Security Advisories

  • 2012-0147: JBoss Enterprise BRMS Platform 5.3.1 update

    Wednesday, December 19, 2012 04:51:00 PM CET

    JBoss Enterprise BRMS Platform 5.3.1, which fixes one security issue, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal.

  • 2012-0145: JBoss Enterprise BRMS Platform 5.3.0 security update

    Monday, December 17, 2012 09:36:00 AM CET

    An update for JBoss Enterprise BRMS Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal.

  • 2012-0144: VMware View Server directory traversal

    Monday, December 17, 2012 09:34:00 AM CET

    VMware View releases address a critical directory traversal vulnerability in the View Connection Server and View Security Server.

  • 2012-0143: Adobe Hotfix available for ColdFusion 10 and earlier

    Friday, December 14, 2012 09:59:00 AM CET

    Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using the instructions provided below.

  • 2012-0142: Security Updates Available for Adobe Flash Player

    Friday, December 14, 2012 09:40:00 AM CET

    Adobe has released security updates for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  • 2012-0141: Microsoft Security Updates

    Friday, December 14, 2012 09:38:00 AM CET

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 12 December 2012.

  • 2012-0140: Microsoft Security Updates - Advance Notification

    Monday, December 10, 2012 11:52:00 AM CET

    CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on December 11, 2012.

  • 2012-0139: Denial of Service on Bind BIND nameservers using DNS64

    Thursday, December 06, 2012 10:14:00 AM CET

    A nameserver can be crashed with a require assertion failure if a client sends a crafted query which can be resulted in a DoS.

  • 2012-0138: Samsung and some Dell printers, Remote Disclosure of Information.

    Thursday, December 06, 2012 10:06:00 AM CET

    Samsung printers and some Dell printers manufactured for Samsung contain and snmp account that could be used to get privileged access to the devices.

  • 2012-0137: PHP 5.4.9 and PHP 5.3.19 released, multiple vulnerabilities fixed

    Friday, November 23, 2012 02:18:00 PM CET

    The PHP development team announces the immediate availability of PHP 5.4.9 and PHP 5.3.19. These releases fix over 15 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.9, or at least 5.3.19.

  • 2012-0136: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

    Thursday, November 22, 2012 02:10:00 PM CET

    Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. CVE-2012-5424 CVSS Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

  • 2012-0135: Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities

    Thursday, November 22, 2012 02:09:00 PM CET

    Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition. CVSS Base Score: 9.7 (AV:N/AC:L/Au:N/C:C/I:C/A:P) [4]

  • 2012-0134: Multiple vulnerabilities in Mozilla products

    Thursday, November 22, 2012 02:08:00 PM CET

    Several vulnerabilities have been detected in Mozilla products. Some of the ones reported below might already have been covered by previous CERT-EU advisories, but are mentioned for the sake of completeness. CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-4210, CVE-2012-4209, CVE-2012-5837, CVE-2012-4207, CVE-2012-5841, CVE-2012-4208, CVE-2012-4206, CVE-2012-4205, CVE-2012-4204, CVE-2012-4203, CVE-2012-5836, CVE-2012-4201, CVE-2012-4202, CVE-2012-5843, CVE-2012-5842

  • 2012-0133: Apache Tomcat Denial of Service & DIGEST authentication weaknesses

    Thursday, November 22, 2012 02:06:00 PM CET

    The Apache Tomcat security team issued new releases for Apache Tomcat to fix two security issues: Denial of Service for Tomcat 6.x and DIGEST authentication weaknesses for Tomcat 7.x and 5.5.x. CVE numbers: CVE-2012-2733, CVE-2012-3439

  • 2012-0132: HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information

    Tuesday, November 20, 2012 04:41:00 PM CET

    A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could be remotely exploited resulting in a disclosure of information. CVE number: CVE-2012-3271 CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

  • 2012-0131: Hotfix available for ColdFusion 10 for Windows

    Tuesday, November 20, 2012 04:39:00 PM CET

    Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below. CVE number: CVE-2012-5674

  • 2012-0130: Security Updates Available for Adobe Flash Player

    Monday, November 19, 2012 02:52:00 PM CET

    Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. These updates address critical vulnerabilities in the software. CVE numbers: CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280

  • 2012-0129: VMware security updates for vSphere API and ESX Service Console

    Monday, November 19, 2012 02:51:00 PM CET

    VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates. CVE-2012-5703, CVE-2012-1033, CVE-2012-1667, CVE-2012-3817, CVE-2011-4940, CVE-2011-4944, CVE-2012-1150, CVE-2012-0876, CVE-2012-1148, CVE-2012-0441

  • 2012-0128: VMware Hosted Products and OVF Tool address security issues

    Monday, November 19, 2012 02:48:00 PM CET

    VMware Hosted products and OVFTool patches address several security issues. CVE-2012-5458, CVE-2012-5459 and CVE-2012-3569

  • 2012-0127: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates

    Monday, November 19, 2012 02:46:00 PM CET

    VMware has provided an upgrade path for vCenter Operations and CapacityIQ and an update for Movie Decoder. These updates address multiple security vulnerabilities. CVE-2012-4897, CVE-2012-5050, CVE-2012-5051

  • 2012-0126: VMware vSphere and vCOps updates to third party libraries

    Friday, November 16, 2012 12:46:00 PM CET

    VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities. CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0050 CVE-2012-2110 CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, CVE-2012-1583 CVE-2010-2761, CVE-2010-4410, CVE-2011-3597 CVE-2012-0841 CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2011-4128, CVE-2012-1569, CVE-2012-1573 CVE-2012-0060, CVE-2012-0061, CVE-2012-0815 CVE-2012-0393.

  • 2012-0125: Microsoft Security Updates

    Friday, November 16, 2012 10:48:00 AM CET

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on November 13, 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The full list of affected components can be found in [1]. Microsof's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative.

  • 2012-0124: Oracle Critical Patch Update - October 2012

    Wednesday, October 17, 2012 03:13:00 PM CEST

    The Critical Patch Update for October 2012 [2] and The Oracle Java SE Critical Patch Update [3] for October 2012 were released. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in this Critical Patch Update.

  • 2012-0123: Multiple Updates on JBOSS Products

    Wednesday, October 17, 2012 10:19:00 AM CEST

    1) An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. [1]

  • 2012-0121: Multiple Updates Available for CISCO Products

    Wednesday, October 17, 2012 09:22:00 AM CEST

    CISCO has published multiple updates on their products that fix several vulnerabilities

  • 2012-0122: Denial of Service on Bind

    Tuesday, October 16, 2012 03:40:00 PM CEST

    A nameserver can be locked up if it can be induced to load a specially crafted combination of resource records.

  • 2012-0120: Microsoft Security Updates

    Wednesday, October 10, 2012 04:49:00 PM CEST

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the October 09, 2012.

  • 2012-0119: Security Updates Available for Adobe Flash Player

    Wednesday, October 10, 2012 11:00:00 AM CEST

    Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  • 2012-0118: Revocation of Adobe Code Signing Certificate

    Wednesday, October 10, 2012 10:57:00 AM CEST

    Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new digital certificate for all affected products.

  • 2012-0117: JBoss Enterprise Data Services Platform 5.3.0 update

    Wednesday, September 26, 2012 11:03:00 AM CEST

    JBoss Enterprise Data Services Platform 5.3.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.

  • 2012-0116: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update

    Wednesday, September 26, 2012 11:01:00 AM CEST

    An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that fixes one security issue is now available from the Red Hat Customer Portal.

  • 2012-0115: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

    Wednesday, September 26, 2012 10:59:00 AM CEST

    Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.

  • 2012-0114: UPDATED - Internet Explorer Zero-Day Exploits Available - MS12-063

    Wednesday, September 26, 2012 10:57:00 AM CEST

    There appears to have been an exploit detected that affects fully patched versions of Microsoft Internet Explorer versions 6 through 9, and allows downloading and running arbitrary executables.

  • 2012-0113: Security update available for Bind 9

    Monday, September 17, 2012 11:50:00 AM CEST

    If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure.

  • 2012-0112: Microsoft Security Updates

    Thursday, September 13, 2012 04:51:00 PM CEST

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 12 September 2012.

  • 2012-0111: Microsoft Security Updates - Advance Notification

    Monday, September 10, 2012 10:25:00 AM CEST

    ERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on September 11, 2012.

  • 2012-0110: UPDATED - Oracle Java Runtime Environment Remote Code Execution Vulnerability. Fix is available from Oracle

    Friday, August 31, 2012 02:40:00 PM CEST

    Oracle Java Runtime Environment (JRE) is prone to a remote code execution vulnerability.

  • 2012-0109: Apache 'mod-rpaf' Module Denial of Service Vulnerability

    Thursday, August 23, 2012 11:45:00 AM CEST

    The Apache 'mod-rpaf' module is prone to a denial-of-service vulnerability.

  • 2012-0108: Security update available for Adobe Flash Player

    Thursday, August 23, 2012 11:36:00 AM CEST

    Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  • 2012-0107: Microsoft Excel 'MergeCells' Record Heap Overflow Remote Code Execution Vulnerability

    Thursday, August 23, 2012 11:31:00 AM CEST

    Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploits will result in denial-of-service conditions.

  • 2012-0087: UPDATED - Microsoft Security Advisory 2737111 Released on July 24, 2012

    Thursday, August 23, 2012 11:27:00 AM CEST

    Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution.

  • : Microsoft has released Security Advisory 2743314 - Unencapsulated MS-CHAP v2 Could Allow Information Disclosure

    Tuesday, August 21, 2012 03:48:00 PM CEST

    Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs.

  • 2012-0105: Cisco IOS XR Software Route Processor DoS Vulnerability

    Friday, August 17, 2012 03:42:00 PM CEST

    Cisco IOS XR Software is prone to a denial-of-service vulnerability.An attacker can exploit this issue to cause the route processor on an affected device to stop transmitting packets from the route processor CPU to the fabric, resulting in a denial-of-service condition.To exploit this issue, attackers can use readily available network utilities.

  • 2012-0104: Multiple Cisco Nexus Devices Remote Denial of Service Vulnerability

    Friday, August 17, 2012 03:39:00 PM CEST

    Multiple Cisco Nexus devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to crash, denying service to legitimate users.

  • 2012-0103: CSRF vulnerability in JMX console as shipped with JBoss EAP 5.1.1

    Friday, August 17, 2012 03:37:00 PM CEST

    The JMX console as shipped with JBoss EAP 5.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. This vulnerability allows an attacker to invoke operations on mbeans via the JMX console.

  • 2012-0102: IBM WebSphere MQ File Transfer Edition Web Gateway insufficient access control

    Friday, August 17, 2012 03:34:00 PM CEST

    When using the web gateway, an authenticated user is able to access other users' files without further access control if the URL of the file is known. The URL for a file contains non guessable elements.

  • 2012-0101: Security update available for Adobe Shockwave Player

    Friday, August 17, 2012 09:19:00 AM CEST

    Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.5.635 and earlier versions update to Adobe Shockwave Player 11.6.6.636 using the instructions provided in the "Solution" section below.

  • 2012-0100: Security update available for Adobe Flash Player

    Friday, August 17, 2012 09:16:00 AM CEST

    Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.

  • 2012-0099: Security update available for Adobe Reader and Acrobat

    Friday, August 17, 2012 09:12:00 AM CEST

    Adobe has released security updates for Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.

  • 2012-0098: Microsoft Security Updates

    Friday, August 17, 2012 09:06:00 AM CEST

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 14 August 2012.

  • 2012-0097: JBoss Enterprise SOA Platform 5.3.0 security update

    Monday, August 13, 2012 04:35:00 PM CEST

    An update for the JMX Console in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal.

  • 2012-0096: Oracle Security Alert for CVE-2012-3132

    Monday, August 13, 2012 04:33:00 PM CEST

    This security alert addresses the security issue CVE-2012-3132, the Privilege Escalation vulnerability in the Oracle Database Server that was recently disclosed at the Black Hat USA 2012 Briefings held in July 2012 involving INDEXTYPE CTXSYS.CONTEXT.

  • 2012-0095: Microsoft Security Updates - Advance Notification

    Friday, August 10, 2012 02:36:00 PM CEST

    CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on August 14, 2012.

  • 2012-0094: Linux kernel netfilter: null pointer dereference in nf_ct_frag6_reasm

    Thursday, August 09, 2012 11:11:00 AM CEST

    The Linux kernel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a kernel crash, denying service to legitimate users.

  • 2012-0093: Cisco IOS SSH2 Sessions Remote Denial of Service Vulnerability

    Thursday, August 09, 2012 11:07:00 AM CEST

    Cisco IOS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users.

  • 2012-0092: Cisco ASA 5500 Series Denial of Service Vulnerability

    Thursday, August 09, 2012 11:05:00 AM CEST

    The Cisco Adaptive Security Appliance (ASA) 5500 Series is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause excessive memory consumption, resulting in a denial-of-service condition.

  • 2012-0091: Microsoft Internet Explorer Col Element Remote Code Execution Vulnerability

    Monday, August 06, 2012 02:45:00 PM CEST

    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

  • 2012-0090: Denial of Service vulnerability in ISC BIND

    Thursday, August 02, 2012 02:20:00 PM CEST

    Some versions of ISC BIND 9, when DNSSEC validation is enabled, do not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.

  • 2012-0089: Jbossas security update

    Thursday, July 26, 2012 09:59:00 AM CEST

    An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one security issue is now available from the Red Hat Customer Portal. All users of JBoss Enterprise Portal Platform 4.3 CP07 as provided from the Red Hat Customer Portal are advised to install this update.

  • 2012-0088: Multiple vulnerabilities fixed in php

    Thursday, July 26, 2012 09:56:00 AM CEST

    Multiple vulnerabilities has been discovered and corrected in php. Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues.

  • 2012-0086: Linux kernel insufficient data_len validation in sock_alloc_send_pskb

    Thursday, July 19, 2012 09:20:00 AM CEST

    Data_len paremeter of sock_alloc_send_pskb() function is not validated before setting frags of allocated skb, which can lead to heap overflow CVE-2012-2136 CVSS v2 Base Score:6.2 (MEDIUM) (AV:L/AC:H/Au:N/C:C/I:C/A:C).

  • 2012-0085: Pre-Release Announcement - Oracle Critical Patch Update - 17 July 2012

    Tuesday, July 17, 2012 03:34:00 PM CEST

    Several vulnerabilities addressed in this Critical Patch Update affect multiple products. Each vulnerability is identified by a CVE# which is a unique identifier for vulnerability. The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for Oracle JRockit of Oracle Fusion Middleware.

  • 2012-0084: VMware ESXi update to third party library

    Monday, July 16, 2012 11:55:00 AM CEST

    VMware ESXi update addresses several security issues related to third party component libxml2.

  • : Microsoft Security Updates

    Wednesday, July 11, 2012 03:21:00 PM CEST

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 10 July 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively.

  • 2012-0082: JBOSS security updates

    Monday, July 09, 2012 05:23:00 PM CEST

    Updated resteasy packages that fix one security issue are now available for several JBOSS products

  • 2012-0081: Linux kernel epoll can leak file descriptors when returning -ELOOP

    Friday, July 06, 2012 03:41:00 PM CEST

    Linux Kernel is vulnerable to a denial of service, caused by an error related to adding epoll file descriptors in each other in circle.

  • 2012-0080: Microsoft Security Updates

    Friday, July 06, 2012 03:39:00 PM CEST

    CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on 10 July 2012.

  • 2012-0079: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7

    Tuesday, July 03, 2012 02:47:00 PM CEST

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries

  • 2012-0078: Multiple Buffer Overflow Vulnerabilities in the Cisco WebEx Player

    Monday, July 02, 2012 10:32:00 AM CEST

    The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases,exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.

  • 2012-0077: Linux kernel security flaw in the NFSv4 implementation

    Friday, June 22, 2012 03:49:00 PM CEST

    The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.

  • 2012-0076: Public exploit code for Internet Explorer is now widely available

    Friday, June 22, 2012 03:46:00 PM CEST

    The vulnerability which was patched in MS12-037 as part of the June edition of Microsoft's Patch Tuesday is being exploited in the wild.

  • 2012-0075: VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues

    Friday, June 22, 2012 02:55:00 PM CEST

    VMware products allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.

  • 2012-0074: Jboss Security Update - JNDI: unauthenticated remote write access is permitted by default

    Friday, June 22, 2012 02:12:00 PM CEST

    An update that fixes one security issue is now available from the Red Hat Customer Portal.The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,is available from the CVE link in the References section.

  • 2: DNSChanger malware - decommissioning of temporary DNS servers on the 9 July 2012

    Wednesday, June 20, 2012 04:05:00 PM CEST

    NEW!!! CERT-EU has recently received several alerts about connections from IP addresses within our constituency to the rogue DNS Servers listed below. It was later confirmed that, while some of these connections were genuine, other connections were in fact spoofed.

  • 2012-0073: Oracle Java SE Critical Patch Update Advisory - June 2012

    Wednesday, June 13, 2012 04:52:00 PM CEST

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes.

  • 2012-0072: Security updates available for Adobe Flash Player

    Monday, June 11, 2012 04:56:00 PM CEST

    Adobe released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  • 2012-0071: Microsoft Security Updates

    Friday, June 08, 2012 04:36:00 PM CEST

    CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on 12 June 2012.

  • 2012-0070: Linkedin password hash database leaked

    Thursday, June 07, 2012 11:49:00 AM CEST

    Linkedin confirmed[1] that a file containing around 65 million of (unsalted) SHA1 password hashes connected to a Linkedin accounts have been publicly posted.

  • 2012-0069: Several vulnerabilities in Firefox, Thunderbird and Seamonkey

    Thursday, June 07, 2012 11:46:00 AM CEST

    The most severe vulnerability (Priority: urgent; Severity: urgent; classification done by Redhat) allows a remote attacker to run code in the security context of a user of Firefox, Thunderbird or Seamonkey, when they open a malicious website or email.

  • 2012-0068: Denial of Service vulnerability in ISC BIND

    Wednesday, June 06, 2012 02:15:00 PM CEST

    CVE-2012-1667: Handling of zero length rdata can cause named to terminate unexpectedly CVSS Score: 8.5 HIGH[2] CVSS Equation: (AV:N/AC:L/Au:N/C:P/I:N/A:C) A problem in BIND was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields.

  • 2012-0067: Vulnerability in Microsoft Certificate Authority

    Monday, June 04, 2012 02:20:00 PM CEST

    Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

  • 2012-0066: Symantec Endpoint Protection Multiple Issues

    Wednesday, May 23, 2012 02:40:00 PM CEST

    Symantec was notified of a vulnerable service running on the Symantec Endpoint Protection 12.1 management console. Successful access to this service can potentially allow an unauthorized remote attacker to launch a two-stage exploit attempt against the targeted server.

  • 2012-0065: Multiple issues in Linux Kernel

    Tuesday, May 22, 2012 09:56:00 AM CEST

    Multiple issues in Linux Kernel include multiple buffer overflows in the hfsplus filesystem implementation, problems with handling the use of file system capabilities by the cap_bprm_set_creds function in security/commoncap.c, and the KVM implementation makes a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.

  • 2012-0064: OpenSSL Security Advisory - Invalid TLS/DTLS record attack

    Wednesday, May 16, 2012 10:19:00 AM CEST

    A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack or arbitrary code execution on both clients and servers.[1,3]

  • 2012-0063: Multiple vulnerabilities in Adobe Shockwave Player

    Thursday, May 10, 2012 03:24:00 PM CEST

    Adobe released a security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities (memory corruption) that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system allowing unauthorized disclosure of information, unauthorized modification or disruption of service.

  • 2012-0062: Microsft Security Updates

    Thursday, May 10, 2012 03:21:00 PM CEST

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 8 May 2012.

  • 2012-0061: Remote code-execution vulnerability in Adobe Flash Player

    Monday, May 07, 2012 10:49:00 AM CEST

    Adobe released security updates for Adobe Flash Player. These updates address an object confusion vulnerability (CVE-2012-0779)[2] that could cause the application to crash and potentially allow an attacker to take control of the affected system.

  • 2012-0060: PHP Remote-Code Execution Vulnerability in Certain CGI-based Setups

    Friday, May 04, 2012 11:18:00 AM CEST

    There is a vulnerability in certain CGI-based setups that has gone unnoticed for at least 8 years (!) [1,2]. Some systems support a method for supplying an array of strings to the CGI script. This is only used in the case of an 'indexed' query.

  • 2012-0058: Unpatched vulnerability in TNS Listener service on Oracle-UPDATED

    Wednesday, May 02, 2012 02:19:00 PM CEST

    The bug, which Oracle reported as fixed in the most recent Critical Patch Update [2,5], is only fixed in upcoming versions of the database, not in currently shipping releases, and there is publicly available proof-of-concept exploit code circulating [3,4].

  • 2012-0059: Vulnerability in the Oracle Grid Engine component of Oracle Sun Products Suite

    Monday, April 30, 2012 02:13:00 PM CEST

    Two critical vulnerabilities have been identified in the Oracle Grid Engine component of Oracle Sun Products Suite

  • 2012-0057: VMware ESX updates to ESX Service Console

    Friday, April 27, 2012 02:54:00 PM CEST

    ======= VMware has released a patch to the ESX Service Console Operating System (COS) kernel which addresses several security issues in the COS kernel. The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues. The list of CVEs patched includes: CVE-2011-3191, CVE-2011-4348, CVE-2012-0028 CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, and CVE-2011-3919. CVSS v2 Base Score for these vulnerabilities vary from 4.3 to 7.1 (from MEDIUM to HIGH)

  • 2012-0056: OpenSSL Security Advisory - ASN1 BIO vulnerability

    Friday, April 20, 2012 04:59:00 PM CEST

    A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Incorrect integer conversions in OpenSSL can result in memory corruption.

  • 2012-0055: Oracle Critical Patch Update - April 2012

    Wednesday, April 18, 2012 02:11:00 PM CEST

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.

  • 2012-0054: Privilege escalation vulnerability in VMWare products

    Friday, April 13, 2012 03:07:00 PM CEST

    VMware has release a patch to fix a privilege escalation issue in the hosted products and ESXi/ESX. The vulnerability may lead to unauthorised access in the targeted Virtual Machines (guest) or cause a denial of service.

  • 2012-0053: Remote code execution in Samba

    Thursday, April 12, 2012 11:49:00 AM CEST

    Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection.

  • 2012-0052: Multiple vulnerabilities in Adobe Reader and Acrobat

    Wednesday, April 11, 2012 03:02:00 PM CEST

    Adobe has released a patch for several vulnerabilities found in the Adobe Reader and Acrobat product. These vulnerabilities may lead to unauthorised access to the targeted system or cause a denial of service (memory corruption). The vendor has assessed these vulnerabilities as CRITICAL.

  • 2012-0051: Microsft Security Updates

    Wednesday, April 11, 2012 02:52:00 PM CEST

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 10 April 2012.

  • 2012-0050: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

    Tuesday, April 10, 2012 02:58:00 PM CEST

    The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. Successful exploitation of the vulnerabilities could cause the Cisco WRF player application to crash and, in some cases, allow a remote attacker to execute arbitrary code on the system with the privileges of the user who is running the WRF player application.

  • 2012-0049: Title: JBoss Enterprise BRMS Platform 5.2.0 update

    Wednesday, April 04, 2012 05:07:00 PM CEST

    JBoss Enterprise BRMS Platform 5.2.0 roll up patch 1, which fixes two security issues, various bugs:

  • 2012-0048: Memory corruption vulnerability in libpng

    Tuesday, April 03, 2012 10:15:00 AM CEST

    libpng through 1.5.9, 1.4.10, 1.2.48, and 1.0.58 are vulnerable to memory corruption that can lead to remote arbitrary code execution and denial of service. This vulnerability impacts Linux, Windows and Mac OS platforms.

  • 2012-0047: Multiple vulnerabilities in VMWare ESX

    Monday, April 02, 2012 11:57:00 AM CEST

    VMware ESXi and ESX address several security issues: - - VMware ROM Overwrite Privilege Escalation - - ESX third party update for Service Console kernel - - ESX third party update for Service Console krb5 RPM These vulnerabilities may lead to unauthorised access to the targeted Virtual Machines or cause a denial of service.

  • 2012-0046: Multiple vulnerabilities in Adobe Flash Player

    Friday, March 30, 2012 09:37:00 AM CEST

    Adobe has released a patch for two vulnerabilities found in the Flash Player product. This update resolves: - - a memory corruption vulnerability related to URL security domain checking that could lead to code execution (ActiveX, Windows 7 or Vista only) (CVE-2012-0772). - - a memory corruption vulnerability in the NetStream class that could lead to code execution (CVE-2012-0773).

  • 2012-0045: JBOSS Security Updates

    Friday, March 23, 2012 11:40:00 AM CET

    An update for JBoss Operations Network 2.4.2 that fixes one security issue is now available from the Red Hat Customer Portal.

  • 2012-0044: Multiple vulnerabilities in Mozilla Thunderbird and Firefox

    Friday, March 23, 2012 11:38:00 AM CET

    Several vulnerabilities have been detected in Mozilla products; some of these have been covered by previous CERT-EU advisories already, but are mentioned here again for the sake of completeness.

  • 2012-0043: VMware issues Security Advisories & Certifications

    Wednesday, March 21, 2012 10:04:00 AM CET

    VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues.

  • 2012-0042: VMware View privilege escalation and cross-site scripting

    Wednesday, March 21, 2012 10:02:00 AM CET

    a. VMware Virtual Desktop Display Driver Privilege Escalation. Exploitation of these issues may lead to local privilege escalation on View virtual desktops. b. View Manager Portal Cross-site Scripting. The attacker can trigger this vulnerability by supplying a crafted URL to the victim and convincing them to click on the link.

  • 2012-0041: Multiple Vulnerabilities in Cisco ASA 5500 S and Cisco Catalyst 6500

    Monday, March 19, 2012 01:31:00 PM CET

    The Cisco AnyConnect ActiveX control contains a buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

  • 2012-0040: Denial of Service Vulnerability in Cisco Firewall

    Monday, March 19, 2012 01:24:00 PM CET

    When multicast routing is enabled, these devices allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367.

  • 2012-0039: Multiple Vulnerabilities in Cisco ASA 5500 and Cisco Catalyst 6500

    Monday, March 19, 2012 01:19:00 PM CET

    These issues allow remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441.

  • 2012-0038: Mozilla Firefox/Thunderbird/Seamonkey are prone to a Memory Corruption Vulnerability

    Monday, March 19, 2012 01:17:00 PM CET

    Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • 2012-0037: MMozilla Firefox/Thunderbird/SeaMonkey are prone to an Information Disclosure Vulnerability

    Monday, March 19, 2012 01:15:00 PM CET

    An attacker can exploit this issue to disclose certain data from the user's memory. Information obtained may aid in further attacks.

  • 2012-0036: Microsoft Security Updates

    Monday, March 19, 2012 01:13:00 PM CET

    CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 13 March 2012.

  • 2012-0035: JBOSS Security Updates

    Thursday, March 15, 2012 10:00:00 AM CET

    JBoss Enterprise SOA Platform 5.2.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.

  • 2012-0034: OpenSSL Security Update

    Thursday, March 15, 2012 09:59:00 AM CET

    OpenSSL has issued a security update for the CMS and S/MIME Bleichenbacher attack (CVE-2012-0884).

  • 2012-0033: VMware ESXi and ESX updates to third party libraries and ESX Service Console

    Monday, March 12, 2012 03:36:00 PM CET

    VMware VirtualCenter Update 6b and ESX 3.5 patch update JRE.

  • 2012-0032: VMware vCenter Chargeback Manager Information Leak and Denial of Service

    Monday, March 12, 2012 03:33:00 PM CET

    The vCenter Chargeback Manager contains a vulnerability that allows information leakage and denial-of-service.

  • 2012-0019: Adobe Flash Player - Multiple Vulnarabilities

    Thursday, March 08, 2012 10:23:00 AM CET

    Critical vulnerabilities have been identified in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x.

  • 2012-0031: RSA SecurID Software Token Converter buffer overflow vulnerability

    Thursday, March 08, 2012 10:13:00 AM CET

    CVE-2012-0397 Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.[1][2]

  • 2012-0030: Vulnerabilities in Adobe Flash Player

    Tuesday, March 06, 2012 12:46:00 PM CET

    CVE-2012-0768 and CVE-2012-0769. This vulnerability is currently undergoing analysis and not all information is available. Adobe has rated this incident as Priority 2 Critical.

  • 2012-0029: Kelihos Botnet is Back and Active

    Monday, March 05, 2012 04:13:00 PM CET

    In September 2011, Microsoft announced the takedown of the Kelihos botnet [1]. In the beginning of 2012, Kaspersky found a new version of Kelihos in the wild [2]. Kelihos (also know as Hlux) is a Spambot with the capability to steal credentials from the victims computer and drop additional malware. While the old version used the second level domain cz.cc for it’s distribution and to control the botnet, the new version takes advantage of TLD .eu in combination with Fast Flux techniques [3]. More detailed analysis may be found in [3].

  • 2012-0028: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities

    Friday, March 02, 2012 04:54:00 PM CET

    CVSS Base Scores CVE-2012-0330: Error while processing malformed SIP message CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])

  • 2012-0027: Multiple Vulnerabilities in Cisco Unity Connection

    Friday, March 02, 2012 04:51:00 PM CET

    CVSS Base Scores CVE-2012-0366: Privilege Escalation Vulnerability CVSS v2 Base Score: 9.0 (CRITICAL) (AV:N/AC:L/Au:S/C:C/I:C/A:C) [3])

  • 2012-0026: Unified Communications Manager Skinny Client Control Protocol Vulnerabilities

    Friday, March 02, 2012 04:49:00 PM CET

    CVSS Base Scores CVE-2011-4486: SCCP Registration may Cause Reload CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])

  • 2012-0025: Multiple Vulnerabilities in Cisco Wireless LAN Controllers

    Friday, March 02, 2012 04:27:00 PM CET

    CVSS Base Scores CVE-2012-0368: HTTP Denial of Service Vulnerability CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])

  • 2012-0024: Cisco Cius Denial of Service Vulnerability

    Friday, March 02, 2012 04:25:00 PM CET

    Cisco Cius Software contains a denial of service vulnerability that could cause the device to stop responding (DoS).

  • 2012-0023: Remote code execution vulnerability in smbd

    Friday, March 02, 2012 04:18:00 PM CET

    An input validation flaw in Samba could allow a remote attacker to execute arbitrary code with the privileges of the Samba server (root). CVE-2012-0870

  • 2012-0022: Cisco Small Business SRP 500 Series Multiple Vulnerabilities

    Friday, March 02, 2012 04:14:00 PM CET

    Several vulnerabilities have been fixed in Cisco Small Business (SRP 500) Series Services Ready Platforms.

  • 2012-0021: Linux Kernel NFS Implementation. Local Denial of Service Vulnerability

    Friday, March 02, 2012 04:00:00 PM CET

    The NFS implementation in the Linux kernel is prone to a local denial-of-service vulnerability due to null-pointer dereference error. CVE-2011-4325

  • 2012-0020: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability

    Thursday, February 16, 2012 04:57:00 PM CET

    Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series Switches that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet.

  • 2012-0019: Adobe Flash Player - Multiple Vulnarabilities

    Thursday, February 16, 2012 04:50:00 PM CET

    Critical vulnerabilities have been identified in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x.

  • 2012-0018: Oracle Java SE Critical Patch Update

    Thursday, February 16, 2012 02:43:00 PM CET

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 14 new security fixes across Java SE products.

  • 2012-0017: Adobe Shockwave Player - remote code execution vulnerability

    Wednesday, February 15, 2012 04:31:00 PM CET

    Adobe reported vulnerabilities in their Shockwave Players that could allow an attacker to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions to update to Adobe Shockwave Player 11.6.4.634.

  • 2012-0015: PHP5 Arbitrary Remote Code Execution Vulnerability

    Monday, February 06, 2012 03:00:00 PM CET

    The PHP development team announced the immediate availability of PHP 5.3.10. This release delivers a critical security fix. This release fixes the arbitrary remote code execution vulnerability CVE-2012-0830.

  • 2012-0014: Multiple vulnerabilities in JBoss Operations Network

    Monday, February 06, 2012 02:25:00 PM CET

    Red Hat has released fixes to JBoss Operations Network (JBoss ON), a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  • 2012-0013: Denial of Service Vulnerability in Oracle WebLogic Server, Application Server (OC4J) and iPlanet Web Server

    Thursday, February 02, 2012 03:15:00 PM CET

    Oracle has released a security advisory about a denial of service vulnerability in Oracle WebLogic Server, Oracle Application Server (OC4J) and Oracle iPlanet Web Server due to hashing collisions. No authentication is required to exploit this vulnerability, so it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to affect the system availability.

  • 2012-0012: Multiple vulnerabilities in JBoss Web server

    Thursday, February 02, 2012 08:32:00 AM CET

    Red Hat has released fixes to JBoss Communications Platform and JBoss Web, the web container of JBoss Enterprise Application Platform. These vulnerabilities can allow remote attackers to access sensitive information or cause a denial of service.

  • 2012-0011: Multiple vulnerabilities in Apache HTTP server

    Wednesday, February 01, 2012 01:59:00 PM CET

    The Apache Software Foundation has released a new version the Apache HTTP server that fixes multiple vulnerabilities. These vulnerabilities can allow remote attackers to access sensitive information, cause a denial of service or allow local users to escalate privileges.

  • 2012-0010: Multiple vulnerabilities in VMware ESXi and ESX

    Wednesday, February 01, 2012 01:54:00 PM CET

    VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues

  • 2012-0009: Sudo format string vulnerability

    Wednesday, February 01, 2012 10:31:00 AM CET

    A flaw exists in the debugging code in sudo versions 1.8.0 through 1.8.3p1 that can be used to crash sudo or potentially allow an unauthorized user to elevate privileges to root.

  • 2012-0008: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability

    Monday, January 30, 2012 08:39:00 AM CET

    Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges

  • 2012-0006: Vulnerability in OpenSSL in DTLS applications

    Tuesday, January 24, 2012 04:59:00 PM CET

    OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

  • 2011-0026: Adobe Acrobat and Reader U3D Memory Corruption Vulnerability

    Tuesday, January 24, 2012 09:39:00 AM CET

    Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability.

  • 2011-0033: Multiple vulnerabilities in .NET Framework including critical Elevation of Privilege flaw

    Monday, January 23, 2012 03:23:00 PM CET

    Microsoft has released an out-of-band security update [1] that resolves one publicly disclosed vulnerability [2] and three privately reported vulnerabilities in Microsoft .NET Framework.

  • 2012-0005: Vulnerabilities in Cisco IP Video Phone E20 and Digital Media Manager

    Friday, January 20, 2012 02:39:00 PM CET

    Cisco IP Video Phone E20 Default Root Account Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device.

  • 2012-0004: Remote Security Vulnerability in Oracle Sun Solaris

    Friday, January 20, 2012 02:16:00 PM CET

    Oracle Sun Solaris is prone to a remote security vulnerability. Fixes are available.

  • 2012-0003: Multiple vulnerabilities in Apache Tomcat

    Friday, January 20, 2012 01:57:00 PM CET

    The Apache Tomcat security team disclosed two vulnerabilities in their product. Fixes are available. The vulnerabilities allow unauthorized disclosure of information and disruption of service.

  • 2012-0002: Multiple vulnerabilities in OpenSSL

    Tuesday, January 17, 2012 03:35:00 PM CET

    The OpenSSL project disclosed various vulnerabilities in their product.

  • 2012-0001: Security updates available for Adobe Reader and Acrobat

    Tuesday, January 17, 2012 10:59:00 AM CET

    These updates address critical vulnerabilities (CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373) in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. These updates include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30.

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.