Security Advisories

  • 2011-0032: Multiple vulnerabilities on Mozilla Firefox / Thunderbird / SeaMonkey

    Wednesday, December 21, 2011 09:28:00 PM CET

    Multiple vulnerabilities have been found in Mozilla Firefox / Thunderbird. A fix is available.

  • 2011-0031: Multiple vulnerabilities on JBoss Enterprise Portal Platform

    Wednesday, December 21, 2011 09:24:00 PM CET

    Multiple vulnerabilities have been found in JBoss Enterprise Portal Platform. A patch is available.

  • 2011-0030: RSA SecurID Software Token DLL Loading Arbitrary Code Execution

    Wednesday, December 21, 2011 09:21:00 PM CET

    RSA SecurID Software Token is prone to a vulnerability that lets attackers execute arbitrary code. This vulnerability may be exploited to load arbitrary libraries by tricking a user into opening a Software Token file located on a compromised or malicious share.

  • 2011-0028: Mozilla Firefox/Thunderbird/SeaMonkey information disclosure vulnerability

    Wednesday, December 14, 2011 11:29:00 AM CET

    Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 are prone to an information disclosure vulnerability, exploitable by a remote attacker to obtain information from the browser history.[1] Updated versions are available.[3]

  • 2011-0027: Unspecified vulnerability in Adobe Flash Player 11.1.102.55

    Wednesday, December 14, 2011 11:27:00 AM CET

    Adobe Flash Player 11.1.102.55 on Windows and Mac OS X is prone to remote attacks by execution of arbitrary code via a crafted SWF file.

  • 2011-0025: JBoss Application Server Administrative Console Cross-Site Scripting

    Monday, December 05, 2011 05:48:00 PM CET

    JBoss Application Server console is prone to a cross-site scripting vulnerability while handling DOM objects; fixes are available.

  • 2011-0024: JBoss AS Administration Cross Site Request Forgery Vulnerability

    Monday, December 05, 2011 05:47:00 PM CET

    JBoss AS is prone to a cross-site request-forgery vulnerability; fixes are available.

  • 2011-0023: HP Printers and Digital Senders Remote Security Bypass Vulnerability

    Friday, December 02, 2011 03:22:00 PM CET

    HP Printers and Digital Senders are prone to a security-bypass vulnerability leading to the installation of a malicious firmware

  • 2011-0022: Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability

    Friday, November 25, 2011 02:42:00 PM CET

    Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability Apache HTTP Server is prone to a security-bypass vulnerability.

  • 2011-0021: Multiple Linux Kernel Vulnerabilities

    Friday, November 25, 2011 02:41:00 PM CET

    Linux kernel is prone to multiple 'hardlink' stack-based buffer-overflow vulnerabilities and multiple integer-overflow vulnerabilities because of a failure to properly bounds check user-supplied input. Specifically, hardlink fails to properly handle deeply nested directories.

  • 2011-0020: IBM Lotus Mobile Connect - Cross Site Scripting Vulnerability 9

    Wednesday, November 23, 2011 05:58:00 PM CET

    IBM Lotus Mobile Connect is prone to a cross-site scripting vulnerability. Fixes are available. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

  • 2011-0019: Linux Kernel - Remote Denial of Service Vulnerability

    Wednesday, November 23, 2011 05:57:00 PM CET

    The Linux kernel is prone to a remote denial-of-service vulnerability. Specifically, this issue occurs when using certain network drivers for handling VLAN 0 frames with the priority tag set. Attackers can remotely exploit this issue by sending specially crafted packets to the affected computer. An attacker can exploit this issue to cause the kernel to crash, denying service to legitimate users.

  • 2011-0018: Linux Kernel - Remote Denial of Service Vulnerability

    Wednesday, November 23, 2011 05:56:00 PM CET

    The Linux kernel is prone to a remote denial-of-service vulnerability. To exploit this issue, attackers can use readily available network utilities.

  • 2011-0017: Microsoft Windows Kernel Remote Code Execution Vulnerability

    Wednesday, November 23, 2011 05:55:00 PM CET

    Microsoft Windows is prone to a remote code-execution vulnerability. A commercial exploit is available for CORE IMPACT; urgency raised.

