CERT publishes vulnerability advisories called "Vulnerability Notes." Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
Frissítve: 1 óra 16 perc
Bouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long,which can allow an attacker to crack a BKS-V1 keystore file in seconds.
VU#475445: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,allowing the attack to potentially bypass authentication to SAML service providers.
The Quagga BGP daemon bpgd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service,information disclosure,or remote code execution.
The Pulse Secure Linux client GUI fails to validate SSL certificates,which can allow an attacker to modify connection settings.
CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.
VU#144389: TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding
TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding,and may therefore be vulnerable to Bleichenbacher-style attacks.. This attack is known as a"ROBOT attack".