Author Archives: CERT

The Cobham EXPLORER 710 is a portable satellite terminal used to provide satellite telecommunications and internet access. For consistency,“device” mentioned in the following section is defined as the Cobham EXPLORER 710. The affected firmware version … Continue reading VU#719689: Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal→

Exim is a message transfer agent(MTA)that can be used on Unix-like operating systems. All versions up to and including 4.92.1 of Exim do not properly handle trailing backslash characters in the string_interpret_escape()function,which is used to process… Continue reading VU#672565: Exim fails to properly handle trailing backslashes in string_interpret_escape()→

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate Core Configurations. Bluetooth BR/EDR is used for low-power short-rang… Continue reading VU#918987: Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks→

The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections. While it generally covers expected behavior considerations,how to miti… Continue reading VU#605641: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion→

Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality that uses a machine learning algorithm(specifically,a neural network)to classify executables as malicious or benign. Security researchers isolated properties of th… Continue reading VU#489481: Cylance Antivirus Products Susceptible to Concatenation Bypass→

The process file system(/proc)in Oracle Solaris 11 and Solaris 10 provides a self/alias that refers to the current executing process’s PID subdirectory with state information about the process. Protection mechanisms for/proc in Solaris 11/10 did not pr… Continue reading VU#790507: Oracle Solaris vulnerable to arbitrary code execution via /proc/self→

The stack protection feature provided in the LLVM Arm backend is an optional mitigating feature used to protect against buffer overflows. It works by adding a cookie value between local variables and the stack frame return address. The compiler stores … Continue reading VU#129209: LLVMs Arm stack protection feature can be rendered ineffective→

CVE-2019-11477:SACK Panic(Linux>=2.6.29). A sequence of specifically crafted selective acknowledgements(SACK)may trigger an integer overflow,leading to a denial of service or possible kernel failure(panic). CVE-2019-11478:SACK Slowness(Linux Continue reading VU#905115: Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels→

In Windows a session can be locked,which presents the user with a screen that requires authentication to continue using the session. Session locking can happen over RDP in the same way that a local session can be locked. CWE-288:Authentication Bypass U… Continue reading VU#576688: Microsoft Windows RDP can bypass the Windows lock screen→

CVE-2018-5404:The Quest Kace System Management(K1000)Appliance allows an authenticated,remote attacker with least privileges(‘User Console Only’ role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information … Continue reading VU#877837: Multiple vulnerabilities in Quest Kace System Management Appliance→