Thursday, June 1, 2023
CERT

VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference...
CERT

VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Overview TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible...
CERT

VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities

Overview Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two...
CERT

VU#709991: Netatalk contains muliple error and memory managment vulnerabilities

Overview There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow...
CERT

VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management...
CERT

VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were...
CERT

VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference

Overview The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker...
CERT

VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution.

Overview Microsoft Exchange 2019 Cumulative Update 23 and earlier versions are vulnerable to a server-side request...
CERT

VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Overview Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating...
CERT

VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass

Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows...
CERT

VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal

Overview Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal...
CERT

VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations

Overview SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent...
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…