VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
Overview
The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble …
CERT
VU#473698: CVE-2022-30295 – uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID
Overview
The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble …
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR …
VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value
Overview
Prior to version 5.14, Qt hard-codes the qt_prfxpath value to a fixed value, which may lead …
VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding
Overview
The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, …
VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS
Overview
Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS. An attacker with the ability …
VU#229438: Mobile device monitoring services do not authenticate API requests
Overview
The backend infrastructure shared by multiple mobile device monitoring services does not adequately …
VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
Overview
The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related …
VU#119678: Samba vfs_fruit module insecurely handles extended file attributes
Overview
The Samba vfs_fruit …
VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR …
VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities
Overview
Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker …
VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass
Overview
Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in …
VU#930724: Apache Log4j allows insecure JNDI lookups
Overview
Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to …
VU#999008: Compilers permit Unicode control and homoglyph characters
Overview
Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the …