Author Archives: CERT

VU#713312: DTE Energy Insight app vulnerable to information exposure

Posted on March 11, 2016 by CERT

The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers. Continue reading VU#713312: DTE Energy Insight app vulnerable to information exposure→

VU#270232: Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability

Posted on March 10, 2016 by CERT

Quagga,version 0.99.24.1 and earlier,contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution. Continue reading VU#270232: Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability→

VU#583776: Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack

Posted on March 1, 2016 by CERT

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. This is known as the"DROWN"attack in the media. Continue reading VU#583776: Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack→

VU#938151: Forwarding Loop Attacks in Content Delivery Networks may result in denial of service

Posted on February 29, 2016 by CERT

Content Delivery Networks(CDNs)may in some scenarios be manipulated into a forwarding loop,which consumes server resources and causes a denial of service(DoS)on the network. Continue reading VU#938151: Forwarding Loop Attacks in Content Delivery Networks may result in denial of service→

VU#419128: IKE/IKEv2 protocol implementations may allow network amplification attacks

Posted on February 29, 2016 by CERT

Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Continue reading VU#419128: IKE/IKEv2 protocol implementations may allow network amplification attacks→

VU#444472: QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

Posted on February 25, 2016 by CERT

The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Continue reading VU#444472: QNAP Signage Station and iArtist Lite contain multiple vulnerabilities→

VU#981271: Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol

Posted on February 24, 2016 by CERT

Wireless keyboard and mouse devices from multiple vendors use proprietary wireless protocols that are not properly secured. Continue reading VU#981271: Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol→

VU#485744: Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability

Posted on February 22, 2016 by CERT

Flexera Software FlexNet Publisher,including all versions prior to 11.13.1.2,lmgrd and custom vendor daemon servers contain a buffer overflow vulnerability that may be leveraged to gain code execution. Continue reading VU#485744: Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability→

VU#923388: Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Posted on February 17, 2016 by CERT

Swann network video recorder(NVR)devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Continue reading VU#923388: Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password→

VU#899080: Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

Posted on February 17, 2016 by CERT

Digital Video Recorders(DVRs),security cameras,and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Continue reading VU#899080: Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials→