VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption
Overview
Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference …
CERT
A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.
VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
Overview
TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running …
VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities
Overview
Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain …
VU#709991: Netatalk contains multiple error and memory management vulnerabilities
Overview
There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote …
VU#709991: Netatalk contains muliple error and memory managment vulnerabilities
Overview
There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote …
VU#730793: Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference
Overview
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker …
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
Overview
Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution …
VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
Overview
Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These …
VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference
Overview
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker …
VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
Overview
Microsoft Exchange 2019 Cumulative Update 23 and earlier versions are vulnerable to a server-side …
VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers
Overview
Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and …
VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
Overview
A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass …
VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
Overview
Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted …
VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
Overview
SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An …