CERT – Page 23 – WindowsTechs.com

VU#289907: Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

Posted on January 4, 2019 by CERT

CWE-362:Concurrent Execution using Shared Resource with Improper Synchronization(‘Race Condition’)- CVE-2018-8611 According to Microsoft,the Windows kernel fails”to properly handle objects in memory”. A successful attacker could run arbitrary code in k… Continue reading VU#289907: Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition→

Posted on December 20, 2018 by CERT

The Microsoft Windows MsiAdvertiseProduct function allows a Windows installer product to generate a script to advertise a product to Windows,which handles shortcut and registry information associated with an installed application. The MsiAdvertiseProdu… Continue reading VU#228297: Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition→

Posted on December 20, 2018 by CERT

CWE-121:Stack-based Buffer Overflow – CVE-2018-5410 Dokan,versions between 1.0.0.5000 and 1.2.0.1000,are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrar… Continue reading VU#741315: Dokan file system driver contains a stack-based buffer overflow→

Posted on December 20, 2018 by CERT

Microsoft Internet Explorer contains a scripting engine,which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that su… Continue reading VU#573168: Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability→

Posted on December 13, 2018 by CERT

Pixar’s Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability(CWE-79)in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about t… Continue reading VU#756913: Pixar Tractor contains a stored cross-site scripting vulnerability→

Posted on November 6, 2018 by CERT

CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end user,allowin… Continue reading VU#395981: Self-encrypting hard drives do not adequately protect data→

Posted on November 5, 2018 by CERT

Cisco Adaptive Security Appliance(ASA)software and Cisco Firepower Threat Defense(FTD)software fails to properly parse SIP traffic,which can allow an attacker to trigger high CPU usage,resulting in a denial-of-service condition on affected devices. Thi… Continue reading VU#339704: Cisco ASA and FTD SIP Inspection denial-of-service vulnerability→

Posted on November 2, 2018 by CERT

CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2018-16986 – also known as BLEEDINGBIT The following Texas Instrument chips are affected: CC2640(non-R2)with BLE-STACK version 2.2.1 or an earlier version CC2650 with B… Continue reading VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update→

Posted on November 1, 2018 by CERT

Posted on November 1, 2018 by CERT

Cisco Adaptive Security Appliance(ASA)software and Cisco Firepower Threat Defense(FTD)software fails to properly parse SIP traffic,which can result in a denial-of-service condition on affected devices. Continue reading VU#339704: Cisco ASA and FTD SIP Inspection denial-of-service vulnerability→