CERT – Page 27 – WindowsTechs.com

VU#974272: Microsoft Outlook retrieves remote OLE content without prompting

Posted on April 10, 2018 by CERT

When a Rich Text(RTF)email is previewed in Microsoft Outlook,remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user’s password hash,which may be cracked by an attacker. Continue reading VU#974272: Microsoft Outlook retrieves remote OLE content without prompting→

Posted on March 29, 2018 by CERT

When the Microsoft update for meltdown is installed on a Windows 7 x64 or Windows Server 2008 R2 x64 system,an unprivileged process may be able to read and write the entire memory space available to the Windows kernel. Continue reading VU#277400: Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed→

Posted on March 27, 2018 by CERT

Posted on March 19, 2018 by CERT

Bouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long,which can allow an attacker to compromise the integrity of a BKS-V1 keystore. Continue reading VU#306792: Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions→

Posted on February 27, 2018 by CERT

Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,allowing the attack to potentially bypass authentication to SAML service providers. Continue reading VU#475445: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal→

Posted on February 15, 2018 by CERT

The Quagga BGP daemon bpgd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service,information disclosure,or remote code execution. Continue reading VU#940439: Quagga bpgd is affected by multiple vulnerabilities→

Posted on February 15, 2018 by CERT

The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service,information disclosure,or remote code execution. Continue reading VU#940439: Quagga bgpd is affected by multiple vulnerabilities→

Posted on February 1, 2018 by CERT

The Pulse Secure Linux client GUI fails to validate SSL certificates,which can allow an attacker to modify connection settings. Continue reading VU#319904: Pulse Secure Linux client GUI fails to validate SSL certificates→

Posted on January 4, 2018 by CERT

CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre. Continue reading VU#584653: CPU hardware vulnerable to side-channel attacks→

Posted on December 12, 2017 by CERT

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding,and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a"ROBOT attack". Continue reading VU#144389: TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding→