CERT – Page 39 – WindowsTechs.com

VU#790839: Objective Systems ASN1C generates code that contains a heap overflow vulnerability

Posted on July 19, 2016 by CERT

ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System’s ASN1C compiler generates C and C++code that may be vulnerable to heap overflow. Continue reading VU#790839: Objective Systems ASN1C generates code that contains a heap overflow vulnerability→

Posted on July 18, 2016 by CERT

Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle(MITM)attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. Continue reading VU#797896: CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables→

Posted on July 13, 2016 by CERT

Accela Civic Platform Citizen Access portal contains cross-site scripting and arbitrary file upload vulnerabilities. Continue reading VU#665280: Accela Civic Platform Citizen Access portal contains multiple vulnerabilities→

Posted on July 12, 2016 by CERT

libbpg is a library for the BPG graphics format. libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds,which may lead to denial of service or arbitrary code execution. Continue reading VU#123799: libbpg contains a type confusion vulnerability that leads to out of bounds write→

Posted on July 5, 2016 by CERT

The Acer Portal app for Android allows customers to connect to the Acer Cloud. The Acer Portal app,from version 3.9.3.2003 to 3.9.3.2006,does not properly validate SSL certificates when connecting to the Acer Cloud. Continue reading VU#690343: Acer Portal app for Android does not properly validate SSL certificates→

Posted on June 23, 2016 by CERT

Alertus Desktop Notification for OS X,version 2.9.30.1700 and earlier,sets insecure permissions for configuration and other files,which may enable an unprivileged attacker to disable notifications and modify content locally. Continue reading VU#302544: Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files→

Posted on June 20, 2016 by CERT

mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities,as well as a null pointer dereference. Continue reading VU#143335: mDNSResponder contains multiple memory-based vulnerabilities→

Posted on June 15, 2016 by CERT

Adobe Flash contains an unspecified vulnerability that is currently being exploited in the wild. Continue reading VU#748992: Adobe Flash memory corruption vulnerability→

Posted on June 10, 2016 by CERT

The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware. Continue reading VU#778696: Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass→

Posted on June 2, 2016 by CERT