Alert News - Alert News  Cyber Campaigns  Operation  2019  2018  2017  2016  2015  2014 

 

Update 11.02.2019 20:03:31

Published

Public 

Updated 

VU#

CVSS 

Title

2019-10-16 2019-04-28 2019-10-16 VU#927237 8.2 Multiple vulnerabilities in Pulse Secure VPN
2019-10-09 2019-10-09 2019-10-09 VU#763073 0 iTerm2 with tmux integration is vulnerable to remote command execution
2019-10-09 2019-10-09 2019-10-09 VU#719689 0 Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

2019-09-06

2019-09-06

2019-09-06

VU#672565

5.9

Exim fails to properly handle peer DN and SNI in TLS handshakes

2019-08-14

2019-08-14

2019-08-14

VU#918987

7.8

Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

2019-08-13

2019-08-13

2019-08-13

VU#605641

0

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

2019-08-01

2019-07-18

2019-08-01

VU#489481

0

Cylance Antivirus Products Susceptible to Concatenation Bypass

2019-07-17

2019-07-16

2019-07-17

VU#790507

3.9

Oracle Solaris vulnerable to arbitrary code execution via /proc/self

2019-07-15

2019-07-15

2019-07-15

VU#129209

0

LLVMs Arm stack protection feature can be rendered ineffective

2019-06-20

2019-06-17

2019-06-20

VU#905115

5.0

Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels

2019-06-04

2019-06-04

2019-06-04

VU#576688

4.2

Microsoft windows RDP Network Level Authenticaion can bypass the Windows lock screen

2019-06-01

2019-06-01

2019-06-01

VU#877837

5.5

Multiple vulnerabilities in Quest (Dell) Kace K1000 Appliance

2019-05-22

2019-05-21

2019-05-23

VU#119704

6.4

Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability

2019-05-14

2019-05-13

2019-05-14

VU#400865

6.8

Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input

2019-05-03

2019-05-03

2019-05-03

VU#169249

7.8

PrinterLogic Print Management Software fails to validate SSL certificates or the integrity of software updates.

2019-04-17

2019-04-15

2019-04-17

VU#166939

4.0

Broadcom WiFi chipset drivers contain multiple vulnerabilities

2019-04-12

2019-04-10

2019-04-12

VU#871675

7.0

WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

2019-04-11

2019-04-10

2019-04-11

VU#192371

4.5

Multiple VPN applications insecurely store session cookies

2019-04-08

2019-04-08

2019-04-08

VU#174715

1.6

MyCar Controls uses hard-coded credentials

2019-02-05

2018-11-21

2019-02-05

VU#730261

4.6

Marvell Avastar wireless SoCs have multiple vulnerabilities

2019-01-28

2019-01-21

2019-01-28

VU#465632

7.5

Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks

2019-01-04

2018-11-12

2019-01-04

VU#531281

9.7

Microsoft Windows DNS servers are vulnerable to heap overflow

2019-01-04

2018-11-12

2019-01-04

VU#289907

5.0

Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

2018-12-20

2018-12-19

2018-12-20

VU#228297

4.3

Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition

2018-12-20

2018-12-21

2018-12-20

VU#741315

4.7

A Dokan file driver contains a stack-based buffer overflow

2018-12-19

2018-12-19

2018-12-20

VU#573168

6.2

Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

2018-12-13

2018-12-12

2018-12-13

VU#756913

3.3

Pixars Tractor contains a stored cross-site scripting vulnerability

2018-11-06

2018-11-05

2018-11-07

VU#395981

3.7

Self-Encrypting Drives Have Multiple Vulnerabilities

2018-11-01

2018-11-01

2018-11-07

VU#317277

4.6

Texas Instruments Microcontrollers CC2640 and CC2650 are vulnerable to heap overflow

