Address: Rue de la Loi 107, 1000 Brussels, BE Tel: +32 2 295 2100

Security Advisories

  • 2014-253: Microsoft Security Bulletin MS14-068 - Critical Vulnerability in Kerberos Could Allow Elevation of Privileges

    Thursday, November 20, 2014 10:18:00 AM CET

    The vulnerability in Microsoft Windows Kerberos KDC could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.

  • 2014-249: Malware distribution to German-speaking users

    Thursday, November 20, 2014 10:15:00 AM CET

    CERT-EU has identified a malware distribution and fraud campaign with focus on german-speaking users.

  • 2014-248: IMPORTANT: Critical Vulnerability in Schannel Could Allow Remote Code Execution (KB2992611) CVE-2014-6321

    Thursday, November 20, 2014 10:11:00 AM CET

    A privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows has been found.

  • 2014-169: NEW SSLv3 Padding Oracle On Downgraded Legacy Encryption attack

    Thursday, November 20, 2014 10:09:00 AM CET

    The SSL protocol 3.0, as used in OpenSSL and other products, uses non-deterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-oracle attack, aka the "POODLE" issue.

  • 2014-138: New: BadUSB

    Thursday, November 20, 2014 10:07:00 AM CET

    BadUSB is a dangerous USB security flaw that allows attackers to turn a simple USB device into a keyboard, which can then be used to type malicious commands into the victim's computer.

  • 2014-137: BASH Vulnerability

    Thursday, November 20, 2014 10:05:00 AM CET

    GNU BASH is prone to remote code execution vulnerability. Vulnerable GNU BASH versions processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code.

  • 2014-054: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

    Wednesday, June 11, 2014 10:06:00 AM CEST

    Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack.

  • 2014-053: Multiple Vulnerabilities in OpenSSL

    Wednesday, June 11, 2014 10:04:00 AM CEST

    Several vulnerabilities have been discovered in OpenSSL library.

  • 2014-052: GnuTLS Hello Vulnerability

    Thursday, June 05, 2014 09:09:00 AM CEST

    This vulnerability affects the client side of the GnuTLS library. A server that sends a specially crafted Server Hello could corrupt the memory of a requesting client.

  • 2014-051: Cisco RADIUS DoS

    Friday, May 23, 2014 01:57:00 PM CEST

    Cisco Identity Services Engine Software (ISE) is an authentication, authorization, and accounting application.

  • 2014-050: Microsoft Internet Explorer 8 Remote Code Execution

    Friday, May 23, 2014 01:55:00 PM CEST

    Internet Explorer 8 is prone to a remote code-execution vulnerability due to a use-after-free condition.

  • 2014-049: Microsoft Security Updates

    Friday, May 16, 2014 11:08:00 AM CEST

    Microsoft has published on a number of new security updates which has been released on May 08, 2014.

  • 2014-048: Security updates available for Adobe Reader and Acrobat

    Friday, May 16, 2014 11:06:00 AM CEST

    Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.

  • 2014-047: Security updates available for Adobe Flash Player

    Friday, May 16, 2014 11:05:00 AM CEST

    Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux.

  • 2014-046: BIND nameservers security update

    Thursday, May 15, 2014 03:08:00 PM CEST

    A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes.

  • 2014-045: FreeBSD Security Advisory

    Thursday, May 15, 2014 03:07:00 PM CEST

    hen network packets making up a TCP stream (``TCP segments'') are received out-of-sequence, they are maintained in a reassembly queue by the destination system until they can be re-ordered and re-assembled.

  • 2014-044: Citrix NetScaler Application Delivery Security Update

    Thursday, May 15, 2014 03:04:00 PM CEST

    A number of security vulnerabilities have been identified in the management component of the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products.

  • 2014-041: UPDATE Vulnerability in Internet Explorer Could Allow Remote Code Execution

    Monday, May 12, 2014 04:28:00 PM CEST

    UPDATE: Microsoft has issued a cumulative security update for Internet Explorer (no 2965111) resolving the publicly disclosed vulnerability (CVE-2014-1776 [1]) as well as other eight privately reported vulnerabilities in IE [2].

  • 2014-043: Oracle Critical Patch Update Advisory

    Thursday, May 08, 2014 04:31:00 PM CEST

    The Oracle Critical Patch Update for April 2014 [1] were released.

