VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference on 07/10/2022 at 7:25 pm
Overview The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. Description A flawed logical condition allows a malicious actor to remotely trigger a NULL pointer dereference using a crafted negTokenInit […]
VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution. on 03/10/2022 at 9:59 pm
Overview Microsoft Exchange Server 2019, Exchange Server 2016 and Exchange Server 2013 are vulnerable to a server-side request forgery (SSRF) attack and remote code execution. An authenticated attacker can use the combination of these two vulnerabilities to elevate privileges and execute arbitrary code on the target Exchange server. Description Microsoft Exchange Server’s Autodiscover service is […]
VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers on 27/09/2022 at 4:13 pm
Overview Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network. Description This vulnerability exists within Ethernet […]
VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass on 11/08/2022 at 7:04 pm
Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process. Description UEFI firmware is software written by vendors in the UEFI […]
VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal on 04/08/2022 at 6:22 pm
Overview Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device. Description The muhttpd, hosted at SourceForge as an opensource project, is a lightweight […]