  • 2011-0016: Oracle Java Remote Java Runtime Environment

    Wednesday, November 23, 2011 05:41:00 PM CET

    Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. A commercial exploit is available through VUPEN Security; urgency raised.

  • 2011-0015: ISC BIND 9 Recursive Queries Remote DoS

    Wednesday, November 23, 2011 05:37:00 PM CET

    ISC BIND is prone to a remote denial-of-service vulnerability

  • 2011-0014: Adobe Acrobat and Reader - Multiple Vulnarabilities

    Wednesday, November 23, 2011 05:34:00 PM CET

    Critical vulnerabilities have been identified in Adobe Acrobat and Reader.

  • 2011-0013: Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability

    Wednesday, November 23, 2011 05:10:00 PM CET

    Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0013)

  • 2011-0012: Adobe Flash Player - Multiple Vulnerabilities

    Friday, November 11, 2011 06:09:00 PM CET

    Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. [1]

  • 2011-0011: Mozilla Firefox and Thunderbird 'loadSubScript()' Security Bypass

    Friday, November 11, 2011 06:01:00 PM CET

    Mozilla Firefox and Thunderbird are prone to a security-bypass vulnerability [1]. This issue occurs because installed add-ons fail to properly use 'XPCNativeWrappers' in the 'loadSubScript()' function.

  • 2011-0010: Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability

    Thursday, November 10, 2011 04:04:00 PM CET

    Mozilla Firefox and Thunderbird are prone to an HTML-injection vulnerability CVE-2011-3648(Candidate) Exploits are available. Fixes are available.

  • 2011-0009: Multiple vulnerabilities on Adobe Shockwave Player

    Wednesday, November 09, 2011 04:59:00 PM CET

    Adobe Shockwave Player is prone to several memory corruption vulnerabilities [1] leading to arbitrary code execution.

  • 2011-0008: Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability

    Wednesday, November 09, 2011 04:58:00 PM CET

    Oracle is prone to a buffer-overflow discovered in 2007 which remains unpatched [1][2]. An exploit code has become available [3] which raises the criticality of the advisory.

  • 2011-0007: Potential DoS threat against SSL/TLS servers

    Wednesday, November 09, 2011 04:54:00 PM CET

    A hacker group has released a tool [1] that can perform denial of service attacks against SSL based servers. The released tool exploits a flaw in the SSL secure renegotiation feature. The attack requires very low resources at the client side, a single PC with a DSL connection might be enough to take all resources of an average SSL server. It will require more resources (about 20 laptops) to take the resources of larger server farms. This makes the threat more important than standard DoS attempts through resource exhaustion.

  • 2011-0006: Vulnerability on Apache HTTP server with mod_proxy exposes internal networks

    Wednesday, October 12, 2011 08:55:00 AM CEST

    A vulnerability [1] has been released on the Apache HTTP server in reverse-proxy mode. The vulnerability impacts httpd 1.3 all versions and httpd 2.x all versions using the mod_proxy with certain configuration of RewriteRule or ProxyPassMatch. See [1] https://seclists.org/fulldisclosure/2011/Oct/232 for further details.

  • 2011-0005: Background information about the recent "BEAST attack on SSL / TLS"

    Thursday, September 29, 2011 04:59:00 PM CEST

    Two security researchers demonstrated[1] an attack against encrypted SSL and TLS "cookies", which sometimes store credentials (for example, Google or Facebook) to keep a user logged in. The attack received a lot of media attention. This advisory aims at explaining what a potential attacker would need to do for a successful attack, and what can/must be done to mitigate it. Click for further details.

  • 2011-0004: Adobe emergency patch for multiple Flash Player vulnerabilities

    Thursday, September 29, 2011 04:57:00 PM CEST

    Adobe announced[1] the availability of a patch for multiple critical vulnerabilities found in Flash Player. Click for further details.

  • 2011-0003: Oracle emergency patch for Apache HTTPD DoS vulnerability

    Thursday, September 29, 2011 04:56:00 PM CEST

    Oracle announced[1] the availability of a patch for a denial of service vulnerability in Apache HTTPD. Click for further details.

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.