  • 2014-042: Security updates available for Adobe Flash Player

    Tuesday, April 29, 2014 04:12:00 PM CEST

    Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux.

  • 2014-040: VMware Security Advisories (VMSA-2014-0004.6)

    Wednesday, April 23, 2014 04:20:00 PM CEST

    VMware product updates address OpenSSL security vulnerabilities.

  • 2014-039: VMware Security Advisories

    Wednesday, April 23, 2014 04:19:00 PM CEST

    VMware vSphere Client updates address security vulnerabilities

  • 2014-038: Oracle Critical Patch Update Advisory of April 2014

    Wednesday, April 23, 2014 04:17:00 PM CEST

    Oracle Critical Patch Update Advisory of April 2014 contains 104 new security fixes across the product families.

  • 2014-034: UPDATE OpenSSL CRITICAL vulnerability

    Friday, April 11, 2014 09:57:00 AM CEST

    OpenSSL library is vulnerable to a memory leakage. Both servers and clients are affected. It can lead to a leak of the content of the memory allowing access to private keys, credentials, or any other confidential data . There are already some proofs of concept of this vulnerability available in the wild exploiting servers and clients.

  • 2014-037: Apache Tomcat Update

    Thursday, April 10, 2014 10:56:00 AM CEST

    It was possible to craft a malformed Content-Type header for a multipart request that caused Apache Tomcat to enter an infinite loop. A malicious user could, therefore, craft a malformed request that triggered a denial of service.

  • 2014-036: Microsoft Security Updates

    Wednesday, April 09, 2014 03:23:00 PM CEST

    Microsoft has published on a number of new security updates which has been released on April 08, 2014.

  • 2014-035: Security updates available for Adobe Flash Player

    Wednesday, April 09, 2014 03:16:00 PM CEST

    Adobe has released security updates for Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.346 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.

  • 2014-033: Multiple vulnerabilities in Cisco IOS

    Friday, April 04, 2014 02:47:00 PM CEST

    Cisco released its semiannual Cisco IOS Software Security Advisory Bundled Publication on March 26, 2014.

  • 2014-032: Vulnerability in Microsoft Word could allow remote code execution

    Thursday, March 27, 2014 02:37:00 PM CET

    There is a vulnerability affecting multiple versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • 2014-031: Security updates available for Adobe Flash Player

    Thursday, March 13, 2014 04:19:00 PM CET

    Adobe has released security updates for Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. [1]

  • 2014-030: Multiple vulnerabilities in Microsoft products

    Thursday, March 13, 2014 04:16:00 PM CET

    Microsoft released five bulletins [1] to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight.

  • 2014-029: Snake Campaign and Cyber Espionage Toolkit

    Thursday, March 13, 2014 04:10:00 PM CET

    BAE Systems have recently published a report on so called Snake Campaign and Cyber Espionage Toolkit [1].

  • 2014-028: Cisco Small Business Router Password Disclosure Vulnerability

    Tuesday, March 11, 2014 11:24:00 AM CET

    A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device.

  • 2014-027: Multiple Vulnerabilities in Cisco Wireless LAN Controllers

    Tuesday, March 11, 2014 11:21:00 AM CET

    The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities

  • 2014-026: JBoss Enterprice Aplication Platform update

    Tuesday, March 11, 2014 11:19:00 AM CET

    An update for Red Hat JBoss Enterprise Application Platform 6.2.1 is now available from the Red Hat Customer Portal.

  • 2014-025: SSL/TSL implementation security Issues

    Tuesday, March 11, 2014 11:18:00 AM CET

    Recently have been published a couple of bugs in ssl/tsl protocol from Apple [1] and GNU [2].

  • 2014-024: SOHO routers vulnerabilities leading to man-in-the-middle attack

    Tuesday, March 11, 2014 11:17:00 AM CET

    Different vulnerabilities and default configuration in several brands of SOHO routers allowed dns misconfiguration in hundreds of thousands of devices.

  • 2014-023: Cisco Prime Infrastructure Command Execution Vulnerability

    Tuesday, March 11, 2014 11:16:00 AM CET

    A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.

  • 2014-008: UPDATED Bios update for Hewlett Packard server products

    Wednesday, February 26, 2014 11:52:00 AM CET

    There is a Bios update for HP Proliant G7 server.

