Monday, January 24, 2022
CERT

VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable...
CERT

VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities

Overview Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use...
CERT

VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass

Overview Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password...
CERT

VU#930724: Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute...
CERT

VU#999008: Compilers permit Unicode control and homoglyph characters

Overview Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers...
CERT

VU#883754: Salesforce DX Command Line Interface (CLI)

Overview The default security configuration in Salesforce allows an authenticated user with the Salesforce-CLI to create...
CERT

VU#608209: NicheStack embedded TCP/IP has vulnerabilities

Overview HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to...
CERT

VU#357312: HTTP Request Smuggling in Web Proxies

Overview HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver...
CERT

VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks

Overview Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a...
CERT

VU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass

Overview A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based...
CERT

VU#506989: Microsoft Windows 10 gives unprivileged user access to SAM, SYSTEM, and SECURITY files

Overview Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and...
CERT

VU#131152: Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files

Overview Microsoft Windows allows for non-admin users to be able to install printer drivers via Point...
CERT

VU#383432: Microsoft Windows Print Spooler RpcAddPrinterDriverEx() function allows for RCE

Overview The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which...
CERT

VU#706695: Checkbox Survey insecurely deserializes ASP.NET View State data

Overview Checkbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow...
CERT

VU#667933: Pulse Connect Secure Samba buffer overflow

Overview Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may...

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
SecurityWeek

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more
Security Affairs

A flaw in Rust Programming language could allow to delete files and directories

The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...
TechRepublic

Personal identifying information for 1.5 billion users was stolen in 2021, but from where?

Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.