Home Tags CERT


Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,allowing the attack to potentially bypass authentication to SAML service providers.
The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service,information disclosure,or remote code execution.
The Pulse Secure Linux client GUI fails to validate SSL certificates,which can allow an attacker to modify connection settings.
CPU hardware implementations are vulnerable to cache side-channel attacks.

These vulnerabilities are referred to as Meltdown and Spectre.
TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding,and may therefore be vulnerable to Bleichenbacher-style attacks..

This attack is known as aROBOT attackquot;.
Apple MacOS High Sierra fails to properly require authentication for disabled accounts,such as root account,which can allow an authenticated user to obtain root privileges.
Install Norton Security for Mac,prior to version 7.6,does not validate SSL certificates.
Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented.

This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy.

Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomize executables that do not opt in to ASLR.
Microsoft Equation Editor contains a stack buffer overflow,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property(IP),as well as the management of access rights for such IP.

The methods are flawed and,in the most egregious cases,enable attack vectors that allow recovery of the entire underlying plaintext IP.
Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key,among other impacts.
Savitech provides USB audio drivers for a number of specialized audio products.
Some versions of the Savitech driver package silently install a root CA certificate into the Windows trusted root certificate store.
The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs,which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library.

This vulnerability is often cited asROCAin the media.