  • 2014-022: SSL Vulnerability in iOS and OS X

    Wednesday, February 26, 2014 11:40:00 AM CET

    Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.

  • 2014-021: Microsoft Security Advisory

    Monday, February 24, 2014 03:11:00 PM CET

    Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10.

  • 2014-020: Microsoft Security Advisory related to Adobe Flash Player

    Monday, February 24, 2014 03:09:00 PM CET

    Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.

  • 2014-019: Security updates available for Adobe Flash Player

    Monday, February 24, 2014 03:07:00 PM CET

    Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux.

  • 2014-018: JBoss Enterprice Aplication Platform update

    Friday, February 21, 2014 02:38:00 PM CET

    An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.

  • 2014-017: Title: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability

    Friday, February 21, 2014 02:09:00 PM CET

    Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system.

  • 2014-016: Multiple Vulnerabilities in Cisco IPS Software

    Friday, February 21, 2014 02:07:00 PM CET

    Cisco Intrusion Prevention System (IPS) Software is affected by the following vulnerabilities

  • 2014-015: Cisco UCS Director Default Credentials Vulnerability

    Friday, February 21, 2014 02:04:00 PM CET

    A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

  • 2014-014: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905

    Friday, February 21, 2014 02:01:00 PM CET

    A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

  • 2014-013: Man-in-the-Middle Attack Against Email Synchronization

    Friday, February 21, 2014 01:59:00 PM CET

    The attack consists in spoofing a SSID of a WiFi network to which devices try to connect (most devices actively advertise SSIDs of all networks known to them). Once a device connects to such network and tries to synchronize e-mails, a malicious server inside the spoofed network may potentially be able to access the email credentials. In case the SSL is used, a such server may try to impersonate the target email server and perform the SSL handshake, if the device is set to accept self-signed certificates.

  • 2014-012: Security updates available for Adobe Flash Player

    Friday, February 14, 2014 12:12:00 PM CET

    Adobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system.

  • 2014-011: Security update available for Adobe Shockwave Player

    Friday, February 14, 2014 12:09:00 PM CET

    Adobe has released a security update for Adobe Shockwave Player 12.0.7.148 and earlier versions on the Windows and Macintosh operating systems. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system.

  • 2014-009: Microsoft Security Updates

    Friday, February 14, 2014 12:06:00 PM CET

    Microsoft has published on a number of new security updates. This advisory is intended to help you plan for the deployment of these security updates more effectively.

  • 2014-010: Critical Vulnerability in MediaWiki Platform

    Wednesday, February 05, 2014 09:25:00 AM CET

    Researchers have discovered a critical vulnerability in the popular MediaWiki Web platform, which is used to run Wikipedia and tens of thousands of other wiki sites around the world. This vulnerability allows an attacker to perform remote code execution

  • 2014-007: Denial of Service on Bind BIND nameservers

    Thursday, January 23, 2014 03:04:00 PM CET

    Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones.

  • 2014-006: VMware multiple vulnerabilities

    Thursday, January 23, 2014 03:03:00 PM CET

    VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues: VMware ESXi and ESX NFC NULL pointer dereference (CVE-2014-1207).

  • 2014-005: Multiple Bugfixes in PHP

    Thursday, January 23, 2014 03:00:00 PM CET

    The PHP development team announces the immediate availability of PHP 5.5.8. About 15 bugs were fixed. The PHP development team announces the immediate availability of PHP 5.4.20. About 30 bugs were fixed.

  • 2014-004: Multiple Vulnerabilities in Cisco Secure Access Control System

    Thursday, January 23, 2014 02:57:00 PM CET

    Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities: -Cisco Secure ACS RMI Privilege Escalation Vulernability -Cisco Secure ACS RMI Unauthenticated User Access Vulnerability -Cisco Secure ACS Operating System Command Injection Vulnerability

  • 2014-003: Oracle Critical Patch Update Advisory of January 2014

    Tuesday, January 21, 2014 03:03:00 PM CET

    Oracle Critical Patch Update Advisory of January 2014 contains 144 new security fixes across the product families.

  • 2014-002: Multiple Microsoft vulnerabilities

    Tuesday, January 21, 2014 03:01:00 PM CET

    The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. [1]

  • 2014-001: Multiple Adobe vulnerabilities

    Tuesday, January 21, 2014 02:59:00 PM CET

    Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh.

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.