19 September 2017: DlxSpot Hardcoded Password - Files ≈ Packet Storm DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.
19 September 2017: DlxSpot Shell Upload - Files ≈ Packet Storm DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability. Versions greater than 1.5.10 are affected.
19 September 2017: DlxSpot SQL Injection - Files ≈ Packet Storm DlxSpot Player4 LED video wall suffers from a remote SQL injection vulnerability that allows for authentication bypass. Versions greater than 1.5.10 are affected.
19 September 2017: Microsoft Edge COptionsCollectionCacheItem::GetAt Out-Of-Bounds Read - Files ≈ Packet Storm There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).
Tue, 12 Sep 2017 15:44:00 +0000: VU#240311: Multiple Bluetooth implementation vulnerabilities affect many devices - CERT Recently Published Vulnerability Notes A collection of Bluetooth implementation vulnerabilities known as"BlueBorne"has been released. These vulnerabilities collectively affect Windows,iOS,and Linux-kernel-based operating systems including Android and Tizen,and may in worst case allow an unauthenticated attacker to perform commands on the device.
Fri, 08 Sep 2017 17:52:59 +0000: VU#166743: Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities - CERT Recently Published Vulnerability Notes Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode,U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.
Tue, 25 Jul 2017 14:30:17 +0000: VU#838200: Telerik Web UI contains cryptographic weakness - CERT Recently Published Vulnerability Notes The Telerik Web UI,versions R2 2017(2017.2.503)and prior,is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys.
Thu, 20 Jul 2017 15:55:16 +0000: VU#586501: Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account - CERT Recently Published Vulnerability Notes Inmarsat Solutions offers a shipboard email client service,AmosConnect 8(AC8),which was designed to be utilized over satellite networks in a highly optimized manner. A third-party security research firm has identified two security vulnerabilities in the client software:On-board ship network access could provide visibility of user names and passwords configured on the client device. A backdoor account has been identified in the client that provides full system privileges. This vulnerability could be exploited remotely. An attacker with high skill would be able to exploit this vulnerability. AmosConnect 8 has been deemed end of life,and no longer supported. Inmarsat customers must contact Inmarsat Customer Service to obtain the replacement mail client software.
Mon, 19 Jun 2017 20:59:16 +0000: VU#489392: Acronis True Image fails to update itself securely - CERT Recently Published Vulnerability Notes Acronis True Image fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code with administrator privileges.
Thu, 15 Jun 2017 17:12:19 +0000: VU#846320: Samsung Magician fails to update itself securely - CERT Recently Published Vulnerability Notes Samsung Magician fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code with administrator privileges.
Thu, 08 Jun 2017 17:12:17 +0000: VU#251927: CalAmp LMU-3030 devices may not authenticate SMS interface - CERT Recently Published Vulnerability Notes OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device,manufactured by CalAmp,has an SMS(text message)interface. We have found multiple deployments where no password was configured for this interface by the integrator/reseller. Companies using the CalAmp hardware should be aware that they need to set a password or disable SMS. Vendors were notified and the SMS interface was disabled or password-protected by all vendors known to be affected.