago | kb.cert.org
labs silicon silicon labs vulnerabilities
VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass 1 year, 9 months ago | kb.cert.org
authentication bypass cloud enterprise +6
VU#930724: Apache Log4j allows insecure JNDI lookups 1 year, 9 months ago | kb.cert.org
apache apache log4j insecure jndi +1
VU#999008: Compilers permit Unicode control and homoglyph characters 1 year, 10 months ago | kb.cert.org
compilers control unicode
VU#883754: Salesforce DX command line interface (CLI) does not adequately protect sfdxurl credentials 1 year, 11 months ago | kb.cert.org
cli command credentials protect +1
VU#608209: NicheStack embedded TCP/IP has vulnerabilities 2 years, 1 month ago | kb.cert.org
embedded ip tcp vulnerabilities
VU#357312: HTTP Request Smuggling in Web Proxies 2 years, 1 month ago | kb.cert.org
http smuggling web
VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM … 2 years, 1 month ago | kb.cert.org
active directory ad attacks certificate +9
VU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass 2 years, 2 months ago | kb.cert.org
authentication bypass routers vulnerable
VU#506989: Microsoft Windows 10 gives unprivileged user access to system32\config files 2 years, 2 months ago | kb.cert.org
access files microsoft windows +1
VU#131152: Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files 2 years, 2 months ago | kb.cert.org
files microsoft print spooler windows
VU#383432: Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx() 2 years, 2 months ago | kb.cert.org
microsoft print spooler rce windows
VU#706695: Checkbox Survey insecurely deserializes ASP.NET View State data 2 years, 4 months ago | kb.cert.org
asp data .net state +1
VU#667933: Pulse Connect Secure Samba buffer overflow 2 years, 4 months ago | kb.cert.org
buffer buffer overflow overflow pulse +2
VU#799380: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue … 2 years, 4 months ago | kb.cert.org
attacks bluetooth devices disclosure +2
VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location 2 years, 5 months ago | kb.cert.org
escalation location mysql privilege +3

Nothing found.

Items published with this topic over the last 90 days.

