Security Advisories
-
2013-095: JBoss Enterprice Aplication Platform update
Monday, December 09, 2013 02:55:00 PM CETAn update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.
-
2013-094: Microsoft Advance Security Updates
Monday, December 09, 2013 02:54:00 PM CETMicrosoft has published an advanced for a number of new security updates which will be released on December 13, 2013.
-
2013-093: Microsoft Windows local privilege escalation zero-day bypassing Adobe Reader sandbox in the wild
Monday, December 09, 2013 02:52:00 PM CETA new Windows local privilege escalation vulnerability has been identified in the wild [1].
-
2013-092: Security updates available for Adobe Flash Player
Tuesday, November 19, 2013 10:48:00 AM CETAdobe has released security updates for Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.310 and earlier versions for Linux.
-
2013-091: Hotfix available for ColdFusion
Tuesday, November 19, 2013 10:45:00 AM CETAdobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux.
-
2013-090: Microsoft Security Updates
Tuesday, November 19, 2013 10:33:00 AM CETMicrosoft has published on a number of new security updates which has been released on November 13, 2013.
-
2013-073: Microsoft Security Updates
Thursday, October 10, 2013 03:43:00 PM CESTMicrosoft has published on a number of new security updates which has been released on October 09, 2013.
-
2013-067: Microsoft Security Updates
Tuesday, August 20, 2013 03:07:00 PM CESTThis bulletin summary lists 3 critical (MS13-059, MS13-060, MS13-061) and 5 important (MS13-062, MS13-063, MS13-064, MS13-065, MS13-066) Microsoft security bulletins released for August 2013 [1].
-
2013-053: Oracle Java SE Critical Patch Update - June 2013
Friday, June 21, 2013 02:59:00 PM CESTThe Oracle Java SE Critical Patch Update [1] for June 2013 were released on.
-
2013-051: Security updates available for Adobe Flash Player
Friday, June 14, 2013 03:20:00 PM CESTAdobe has released security updates for Adobe Flash Player 11.7.700.202 and earlier versions for Windows, Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.285 and earlier versions for Linux, Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x.
-
2013-050: Microsoft Security Updates
Friday, June 14, 2013 03:17:00 PM CESTMicrosoft has published on a number of new security updates which has been released on June 11, 2013.
-
2013-0100: Cisco ASA Denial of service
Wednesday, December 11, 2013 04:22:00 PM CETA vulnerability in the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to become unresponsive to management session requests via SSH, Telnet, HTTP, and HTTPS.
-
2013-0099: WMware ESX multiple vulnerabilities
Wednesday, December 11, 2013 04:20:00 PM CETVMware has updated several third party libraries in ESX that address multiple security vulnerabilities.
-
2013-0098: Microsoft December 2013 patches
Wednesday, December 11, 2013 04:19:00 PM CETMicrosoft has released December 2013 patches.
-
2013-0097: VMware Products Increased privileges - Existing account
Monday, December 09, 2013 04:46:00 PM CETVMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.
-
2013-0096: Cisco ASA Malformed DNS Reply Denial of Service Vulnerability
Monday, December 09, 2013 02:57:00 PM CETA vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system.
-
2013-0089: Microsoft Security Advisory
Wednesday, November 06, 2013 01:53:00 PM CETMicrosoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync.
-
2013-0088: Cisco IOS XE: Denial of service - Remote/unauthenticated
Wednesday, November 06, 2013 01:52:00 PM CETCisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities
-
2013-0087: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Wednesday, November 06, 2013 01:50:00 PM CETMultiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability.
-
2013-0086: Several Vulnerabilities and Security Notices in multiple Cisco products
Friday, October 25, 2013 11:26:00 AM CESTA vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service (DoS) condition.
-
2013-0085: RSA Authentication Agent: Reduced security
Friday, October 25, 2013 11:24:00 AM CESTIn certain circumstances, RSA Authentication Agent for Web for IIS protection can be bypassed due to a fail open flaw in the agent.
-
2013-0084: Several Vulnerabilities in Linux kernel
Friday, October 25, 2013 11:23:00 AM CEST* It was found that the fix for CVE-2012-3552 released via RHSA-2012 ... * An information leak flaw was found in the way Linux kernel's device mapper subsystem,... * A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation....
-
2013-0083: Vulnerability in python-crypto
Monday, October 21, 2013 04:07:00 PM CESTA cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto.
