Vulnerability Updates
National Cyber Awareness System's Weekly Bulletins For The Month
- VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2:
Overview
TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two …
- VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities:
Overview
Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two vulnerabilities. The first is an authentication bypass …
- VU#709991: Netatalk contains multiple error and memory management vulnerabilities:
Overview
There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote Code Execution as well as Out-of-bounds Read.
- VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations:
Overview
Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an attacker who gains …
- VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly:
Overview
Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the …
National Vulnerability Database
- CVE-2022-43763: Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
- CVE-2022-43765: B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an …
- CVE-2022-43764: Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service …
- CVE-2022-43762: Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
- CVE-2022-43761: Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.
Packet Storm’s Apple Vulnerability List
- Apple Security Advisory 2023-01-24-1: Apple Security Advisory 2023-01-24-1 – tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
- Apple Security Advisory 2023-01-23-8: Apple Security Advisory 2023-01-23-8 – Safari 16.3 addresses code execution vulnerabilities.
- Apple Security Advisory 2023-01-23-7: Apple Security Advisory 2023-01-23-7 – watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.
- Apple Security Advisory 2023-01-23-6: Apple Security Advisory 2023-01-23-6 – macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.
- Apple Security Advisory 2023-01-23-5: Apple Security Advisory 2023-01-23-5 – macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.
Packet Storm’s Windows Vulnerability List
- Windows Kernel Registry Virtualization Memory Corruption: Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
- Red Hat Security Advisory 2022-9096-01: Red Hat Security Advisory 2022-9096-01 – Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed …
- Razer Synapse 3.7.0731.072516 Local Privilege Escalation: Razer Synapse version 3.7.0731.072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability.
- Red Hat Security Advisory 2023-0354-01: Red Hat Security Advisory 2023-0354-01 – The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of …
- Red Hat Security Advisory 2023-0352-01: Red Hat Security Advisory 2023-0352-01 – The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of …
Vulnerability News Resources
- National Cyber Awareness System (US-CERT)
- Vulnerability Notes Database (Software Engineering Institute)
- Common Vulnerabilities and Exposures – CVE (MITRE Corp.)
- CVE Details Vulnerabilities Database
- Symantec Vulnerabilities List
- Security Focus Vulnerabilities List (Symantec Corp.)
- McAfee Threat Activity List
- Trend Micro Vulnerabilities List
- Microsoft Security Bulletin
- Packet Storm’s RSS Feeds
- Offensive Security Exploit Database Archive