Hacker News
- Pppd vulnerable to buffer overflow due to a flaw in EAP packet processing https://www.kb.cert.org/vuls/id/782301/ 2 comments
- CPU hardware vulnerable to side-channel attacks https://www.kb.cert.org/vuls/id/584653 82 comments
- Savitech USB audio drivers install a new root CA certificate https://www.kb.cert.org/vuls/id/446847 179 comments
- BSD libc contains a buffer overflow vulnerability https://www.kb.cert.org/vuls/id/548487 13 comments
- Vulnerability #319816 – npm fails to restrict the actions of malicious packages https://www.kb.cert.org/vuls/id/319816 130 comments
- Komodia Redirector installs non-unique root CA certificates and private keys http://www.kb.cert.org/vuls/id/529496 4 comments
- Samsung Printer firmware contains a backdoor administrator account http://www.kb.cert.org/vuls/id/281284 12 comments
- Privilege escalation vulnerability on 64-bit Intel CPU hardware http://www.kb.cert.org/vuls/id/649219 35 comments
- Privilege Escalation/VM-to-Host Vulnerability on Intel 64 bit CPUs http://www.kb.cert.org/vuls/id/649219 3 comments
- A vulnerability in SSL 3.0 and TLS 1.0 allows an attacker to decrypt traffic http://www.kb.cert.org/vuls/id/864643 2 comments
Lobsters
- Vulnerability Note VU#548487 - BSD libc contains a buffer overflow vulnerability https://www.kb.cert.org/vuls/id/548487 6 comments freebsd , netbsd , openbsd
- Heads up: the July 6 PrintNightmare patch does not resolve the Local Privilege Escalation attack type https://www.kb.cert.org/vuls/id/383432 13 comments sysadmin
- pppd vulnerable to buffer overflow due to a flaw in EAP packet processing [CVSS Base 9.3] https://www.kb.cert.org/vuls/id/782301/ 3 comments netsec
- Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains https://www.kb.cert.org/vuls/id/849224/ 34 comments programming
- LLVM's ARM stack protection feature can be rendered ineffective https://www.kb.cert.org/vuls/id/129209/ 3 comments netsec
- Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface https://www.kb.cert.org/vuls/id/906424 6 comments netsec
- CERT's recommended solution for Meltdown/Spectre: Replace CPU hardware https://www.kb.cert.org/vuls/id/584653 7 comments linux
- CERT: Fully removing the vulnerability requires replacing vulnerable CPU hardware https://www.kb.cert.org/vuls/id/584653 6 comments intel
- Windows 8 and later have been failing to apply ASLR. The binary is relocated, but without any entropy. The base address is the same across executions and reboots. https://www.kb.cert.org/vuls/id/817544 65 comments netsec
- Vulnerability Note VU#446847 - Savitech USB audio drivers install a new root CA certificate https://www.kb.cert.org/vuls/id/446847 6 comments netsec
- Vulnerability Note VU#867968 - Microsoft Windows SMB Tree Connect Response memory corruption vulnerability http://www.kb.cert.org/vuls/id/867968 14 comments netsec
- Netgear R7000 and R6400 routers are vulnerable to arbitrary command injection http://www.kb.cert.org/vuls/id/582384 120 comments netsec
- Vulnerability Note VU#319816 - npm fails to restrict the actions of malicious npm packages http://www.kb.cert.org/vuls/id/319816 7 comments javascript
- Vulnerability Note VU#925497: Dell System Detect installs root certificate and private key (DSDTestProvider) https://www.kb.cert.org/vuls/id/925497 3 comments netsec
- Voice over LTE implementations contain multiple vulnerabilities http://www.kb.cert.org/vuls/id/943167 19 comments netsec
- Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information http://www.kb.cert.org/vuls/id/804060 43 comments netsec
- Seagate Wireless drives contain hard coded backdoor. http://www.kb.cert.org/vuls/id/903500 28 comments sysadmin
- Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of 'root' as username and the default password. http://www.kb.cert.org/vuls/id/903500 31 comments netsec
- One more Flash 0day from HackingTeam. Works against 18.0.0.203 http://www.kb.cert.org/vuls/id/338736 42 comments netsec
- Vulnerability Note VU#852879 - Network Time Protocol daemon (ntpd) contains multiple vulnerabilities http://www.kb.cert.org/vuls/id/852879 3 comments sysadmin
- Vulnerability Note VU#852879 - Network Time Protocol daemon (ntpd) contains multiple vulnerabilities http://www.kb.cert.org/vuls/id/852879 44 comments netsec
- US-CERT Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code http://www.kb.cert.org/vuls/id/625617 10 comments java
- Java CVE-2012-4681: Disabling the Java plug-in in IE is NOT straight forward. Check out the workarounds. http://www.kb.cert.org/vuls/id/636312 27 comments netsec
- SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware http://www.kb.cert.org/vuls/id/649219 6 comments netsec
- [CERT] 64-bit operating system privilege escalation vulnerability on Intel CPU hardware http://www.kb.cert.org/vuls/id/649219 13 comments sysadmin
- STARTTLS plaintext command injection vulnerability http://www.kb.cert.org/vuls/id/555316 6 comments netsec
- Details of the root kit that got installed on my Debian Lenny boxes due to the exim remote root exploit http://www.kb.cert.org/vuls/id/682457 56 comments netsec
- Today I learned that the Dept. of Homeland Security keeps a list of the most dangerous software bugs ever found (and ... that they use Lotus Notes databases?!) http://www.kb.cert.org/vuls/bymetric 21 comments programming
- US-CERT: "Use a browser other than Internet Explorer" http://www.kb.cert.org/vuls/id/940193 6 comments technology
- Multiple DNS implementations vulnerable to cache poisoning. Get ready to patch! http://www.kb.cert.org/vuls/id/800113 4 comments programming