FAQ

US-CERT

Syndicate content
US-CERT publishes information on a wide variety of vulnerabilities. Descriptions of these vulnerabilities are available from this web page in a searchable database format, and are published as "US-CERT Vulnerability Notes". The notes are very similar to alerts, but they may have less complete information. In particular, solutions may not be available for all the vulnerabilities in this database.
Updated: 24 min 6 sec ago

VU#732115: Project Open cross-site scripting vulnerability

Fri, 03/02/2012 - 21:48
Project Open]po[version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting(XSS)vulnerability in the account-closed.tcl script
Categories: US-CERT

VU#410281: Apple Mac OS X CoreText embedded font vulnerability

Thu, 02/02/2012 - 17:41
Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Categories: US-CERT

VU#403593: Apple Mac OS X ATS data-font memory corruption vulnerability

Thu, 02/02/2012 - 17:41
Apple Mac OS X ATS contains a memory corruption vulnerability that may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Categories: US-CERT

VU#763355: 802.1X password exploit on many HTC Android devices

Wed, 01/02/2012 - 16:59
A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android.
Categories: US-CERT

VU#470151: Linux Kernel local privilege escalation via SUID /proc/pid/mem write

Fri, 27/01/2012 - 17:22
Linux kernel>=2.6.39 incorrectly handles the permissions for/proc//mem. A local,authenticated attacker could exploit this vulnerability to escalate to root privileges. Exploit code is available in the wild and there have been reports of active exploitation.
Categories: US-CERT

VU#738961: Oracle Outside In contains an exploitable vulnerability in Lotus 123 v4 parser

Wed, 18/01/2012 - 14:17
Oracle Outside In contains an exploitable vulnerability in the Lotus 123 version 4 file parser,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Categories: US-CERT

VU#659515: Wibu-Systems CodeMeter remote denial of service vulnerability

Thu, 12/01/2012 - 16:13
Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.
Categories: US-CERT

VU#903934: Hash table implementations vulnerable to algorithmic complexity attacks

Wed, 28/12/2011 - 16:22
Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks,which can be leveraged by an unauthenticated attacker to cause a denial-of-service(DoS)condition.
Categories: US-CERT

VU#723755: WiFi Protected Setup (WPS) PIN brute force vulnerability

Tue, 27/12/2011 - 22:42
The WiFi Protected Setup(WPS)PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible.
Categories: US-CERT

VU#209659: Unbound multiple denial-of-service vulnerabilities

Mon, 19/12/2011 - 19:53
A specially crafted DNS query containing signed duplicate resource records or a malformed NSEC3 signed resource record may cause Unbound to crash.
Categories: US-CERT

VU#361441: Microsoft Office Publisher contains multiple exploitable vulnerabilities

Tue, 13/12/2011 - 16:47
Microsoft Office Publisher fails to properly validate Publisher documents,which may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Categories: US-CERT

VU#158003: Power2Go buffer overflow vulnerability

Fri, 09/12/2011 - 13:30
Power2Go 8 contains a buffer overflow in the handling of project(.p2g)files,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Categories: US-CERT

VU#759307: Adobe Acrobat and Reader U3D memory corruption vulnerability

Thu, 08/12/2011 - 23:34
Adobe Reader and Acrobat fail to properly handle U3D data,which could allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Categories: US-CERT

VU#717921: Hewlett-Packard printers and scanner devices allow remote firmware updates

Thu, 08/12/2011 - 22:33
A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system.
Categories: US-CERT

VU#887409: JasPer memory corruption vulnerabilities

Thu, 08/12/2011 - 20:10
Some versions of JasPer contain multiple vulnerabilities that may allow a remote,unauthenticated attacker to execute arbitrary code.
Categories: US-CERT

VU#796883: HomeSeer HS2 web interface multiple vulnerabilities

Thu, 08/12/2011 - 16:22
HomeSeer HS2 home automation software web interface contains multiple vulnerabilities.
Categories: US-CERT

VU#713012: CA Siteminder login.fcc form xss vulnerability

Wed, 07/12/2011 - 15:03
CA Siteminder R6 SP6 CR7,R12 SP3 CR8 and possibly previous versions,are vulnerable to a reflective cross site scripting(XSS)vulnerability.
Categories: US-CERT

VU#576355: Support Incident Tracker multiple vulnerabilities

Fri, 02/12/2011 - 21:47
Support Incident Tracker(or SiT!)version 3.65,and possibly earlier versions,contain multiple vulnerabilities including; malicious file uploads,SQL injection,cross-site scripting,and cross-site request forgery.
Categories: US-CERT

VU#606539: ISC BIND 9 resolver denial of service vulnerability

Tue, 22/11/2011 - 19:27
ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c.
Categories: US-CERT

VU#584363: Zenprise Device Manager CSRF vulnerability

Fri, 18/11/2011 - 15:28
The Zenprise Device Manager software is susceptible to a cross-site request forgery(CSRF)vulnerability that may result in the compromise of the fleet of mobile devices managed by the product.
Categories: US-CERT

Calendar

M T W T F S S
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
 
 
 
 
Add to calendar