Recent Vulnerabilities

Syndicate content
CERT publishes vulnerability advisories called "Vulnerability Notes." Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
Updated: 1 week 4 days ago

VU#491375: Intel Active Management Technology (AMT) does not properly enforce access control

Tue, 05/02/2017 - 16:47
Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation,which may allow a remote,unauthenticated attacker to execute arbitrary code on the system.

VU#219739: Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation

Tue, 04/25/2017 - 12:01
Applications developed using the Portrait Display SDK,versions 2.30 through 2.34,default to insecure configurations which allow arbitrary code execution.

VU#676632: IBM Lotus Domino server mailbox name stack buffer overflow

Mon, 04/17/2017 - 09:38
The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name. This can allow a remote,authenticated attacker to execute arbitrary code with the privileges of the Domino server

VU#334207: DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTP

Mon, 04/10/2017 - 23:13
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point,and allows full file permissions to the anonymous user.

VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

Mon, 04/10/2017 - 10:20
Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type,which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.

VU#307983: Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

Tue, 04/04/2017 - 10:08
Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references.

VU#507496: GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed

Fri, 03/31/2017 - 10:57
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms,versions vF6 and vF2 respectively,fails to properly set the BIOSWE,BLE,SMM_BWP,and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write arbitrary code to the platform firmware,potentially allowing for persistent firmware level rootkits or the creation of a permanent denial of service condition in the platform.

VU#342303: Pandora iOS app does not properly validate SSL certificates

Tue, 03/28/2017 - 09:48
The Pandora iOS app fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

VU#600671: PCAUSA Rawether for Windows local privilege escalation

Mon, 03/20/2017 - 23:55
PCAUSA's Rawether framework does not properly validate BPF data,allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. This vulnerability may be exploited to perform local privilege escalation on Windows systems.

VU#214283: Commvault Edge contains a buffer overflow vulnerability

Thu, 03/16/2017 - 08:20
Commvault Edge,version 11 SP6(11.80.50.0),is vulnerable to a stack-based buffer overflow vulnerability.

VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Wed, 03/15/2017 - 12:08
The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page,and do not sufficiently protect administrator credentials.

VU#834067: Apache Struts 2 is vulnerable to remote code execution

Tue, 03/14/2017 - 16:12
Apache Struts,versions 2.3.5 - 2.3.31 and 2.5 - 2.5.10,is vulnerable to code injection leading to remote code execution(RCE).

VU#305448: D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

Wed, 03/08/2017 - 10:55
D-Link DIR-850L,firmware versions 1.14B07,2.07.B05,and possibly others,contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected.

VU#247016: Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

Wed, 03/08/2017 - 09:15
Flash Seats Mobile App for Android,version 1.7.9 and earlier,and for iOS,version 1.9.51 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

VU#608591: PHP FormMail Generator generates code vulnerable to multiple issues

Tue, 03/07/2017 - 10:25
PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types.

VU#355151: ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities

Tue, 03/07/2017 - 10:25
According to the reporter,ACTi devices including D,B,I,and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues.

VU#168699: dotCMS contains multiple vulnerabilities

Mon, 03/06/2017 - 08:42
The dotCMS administration panel is vulnerable to cross-site request forgery,and the"Push Publishing"feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected.

VU#742632: Sage XRT Treasury database fails to properly restrict access to authorized users

Tue, 02/28/2017 - 09:04
Sage XRT Treasury,version 3,fails to properly restrict database access to authorized users,which may enable any authenticated user to gain full access to privileged database functions.

VU#614751: Hughes satellite modems contain multiple vulnerabilities

Wed, 02/15/2017 - 11:00
Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured.

VU#745607: Accellion FTP server contains information exposure and cross-site scripting vulnerabilities

Wed, 02/08/2017 - 10:31
The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting and information exposure.