Tag: CERT
VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates
Overview
Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a...
VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router
Overview
An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by...
VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account
Overview
Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon...
VU#287122: Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process
Overview
Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed...
VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329
Overview
urllib.parse is a very basic and widely used basic URL parsing function in various applications.
Description
An...
VU#947701: Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution
Overview
Freewill Solutions IFIS new trading web application version 20.01.01.04 is vulnerable to unauthenticated remote code...
VU#813349: Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation
Overview
The software driver for D-Link DWA-117 AC600 MU-MIMO Wi-Fi USB Adapter contains a unquoted service...
VU#653767: Perimeter81 macOS Application Multiple Vulnerabilities
Overview
A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary...
VU#913565: Hard-coded credentials in Technicolor TG670 DSL gateway router
Overview
The Technicolor TG670 Router DSL Gateway Router includes a hard-coded service account that allows for...
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption
Overview
Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference...
VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
Overview
TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible...
VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities
Overview
Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two...
VU#709991: Netatalk contains muliple error and memory managment vulnerabilities
Overview
There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow...
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
Overview
Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management...
VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
Overview
Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were...
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
T-mobile exposes some customer data – but don’t call it a breach
PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...