-
2013-0082: Multiple Vulnerabilities in MySQL 5.1 on Debian
Monday, October 21, 2013 04:06:00 PM CESTThis DSA updates the MySQL database to 5.1.72. This fixes multiple unspecified security problems in the Optimizer component: https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html [1] [2]
-
2013-0081: Several Vulnerabilities in RedHat
Monday, October 21, 2013 04:05:00 PM CESTUpdated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
-
2013-0080: Several Vulnerabilities and Security Notices in multiple Cisco products
Monday, October 21, 2013 04:04:00 PM CESTCisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities
-
2013-0079: Several Vulnerabilities in multiple VMware products
Monday, October 21, 2013 04:03:00 PM CESTVMware has updated vCenter Server, vCenter Server Appliance (vCSA), vSphere Update Manager (VUM), ESXi and ESX to address multiple security vulnerabilities. [1] [2] [3]
-
2013-0078: Cisco Catalyst 6500 Series Switches & Cisco 7600 Series Routers: Multiple vulnerabilities
Monday, October 21, 2013 04:01:00 PM CESTCisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by two vulnerabilities.
-
2013-0077: JBoss Middleware security update
Monday, October 21, 2013 04:00:00 PM CESTAn update for the commons-fileupload component that fixes one security issue is now available from the Red Hat Customer Portal for Red Hat JBoss BRMS 5.3.1; and Red Hat JBoss Portal 4.3 CP07, 5.2.2 and 6.0.0.
-
2013-0076: Title: Oracle Critical Patch Update Advisory
Monday, October 21, 2013 03:59:00 PM CESTThe Oracle Critical Patch Update for October 2013 [1] were released.
-
2013-0075: Apache Execute arbitrary code/commands - Remote/unauthenticated
Monday, October 21, 2013 03:57:00 PM CESTRobert Matthews discovered that the Apache FCGID module, a FastCGI implementation for Apache HTTP Server, fails to perform adequate boundary checks on user-supplied input.
-
2013-0074: Security Advisory for Adobe Reader and Acrobat
Thursday, October 10, 2013 03:44:00 PM CESTAdobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows.
-
2013-0072: Cisco IOS XR Software Memory Exhaustion Vulnerability
Thursday, October 10, 2013 03:38:00 PM CESTCisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion.
-
2013-0071: Several Vulnerabilities in Mozilla Firefox prior to 24
Thursday, September 26, 2013 04:47:00 PM CESTSeveral Critical, High and Moderate vulnerabilities have been fixed in Mozilla Firefox 24. [1]
-
2013-0070: Multiple Bugfixes in PHP
Thursday, September 26, 2013 04:46:00 PM CESTThe PHP development team announces the immediate availability of PHP 5.5.4. This release fixes several bugs against PHP 5.5.3. [1]
-
2013-0069: Microsoft Alert Vulnerability in Internet Explorer Could Allow Remote Code Execution
Thursday, September 26, 2013 04:44:00 PM CESTMicrosoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer.
-
2013-0068: VMware Workstation host privilege escalation vulnerability in Linux Version
Thursday, September 26, 2013 04:43:00 PM CESTVMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.
-
2013-0066: Microsoft Security Updates - Advance Notification
Friday, August 09, 2013 01:51:00 PM CESTMicrosoft has published a number of new security updates which are planned for release on August 13, 2013.
-
2013-0065: JBoss SOA Platform 5.3.1 security update
Friday, August 09, 2013 01:50:00 PM CESTRed Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three security issues and various bugs, is now available from the Red Hat Customer Portal.
-
2013-0064: Apache Struts Security Update
Friday, August 09, 2013 01:48:00 PM CESTA couple of vulnerabilities have that have been detected in Struts framework allow arbitrary code execution and open redirections.
-
2013-0063: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
Friday, August 09, 2013 01:10:00 PM CESTMultiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.
-
2013-0062: Cisco WAAS Central Manager Remote Code Execution Vulnerability
Friday, August 09, 2013 01:08:00 PM CESTCisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.
-
2013-0061: Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products
Friday, August 09, 2013 01:06:00 PM CESTMultiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode.
-
2013-0060: VMware ESX and ESXi updates to third party libraries
Friday, August 09, 2013 01:04:00 PM CESTVMware has updated several third party libraries in ESX and ESXi to address multiple security vulnerabilities.
