VU#709991: Netatalk contains multiple error and memory management vulnerabilities
Overview
There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote …
CERT
A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.
VU#709991: Netatalk contains muliple error and memory managment vulnerabilities
Overview
There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote …
VU#730793: Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference
Overview
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker …
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
Overview
Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution …
VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
Overview
Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These …
VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference
Overview
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker …
VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
Overview
Microsoft Exchange 2019 Cumulative Update 23 and earlier versions are vulnerable to a server-side …
VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers
Overview
Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and …
VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
Overview
A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass …
VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
Overview
Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted …
VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
Overview
SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An …
VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
Overview
The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble …
VU#473698: CVE-2022-30295 – uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID
Overview
The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble …
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR …