VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
Overview
Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted …
CERT
A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.
VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
Overview
SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An …
VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
Overview
The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble …
VU#473698: CVE-2022-30295 – uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID
Overview
The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble …
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR …
VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value
Overview
Prior to version 5.14, Qt hard-codes the qt_prfxpath value to a fixed value, which may lead …
VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding
Overview
The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, …
VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS
Overview
Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS. An attacker with the ability …
VU#229438: Mobile device monitoring services do not authenticate API requests
Overview
The backend infrastructure shared by multiple mobile device monitoring services does not adequately …
VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
Overview
The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related …
VU#119678: Samba vfs_fruit module insecurely handles extended file attributes
Overview
The Samba vfs_fruit …
VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR …
VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities
Overview
Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker …
VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass
Overview
Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in …