CERT publishes vulnerability advisories called "Vulnerability Notes." Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination a
2k followers 0 articles/week
VU#138043: A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server

Overview A stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework (ASF) that can lead to remote code execution. Description An implementation of DHCP in ASF fails input validation, thereby creating conditions for a stack-based overflow. The software is no...

Thu Sep 19, 2024 15:00
VU#455367: Insecure Platform Key (PK) used in UEFI system firmware signature

Overview A vulnerability in the user of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms like Secure Boot, compromising the trust between the platform owner and firmware and enabling manipulation...

Fri Aug 30, 2024 16:59
VU#244112: Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement

Overview Multiple hosted, outbound SMTP servers are vulnerable to email impersonation. This allows authenticated users and certain trusted networks to send emails containing spoofed sender information. Two vulnerabilities were identified that reduce the authentication and verification of the sender, provided by...

Tue Jul 30, 2024 19:42
VU#312260: Use-after-free vulnerability in lighttpd version 1.4.50 and earlier

Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access sensitive data. This...

Tue Jul 9, 2024 17:56
VU#456537: RADIUS protocol susceptible to forgery attacks.

Overview A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced. This vulnerability results from a cryptographically insecure integrity check when validating authentication responses...

Tue Jul 9, 2024 15:13
VU#163057: BMC software fails to validate IPMI session.

Overview The Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network (with IPMI enabled) can abuse the lack of session integrity to hijack sessions...

Tue Apr 30, 2024 21:49

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account