-
2013-0059: Apache Security Update
Friday, August 09, 2013 01:02:00 PM CESTThe Apache Software Foundation and the Apache HTTP Server Project have released a new version of Apache Httpd server which solves several vulnerabilities.
-
2013-0058: Oracle Critical Patch Update Advisory
Friday, August 09, 2013 01:01:00 PM CESTThe Oracle Critical Patch Update for July 2013 [1] were released. Oracle strongly recommends applying the patches as soon as possible.
-
2013-0057: Adobe Flash Player Security Update
Friday, August 09, 2013 12:57:00 PM CESTAdobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x.
-
2013-0056: Apache Tomcat Security Update
Monday, June 24, 2013 04:33:00 PM CESTFORM authentication associates the most recent request requiring authentication with the current session.
-
2013-0055: Microsoft recent news related to security issues and tools
Friday, June 21, 2013 03:02:00 PM CESTMicrosoft has publish some information in its security blog that can be of CERT-EU constituency interest [1].
-
2013-0054: Cisco ASA Software Vulnerability
Friday, June 21, 2013 03:01:00 PM CESTA vulnerability on Cisco ASA could cause a reload of the affected device.
-
2013-0052: VMware vCenter Chargeback Manager Remote Code Execution
Wednesday, June 19, 2013 04:43:00 PM CESTThe vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution.
-
2013-0049: Denial of Service on Bind BIND nameservers
Friday, June 07, 2013 09:09:00 AM CESTA defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c.
-
2013-0048: Linux kernel Vulnerabilities
Wednesday, May 22, 2013 04:12:00 PM CESTA recently-discovered vulnerability in the Linux kernel allows a local user to escalate their privilege level and gain root access.
-
2013-0047: Microsoft Internet Explorer Security Advisory
Wednesday, May 22, 2013 04:10:00 PM CESTThis security update resolves one publicly disclosed vulnerability in Internet Explorer.
-
2013-0046: Security updates available for Adobe Reader and Acrobat
Tuesday, May 21, 2013 04:40:00 PM CESTAdobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux.
-
2013-0045: Security updates available for Adobe Flash Player
Tuesday, May 21, 2013 04:37:00 PM CESTAdobe has released security updates for Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.280 and earlier versions for Linux, Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x.
-
2013-0044: Hotfix available for ColdFusion
Tuesday, May 21, 2013 04:33:00 PM CESTAdobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.
-
2013-0043: Microsoft Security Updates
Friday, May 17, 2013 03:49:00 PM CESTThis bulletin summary lists security bulletins released for May 2013.
-
2013-0042: Microsoft Internet Explorer 8 Security Advisory
Tuesday, May 07, 2013 10:54:00 AM CESTMicrosoft is investigating public reports of a vulnerability in Internet Explorer 8 [1]. Microsoft is aware of attacks that attempt to exploit this vulnerability.
-
2013-0041: Cisco ASA Software Vulnerability
Friday, April 26, 2013 04:12:00 PM CESTCisco ASA has several vulnerabilities related with VPN software.
-
2013-0040: Linux kernel Local Vulnerabilities
Friday, April 26, 2013 04:11:00 PM CESTLinux kernel has several vulneravilities that can cause a denial of service or escalate privileges.
-
2013-0039: Oracle Critical Patch Update - April 2013
Wednesday, April 24, 2013 10:02:00 AM CESTThe Critical Patch Update for April 2013 [2] and The Oracle Java SE Critical Patch Update [3] for April 2013 were released on. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in this Critical Patch Update.
-
2013-0038: Hotfix available for ColdFusion
Wednesday, April 24, 2013 10:01:00 AM CESTAdobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.
-
2013-0037: Security updates available for Adobe Flash Player
Wednesday, April 24, 2013 09:59:00 AM CESTAdobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
-
2013-0036: Cisco Network Admission Control Manager SQL Injection Vulnerability
Wednesday, April 24, 2013 09:56:00 AM CESTCisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system.
-
2013-0035: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
Wednesday, April 24, 2013 09:55:00 AM CESTCisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities: Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability
-
2013-0034: VMware ESX Execute arbitrary code/commands
Tuesday, April 09, 2013 09:40:00 AM CESTVMware ESXi security updates for third party library.
-
2013-0033: Denial of Service on Bind BIND nameservers
Tuesday, April 09, 2013 02:23:00 PM CESTA critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.
-
2013-0032: Linux kernel stack corruption Vulnerability
Tuesday, April 09, 2013 09:36:00 AM CESTA race conditon in ptrace can lead to kernel stack corruption and arbitrary kernel-mode code execution.
-
2013-0031: Microsoft Security Updates
Wednesday, March 13, 2013 04:28:00 PM CETCERT-EU has received advance notification from Microsoft on a number of new security updates which has been released on March 12, 2013.
-
2013-0030: Microsoft Security Updates - Advance Notification
Monday, March 11, 2013 03:03:00 PM CETCERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on March 12, 2013.
-
2013-0029: Oracle Java JRE y JDK Security Alert
Friday, March 08, 2013 02:30:00 PM CETThis Security Alert addresses security issues affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
-
2013-0028: VMware vCenter Server, ESX and ESXi: Multiple vulnerabilities
Thursday, February 28, 2013 10:34:00 AM CETVMware has updated VMware vCenter Server, ESXi and ESX to address a vulnerability in the Network File Copy (NFC) Protocol. This update also addresses multiple security vulnerabilities in third party libraries used by VirtualCenter, ESX and ESXi.
-
2013-0027: Linux kernel Local Privilege Escalation Vulnerability
Thursday, February 28, 2013 10:31:00 AM CETLinux kernel is prone to a local privilege-escalation vulnerability because it fails to adequately bounds-check user-supplied input.
-
2013-0026: New Apache HTTP server version corrects some vulnerabilities
Thursday, February 28, 2013 10:29:00 AM CETThe Apache Software Foundation has released a new version the Apache HTTP server that fixes some vulnerabilities.
-
2013-0025: Security Updates Available for Adobe Flash Player
Thursday, February 28, 2013 10:26:00 AM CETThese updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
-
2013-0024: Updated Release of the February 2013 Oracle Java SE Critical Patch Update
Friday, February 22, 2013 03:44:00 PM CETThis Critical Patch Update includes all fixes provided in the Oracle Java SE Critical Patch Update February 2013 (CERT-EU Security Advisory 2013-0019), plus an additional five fixes which had been previously planned for delivery. This distribution therefore completes the content for all originally planned fixes to be included in the Java SE Critical Patch Update for February 2013. Note also that Oracle has scheduled a Java SE Critical Patch Update for April 16, 2013, in addition to those previously scheduled in June and October of 2013 and in January of 2014. This additional distribution will be used to further accelerate Java security fixes to Java users.
-
2013-0023: JBoss Enterprise Application Platform 5.2.0 security update
Wednesday, February 20, 2013 02:33:00 PM CETUpdated JBoss Enterprise Application Platform 5.2.0 packages that fix two security issues.
-
2013-0022: JBoss Enterprise Application Platform 4.3.0 security update
Wednesday, February 20, 2013 02:28:00 PM CETUpdated JBoss Enterprise Application Platform 4.3.0 packages that fix two security issues.
-
2013-0021: Security Advisory for Adobe Reader and Acrobat
Tuesday, February 19, 2013 12:01:00 PM CETAdobe has identified two critical vulnerabilities affecting Adobe Reader and Acrobat for Windows and Macintosh.
-
2013-0020: Microsoft Security Updates
Tuesday, February 19, 2013 11:59:00 AM CETERT-EU has received advance notification from Microsoft on a number of new security updates which has been released on February 12, 2013.
-
2013-0019: Oracle Java SE Critical Patch Update Advisory - February 2013
Monday, February 11, 2013 01:50:00 PM CETThe original Critical Patch Update for Java SE - February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.
-
2013-0018: Microsoft Security Updates - Advance Notification
Monday, February 11, 2013 01:47:00 PM CETCERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on February 12, 2013.
-
2013-0017: VMware security updates for vSphere
Tuesday, February 05, 2013 02:25:00 PM CETVMware vSphere security updates for the authentication service and third party libraries.
-
2013-0016: JBoss Enterprise Web Platform 5.2.0 security update
Tuesday, February 05, 2013 02:24:00 PM CETUpdated JBoss Enterprise Web Platform 5.2.0 that fix one security issue.
-
2013-0015: JBoss Enterprise Application Platform 5.2.0 security update
Tuesday, February 05, 2013 02:18:00 PM CETUpdated JBoss Enterprise Application Platform 5.2.0 that fix one security issue.