Latest

VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates 2 weeks ago | kb.cert.org
attributes bgp path reset +6
VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router 2 weeks, 6 days ago | kb.cert.org
access attacker authentication authentication bypass +15
VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account 4 weeks, 1 day ago | kb.cert.org
account client daemon escalation +12
VU#287122: Parsec Remote Desktop App is prone to a local elevation of privilege due to … 1 month, 1 week ago | kb.cert.org
access app check code +18
VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329 1 month, 2 weeks ago | kb.cert.org
applications attackers basic blocklisting +10
VU#947701: Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution 1 month, 2 weeks ago | kb.cert.org
application code code execution exploitation +12
VU#813349: Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation 1 month, 4 weeks ago | kb.cert.org
conditions d-link driver escalation +14
VU#653767: Perimeter81 macOS Application Multiple Vulnerabilities 2 months ago | kb.cert.org
administrative privileges application command command injection +17
VU#913565: Hard-coded credentials in Technicolor TG670 DSL gateway router 2 months, 2 weeks ago | kb.cert.org
account authentication control credentials +13
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption 6 months, 4 weeks ago | kb.cert.org
access buffer buffer overflow command +19
VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2 8 months, 1 week ago | kb.cert.org
attack authentication basic buffer +23
VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities 8 months, 1 week ago | kb.cert.org
access application authentication authentication bypass +11
VU#709991: Netatalk contains multiple error and memory management vulnerabilities 10 months, 1 week ago | kb.cert.org
error management memory netatalk +1
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations 10 months, 2 weeks ago | kb.cert.org
conditions flaws race conditions uefi
VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly 10 months, 3 weeks ago | kb.cert.org
certificates email openssl
VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference 11 months, 2 weeks ago | kb.cert.org
vulnerable
VU#730793: Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference 11 months, 2 weeks ago | kb.cert.org
kerberos vulnerable
VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution. 11 months, 3 weeks ago | kb.cert.org
code code execution exchange forgery +6
VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers 11 months, 4 weeks ago | kb.cert.org
controls headers network network security +3
VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass 1 year, 1 month ago | kb.cert.org
boot bypass party secure boot +3
VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal 1 year, 1 month ago | kb.cert.org
muhttpd path path traversal vulnerable
VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations 1 year, 3 months ago | kb.cert.org
agent key sma ssh +2
VU#473698: CVE-2022-30295 - uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID 1 year, 4 months ago | kb.cert.org
cve dns id transaction id +1
VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID 1 year, 4 months ago | kb.cert.org
dns id transaction id uclibc
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location 1 year, 4 months ago | kb.cert.org
escalation location privilege privilege escalation +1
VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value 1 year, 4 months ago | kb.cert.org
coding escalation hard privilege +2
VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding 1 year, 5 months ago | kb.cert.org
data framework spring
VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS 1 year, 7 months ago | kb.cert.org
credentials mail services sms +1
VU#229438: Mobile device monitoring services do not authenticate API requests 1 year, 7 months ago | kb.cert.org
api device mobile mobile device +3
VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM 1 year, 7 months ago | kb.cert.org
software uefi vulnerabilities
VU#119678: Samba vfs_fruit module insecurely handles extended file attributes 1 year, 7 months ago | kb.cert.org
samba
VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location 1 year, 8 months ago | kb.cert.org
agent escalation location mcafee +4
VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities 1 year, 8 months ago | kb.cert.org
labs silicon silicon labs vulnerabilities
VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass 1 year, 9 months ago | kb.cert.org
authentication bypass cloud enterprise +6
VU#930724: Apache Log4j allows insecure JNDI lookups 1 year, 9 months ago | kb.cert.org
apache apache log4j insecure jndi +1
VU#999008: Compilers permit Unicode control and homoglyph characters 1 year, 10 months ago | kb.cert.org
compilers control unicode
VU#883754: Salesforce DX command line interface (CLI) does not adequately protect sfdxurl credentials 1 year, 11 months ago | kb.cert.org
cli command credentials protect +1
VU#608209: NicheStack embedded TCP/IP has vulnerabilities 2 years, 1 month ago | kb.cert.org
embedded ip tcp vulnerabilities
VU#357312: HTTP Request Smuggling in Web Proxies 2 years, 1 month ago | kb.cert.org
http smuggling web
VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM … 2 years, 1 month ago | kb.cert.org
active directory ad attacks certificate +9
VU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass 2 years, 2 months ago | kb.cert.org
authentication bypass routers vulnerable
VU#506989: Microsoft Windows 10 gives unprivileged user access to system32\config files 2 years, 2 months ago | kb.cert.org
access files microsoft windows +1
VU#131152: Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files 2 years, 2 months ago | kb.cert.org
files microsoft print spooler windows
VU#383432: Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx() 2 years, 2 months ago | kb.cert.org
microsoft print spooler rce windows
VU#706695: Checkbox Survey insecurely deserializes ASP.NET View State data 2 years, 4 months ago | kb.cert.org
asp data .net state +1
VU#667933: Pulse Connect Secure Samba buffer overflow 2 years, 4 months ago | kb.cert.org
buffer buffer overflow overflow pulse +2
VU#799380: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue … 2 years, 4 months ago | kb.cert.org
attacks bluetooth devices disclosure +2
VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location 2 years, 5 months ago | kb.cert.org
escalation location mysql privilege +3

Top (last 7 days)

Nothing found.

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Business Information Security Officer

@ Metrolink | Los Angeles, CA
View on infosec-jobs.com

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City
View on infosec-jobs.com

Security Engineer

@ ChartMogul | Remote, EU
View on infosec-jobs.com

Elastic Consultant - EMEA

@ Elasticsearch | Germany
View on infosec-jobs.com

Software Development Engineer, Security

@ Binance | Romania, Bucharest
View on infosec-jobs.com

Digital Network Exploitation Analyst III

@ Aperio Global, LLC | Fort Meade, Maryland, United States
View on infosec-jobs.com
View more jobs