VU#918987: Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks
Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection,two...
VU#605641: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion
The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections. While it generally covers expected behavior considerations,how to mitigate abnormal behavior is left to...
VU#489481: Cylance Antivirus Products Susceptible to Concatenation Bypass
Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality that uses a machine learning algorithm(specifically,a neural network)to classify executables as malicious or benign. Security researchers isolated properties of the machine learning algorithm allowing them to change...
VU#790507: Oracle Solaris vulnerable to arbitrary code execution via /proc/self
The process file system(/proc)in Oracle Solaris 11 and Solaris 10 provides a self/alias that refers to the current executing process's PID subdirectory with state information about the process. Protection mechanisms for/proc in Solaris 11/10 did not properly restrict the...
VU#129209: LLVMs Arm stack protection feature can be rendered ineffective
The Stack Protection feature provided in the LLVM Arm backend protects against buffer overflows by adding a cookie value between local variables and the stack frame return address. The compiler stores this value in memory and checks the cookie...
VU#465632: Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks
Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscriptionRequest,which can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the PushSubscriptionRequest function will...
VU#905115: Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels
CVE-2019-11477:SACK Panic(Linux>=2.6.29). A sequence of specifically crafted selective acknowledgements(SACK)may trigger an integer overflow,leading to a denial of service or possible kernel failure(panic). CVE-2019-11478:SACK Slowness(Linux
VU#871675: WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant
CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the numerous"implementation"vulnerabilities may involve modifying the protocol. WPA3 uses Simultaneous Authentication of Equals(SAE),also known as Dragonfly Key Exchange,as the initial key...
VU#576688: Microsoft windows RDP Network Level Authenticaion can bypass the Windows lock screen
Microsoft Windows Remote Desktop supports a feature called Network Level Authentication(NLA),which moves the authentication aspect of a remote session from the RDP layer to the network-layer. The use of NLA is recommended to reduce the attack surface of systems...
VU#877837: Multiple vulnerabilities in Quest (Dell) Kace K1000 Appliance
CVE-2018-5404:The Dell Kace K1000 Appliance allows an authenticated,remote attacker with least privileges('User Console Only' role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89) CVE-2018-5405:The Dell Kace K1000...
VU#119704: Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability
Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The front-end components of Task Scheduler,such as schtasks.exe,are interfaces that allow for users to view,create,and modify scheduled tasks. The back-end part of...
VU#400865: Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input
CVE-2019-1649:Secure Boot Tampering,also known as Thrangrycat The logic that handles the access controls to TAm within Cisco's Secure Boot improperly checks an area of code that manages the Field Programmable Gate Array(FPGA). The TAm is a proprietary hardware chip...
VU#169249: PrinterLogic Print Management Software fails to validate SSL certificates or the integrity of software updates.
PrinterLogic versions up to and including 18.3.1.96 are vulnerable to multiple attacks. The PrinterLogic agent,running as SYSTEM,does not validate the PrinterLogic Management Portal's SSL certificate,validate PrinterLogic update packages,or sanitize web browser input. CVE-2018-5408:The PrinterLogic Print Management software does not...
VU#192371: VPN applications insecurely store session cookies
Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CWE-311:Missing Encryption of Sensitive Data The following products and...
VU#174715: MyCar Controls uses hard-coded credentials
MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation,remote start/stop and lock/unlock capabilities to a vehicle with a compatible remote start unit. The MyCar Controls mobile application contains hard-coded admin credentials(CWE-798)which can be...
Ready or Not, Here Comes FIDO: How to Prepare for Success
Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication”
read more
Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report
Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons.
read more
The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI
Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
A botnet has been cannibalizing other hackers’ web shells for more than a year
Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.