-
2013-0014: JBoss Enterprise Web Platform 5.2.0 update
Wednesday, January 30, 2013 11:32:00 AM CETJBoss Enterprise Web Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal.
-
2013-0013: Oracle Critical Patch Update - Junuary 2013
Thursday, January 24, 2013 04:58:00 PM CETThe Critical Patch Update for Junuary 2013 [1] were released. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in this Critical Patch Update. Be aware that Sun and MySQL patches have also been included in this realised. The Critical Patch Update Advisory [2] is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents. Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information. And the information concerning the fixed vulnerabilities [3].
-
2013-0012: UPDATED - Oracle Java 0-day Vulnerability Exploited in the Wild
Thursday, January 17, 2013 10:26:00 AM CETThis Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability possibly related to "permissions of certain Java classes," as exploited in the wild in January 2013, and as demonstrated by Blackhole and Nuclear Pack, affecting Java running in web browsers.
-
2013-0011: Cisco Prime LAN Management Solution Command Execution Vulnerability
Tuesday, January 15, 2013 10:35:00 AM CETCisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands sent to certain TCP ports. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands.
-
2013-0010: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
Tuesday, January 15, 2013 10:34:00 AM CETCisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.
-
2013-0009: Several vulnerabilities in Firefox, Thunderbird and Seamonkey
Thursday, January 10, 2013 11:13:00 AM CETMozilla developers identified and fixed several vulnerabilities [1-20]
-
2013-0008: Security updates for Adobe Reader and Acrobat
Thursday, January 10, 2013 11:12:00 AM CETAdobe has released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. CVE numbers: CVE-2012-1530, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
-
2013-0007: Security Updates Available for Adobe Flash Player
Thursday, January 10, 2013 11:11:00 AM CETAdobe has released security updates for Adobe Flash Player 11.5.502.135 and earlier versions for Windows, Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.258 and earlier versions for Linux, Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.
-
2013-0006: Multiple Vulnerabilities in Adobe ColdFusion
Thursday, January 10, 2013 11:09:00 AM CETAdobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX: CVE-2013-0625 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server. CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories. CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
-
2013-0005: VMware security updates for vCSA and ESXi [1]
Thursday, January 10, 2013 11:06:00 AM CETVMware has updated vCenter Server Appliance (vCSA) and ESX to address multiple security vulnerabilities.
-
2013-0004: Microsoft Security Updates
Thursday, January 10, 2013 11:08:00 AM CETCERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 8 January 2013.
-
2013-0003: Microsoft Security Updates - Advance Notification
Monday, January 07, 2013 03:39:00 PM CETCERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on January 08, 2013. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The January 2013 Advance Notification Summary page is now live at https://technet.microsoft.com/security/bulletin/ms13-jan.
-
2013-0002: UPDATED - Microsoft Internet Explorer Security Advisory
Thursday, January 17, 2013 10:24:00 AM CETMicrosoft is investigating public reports of vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. Applying the Microsoft Fix it solution, "MSHTML Shim Workaround," prevents the exploitation of this issue.
-
2013-0001: Fraudulent certificates issued by Trusted CA impact on Microsoft products and other Browser products
Monday, January 07, 2013 03:36:00 PM CETCERT-EU has been made aware of a security issue related to certificates issued by TURKTRUST Inc. TURKTRUST Inc is certificate provider which CA is included in several trusted CA databases used by products like browsers. Consequently, fraudulent certificates can be issued and be used to impersonate server and sites. A fraudulent certificate has been identified to impersonate *.google.com. [1]
-
2012-0150: Microsoft Security Update
Friday, January 04, 2013 09:49:00 AM CETCERT-EU has received notification from Microsoft on an update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed. Customers who have successfully installed the original KB2753842 update still need to install the rereleased update.
-
2012-0149: JBoss Enterprise SOA Platform 5.3.0 update
Friday, January 04, 2013 09:48:00 AM CETJBoss Enterprise SOA Platform 5.3.0 roll up patch 2, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.
-
2012-0148: JBoss Enterprise Application Platform 6.0.1 update for RHEL 5 and RHEL 6
Friday, January 04, 2013 09:45:00 AM CETUpdated JBoss Enterprise Application Platform 6.0.1 packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact.