Tom Potter

Main Menu

CERT - Vulnerabilities) United States Computer Emergency Readiness Team

CERT - Vulnerabilities) United States Computer Emergency Readiness Team
CERT publishes vulnerability advisories called "Vulnerability Notes." Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.

  1. VU#144389: TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding

    TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding,and may therefore be vulnerable to Bleichenbacher-style attacks.. This attack is known as a"ROBOT attack".

  2. VU#113765: Apple MacOS High Sierra disabled account authentication bypass

    Apple MacOS High Sierra fails to properly require authentication for disabled accounts,such as root account,which can allow an authenticated user to obtain root privileges.

  3. VU#681983: Install Norton Security for Mac does not verify SSL certificates

    Install Norton Security for Mac,prior to version 7.6,does not validate SSL certificates.

  4. VU#817544: Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard

    Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomize executables that do not opt in to ASLR.

  5. VU#421280: Microsoft Office Equation Editor stack buffer overflow

    Microsoft Equation Editor contains a stack buffer overflow,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

  6. VU#739007: IEEE P1735 implementations may have weak cryptographic protections

    The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property(IP),as well as the management of access rights for such IP. The methods are flawed and,in the most egregious cases,enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key,among other impacts.

  7. VU#446847: Savitech USB audio drivers install a new root CA certificate

    Savitech provides USB audio drivers for a number of specialized audio products. Some versions of the Savitech driver package silently install a root CA certificate into the Windows trusted root certificate store.

  8. VU#307015: Infineon RSA library does not properly generate RSA key pairs

    The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs,which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. This vulnerability is often cited as"ROCA"in the media.

  9. VU#228519: Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

    Wi-Fi Protected Access(WPA,more commonly WPA2)handshake traffic can be manipulated to induce nonce and session key reuse,resulting in key reinstallation by a wireless access point(AP)or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection,TCP connection hijacking,HTTP content injection,or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or"KRACK"attacks.

  10. VU#590639: NXP Semiconductors MQX RTOS contains multiple vulnerabilities

    The NXP Semiconductors MQX RTOS prior to version 5.1 contains a buffer overflow in the DHCP client,which may lead to memory corruption allowing an attacker to execute arbitrary code,as well as an out of bounds read in the DNS client which may lead to a denial of service.

  11. VU#973527: Dnsmasq contains multiple vulnerabilities

    Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities.

  12. VU#101048: Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability

    The Microsoft.NET framework fails to properly parse WSDL content,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

  13. VU#240311: Multiple Bluetooth implementation vulnerabilities affect many devices

    A collection of Bluetooth implementation vulnerabilities known as"BlueBorne"has been released. These vulnerabilities collectively affect Windows,iOS,and Linux-kernel-based operating systems including Android and Tizen,and may in worst case allow an unauthenticated attacker to perform commands on the device.

  14. VU#166743: Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

    Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode,U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

  15. VU#112992: Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

    Apache Struts 2 framework,versions 2.5 to 2.5.12,with REST plugin insecurely deserializes untrusted XML data. A remote,unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application.