Author Archives: CERT

The Microsoft Windows CryptoAPI,which is provided by Crypt32.dll,fails to validate ECC certificates in a way that properly leverages the protections that ECC cryptography should provide. As a result,an attacker may be able to craft a certificate that a… Continue reading VU#849224: Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains→

CDNs use HTTP caching software to provide high availability and high performance by distributing the service spatially relative to end-users. The HTTP caching software interprets the HTTP request from a website visitor(web client)using the supplied HTT… Continue reading VU#335217: Multiple caching service providers are vulnerable to HTTP cache poisoning→

Microsoft Windows Remote Desktop Gateway(RD Gateway)is a Windows Server component that provides access to Remote Desktop services without requiring the client system to be present on the same network as the target system. Originally launched as Termina… Continue reading VU#491944: Microsoft Windows Remote Desktop Gateway allows for unauthenticated remote code execution→

Citrix has published a security bulletin that mentions a vulnerability that can be exploited to achieve arbitrary code execution by a remote,unauthenticated attacker. Although the bulletin does not describe details about the vulnerability,the mitigatio… Continue reading VU#619785: Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP web server vulnerability→

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. SecureROM,which is located within the processor,contains the first code executed by the p… Continue reading VU#941987: Apple devices vulnerable to arbitrary code execution in SecureROM→

Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community(IC)security marking requirements. AMHS versions prior to version 4.1.5.5 contain multiple XSS vulnerabilities and also fail to properly restrict access to informati… Continue reading VU#873161: Telos Automated Message Handling System contains multiple vulnerabilities→

XLM macros Up to and including Microsoft Excel 4.0,a macro format called XLM was available. XLM macros predate the VBA macros that are more common with modern Microsoft Office systems,however current Microsoft Office versions still support XLM macros. … Continue reading VU#125336: Microsoft Office for Mac cannot properly disable XLM macros→

Several D-Link routers contain CGI capability that is exposed to users as/apply_sec.cgi,and dispatched on the device by the binary/www/cgi/ssi. This CGI code contains two flaws: The/apply_sec.cgi code is exposed to unauthenticated users. The ping_ipadd… Continue reading VU#766427: Multiple D-Link routers vulnerable to remote command execution→

Pulse Secure released an out-of-cycle advisory along with software patches for the various affected products on April 24,2019. This addressed a number of vulnerabilities including a Remote Code Execution(RCE)vulnerability with pre-authentication access… Continue reading VU#927237: Pulse Secure VPN contains multiple vulnerabilities→

iTerm2 is a popular terminal emulator for macOS that supports terminal multiplexing using tmux integration and is frequently used by developers and system administrators. A vulnerability,identified as CVE-2019-9535,exists in the way that iTerm2 integra… Continue reading VU#763073: iTerm2 with tmux integration is vulnerable to remote command execution→