CERT Advisories

VU#251628: AMTELCO miSecureMessages Server insecurely authenticates clients

AMTELCO miSecureMessages Server Release 6.2 performs weak authentication for access to user messages(CWE-287).

VU#667340: Fortinet FortiADC D-series contains a cross-site scripting vulnerability

Fortinet FortiADC D-series 3.2.0,and possibly earlier versions,contains a cross-site scripting vulnerability. (CWE-79)

VU#939260: ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0,and possibly earlier versions,is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable.

VU#882841: Microsoft Office file format converter memory corruption vulnerability

The Microsoft Office file format converter contains a memory corruption vulnerability,which may allow a remote,unauthenticated attacker to execute arbitrary code with the privileges of the user.

VU#720951: OpenSSL TLS heartbeat extension read overflow discloses sensitive information

OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as"heartbleed."

VU#893726: Zyxel P660 series modem/router denial of service vulnerability

Zyxel P660 series modem/router contains a denial of service vulnerability when parsing a high volume of SYN packets on the web management interface.

VU#140886: ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities

ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities.

VU#807134: WatchGuard Fireware XTM devices contain a cross-site scripting vulnerability

WatchGuard Fireware XTM 11.8.1,and possibly earlier versions,contains a cross-site scripting vulnerability.

VU#341526: Huawei E355 contains a direct request vulnerability

Huawei E355 USB WiFi adapter with firmware version:21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. (CWE-425)

VU#600724: ZTE F460/F660 cable modems contain an unauthenticated backdoor

ZTE F460/F660 cable modems contain an unauthenticated backdoor.