2018-11-01

2018-10-31

2018-11-05

VU#339704

5.5

Cisco ASA and FTD SIP Inspection denial-of-service vulnerability

2018-10-06

2018-10-06

2018-10-16

VU#176301

0

Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

2018-09-26

2018-09-18

2018-11-08

VU#581311

5.9

TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

2018-09-05

2018-09-05

2018-10-23

VU#598349

0

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

2018-08-28

2018-08-27

2018-09-13

VU#906424

6.4

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface

2018-08-21

2018-02-21

2018-10-01

VU#332928

6.8

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

2018-08-15

2018-04-14

2018-09-10

VU#982149

5.6

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

2018-08-14

2018-08-10

2018-09-14

VU#787952

6.0

Android and iOS apps contain multiple vulnerabilities

2018-08-14

2018-08-14

2018-08-17

VU#857035

7.9

IKEv1 Main Mode vulnerable to brute force attacks

2018-08-14

2018-08-14

2018-10-12

VU#641765

6.6

Linux kernel IP fragment re-assembly vulnerable to denial of service

2018-08-06

2018-07-23

2018-09-14

VU#962459

6.4

TCP implementations vulnerable to Denial of Service

2018-08-03

2013-06-09

2018-08-03

VU#307144

0

mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

2018-07-23

2018-07-23

2018-08-17

VU#304725

5.7

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

2018-05-23

2018-05-22

2018-06-13

VU#338343

3.9

strongSwan VPN charon server vulnerable to buffer underflow

2018-05-21

2018-05-21

2018-06-19

VU#180049

3.4

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

2018-05-14

2018-05-14

2018-05-15

VU#122919

0

OpenPGP and S/MIME mail client vulnerabilities

2018-05-08

2018-05-08

2018-06-06

VU#631579

5.3

Hardware debug exception documentation may result in unexpected behavior

2018-05-03

2018-05-03

2018-05-03

VU#283803

2.7

Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")

2018-04-10

2018-04-10

2018-04-10

VU#974272

4.1

Microsoft Outlook retrieves remote OLE content without prompting

2018-03-29

2018-03-27

2018-04-24

VU#277400

5.9

Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed

2018-03-27

2018-02-07

2018-03-27

VU#184077

8.7

Navarino Infinity web interface is affected by multiple vulnerabilities.

2018-03-19

2012-03-20

2018-04-04

VU#306792

1.7

Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

2018-02-27

2018-02-27

2018-06-05

VU#475445

4.9

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

2018-02-15

2018-02-15

2018-02-19

VU#940439

7.3

Quagga bgpd is affected by multiple vulnerabilities

2018-02-01

2018-02-01

2018-02-01

VU#319904

3

Pulse Secure Linux client GUI fails to validate SSL certificates

2018-01-04

2018-01-03

2018-07-03

VU#584653

5.1

CPU hardware vulnerable to side-channel attacks

2017-12-12

2017-12-12

2018-04-09

VU#144389

4.2

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding

2017-11-29

2017-11-13

2017-11-30

VU#113765

4.6

Apple MacOS High Sierra disabled account authentication bypass

2017-11-21

2017-11-21

2017-11-21

VU#681983

1.3

Install Norton Security for Mac does not verify SSL certificates

2017-11-17

2017-11-16

2017-11-20

VU#817544

0

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard

2017-11-15

2017-11-14

2017-11-20

VU#421280

5.5

Microsoft Office Equation Editor stack buffer overflow

2017-11-03

2017-11-01

2017-11-09

VU#739007

6.2

IEEE P1735 implementations may have weak cryptographic protections

2017-11-02

2017-10-03

2017-11-06

VU#446847

5.2

Savitech USB audio drivers install a new root CA certificate

2017-10-16

2017-10-16

2017-11-08

VU#307015

6.9

Infineon RSA library does not properly generate RSA key pairs

2017-10-16

2017-10-16

2017-11-16

VU#228519

5.7

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

2017-10-12

2017-10-12

2018-01-22

VU#590639

5.5

NXP Semiconductors MQX RTOS contains multiple vulnerabilities

2017-10-02

2017-10-02

2018-02-02

VU#973527

8.7

Dnsmasq contains multiple vulnerabilities

2017-09-13

2017-09-12

2017-09-16

VU#101048

6.5

Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability

2017-09-12

2017-09-12

2017-11-08

VU#240311

6.2

Multiple Bluetooth implementation vulnerabilities affect many devices

2017-09-08

2017-09-08

2017-10-12

VU#166743

3.8

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

2017-09-06

2017-09-05

2017-09-06

VU#112992

8.3

Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

2017-08-29

2017-08-28

2017-08-31

VU#403768

1.3

Akeo Consulting Rufus fails to update itself securely

2017-08-03

2017-06-13

2017-08-09

VU#824672

 

Microsoft Windows automatically executes code specified in shortcut files

2017-07-27

2017-07-27

2017-10-18

VU#793496

3.6

Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency

2017-07-25

2017-06-26

2017-07-25

VU#838200

5.6

Telerik Web UI contains cryptographic weakness

2017-07-20

2017-07-20

2017-10-30

VU#586501

0

Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account

2017-07-18

2017-07-18

2017-07-26

VU#547255

5.9

Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow

2017-06-19

2017-06-19

2017-06-28

VU#489392

5.6

Acronis True Image fails to update itself securely

2017-06-15

2017-06-15

2017-06-15

VU#846320

4.9

Samsung Magician fails to update itself securely

2017-06-13

2017-06-13

2017-06-29

VU#768399

5.3

HPE SiteScope contains multiple vulnerabilities

2017-06-08

2017-06-08

2017-06-14

VU#251927

6.7

CalAmp LMU-3030 devices may not authenticate SMS interface

2017-06-07

2017-06-07

2017-07-24

VU#350135

6.7

Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin

2017-05-04

2017-05-04

2017-05-04

VU#556600

4.5

Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

2017-05-04

2017-05-04

2017-05-10

VU#276408

4.5

Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates

2017-05-02

2017-05-01

2017-12-21

VU#491375

5.5

Intel Active Management Technology (AMT) does not properly enforce access control

2017-04-25

2017-04-24

2017-04-25

VU#219739

1.5

Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation

2017-04-17

2017-04-14

2017-04-27

VU#676632

6.4

IBM Lotus Domino server mailbox name stack buffer overflow

2017-04-11

2017-04-11

2017-04-24

VU#334207

 

DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTP

2017-04-10

2017-04-07

2017-04-13

VU#921560

6.8

Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

2017-04-04

2017-04-04

2017-04-14

VU#307983

6.3

Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

2017-03-31

2017-03-31

2017-03-31

VU#507496

7.1

GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed

2017-03-28

2017-03-28

2017-04-13

VU#342303

5.3

Pandora iOS app does not properly validate SSL certificates

2017-03-21

2017-03-15

2017-04-21

VU#600671

4.2

PCAUSA Rawether for Windows local privilege escalation

2017-03-16

2017-03-15

2017-03-16

VU#214283

2

Commvault Edge contains a buffer overflow vulnerability

2017-03-15

2017-03-15

2017-03-24

VU#553503

6.7

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

2017-03-14

2017-03-06

2017-03-14

VU#834067

8.7

Apache Struts 2 is vulnerable to remote code execution

2017-03-08

2017-03-08

2017-03-08

VU#305448

4.9

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

2017-03-08

2017-03-08

2017-03-13

VU#247016

4.5

Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

2017-03-07

2017-03-07

2017-03-07

VU#355151

6.4

ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities

2017-03-07

2016-12-17

2017-03-07

VU#608591

5.8

PHP FormMail Generator generates code vulnerable to multiple issues

2017-03-06

2017-03-06

2017-03-07

VU#168699

4.6

dotCMS contains multiple vulnerabilities

2017-02-28

2017-02-28

2017-02-28

VU#742632

5.3

Sage XRT Treasury database fails to properly restrict access to authorized users

2017-02-15

2017-02-15

2018-02-27

VU#614751

4.7

Hughes satellite modems contain multiple vulnerabilities

2017-02-08

2017-01-31

2017-02-08

VU#745607

2.5

Accellion FTP server contains information exposure and cross-site scripting vulnerabilities

2017-02-02

2017-02-01

2017-03-17

VU#867968

7

Microsoft Windows SMB Tree Connect Response denial of service vulnerability

2017-01-31

2017-01-31

2017-04-07

VU#167623

6

SHDesigns Resident Download Manager does not authenticate firmware downloads

2017-01-27

2017-01-23

2017-01-27

VU#909240

6.8

Cisco WebEx web browser extension allows arbitrary code execution

2017-01-13

2017-01-13

2017-01-13

VU#865216

4

CodeLathe FileCloud is vulnerable to cross-site request forgery

2017-01-10

2017-01-10

2017-01-11

VU#767208

3.9

ThreatMetrix SDK for iOS fails to validate SSL certificates

2017-01-03

2017-01-03

2017-02-08

VU#475907

1.8

ShoreTel Mobility Client mobile application does not verify SSL certificates

 

20