4188 matches found
Cisco Releases Security Advisory for Cisco Wireless LAN Controllers
The Cisco Wireless LAN Controller Cisco WLC product family is affected by multiple vulnerabilities that could potentially cause a denial-of-service condition, allow unauthorized access, or allow an attacker to execute code remotely. Cisco has released software updates that address these...
Microsoft Releases January 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. These vulnerabilities could allow remote code execution, elevation of privilege,...
Microsoft Releases Security Advisory for Internet Explorer
Microsoft has released Security Advisory 2794220 to address a vulnerability in Microsoft Internet Explorer 6, 7, and 8. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsoft is aware of targeted attacks that attempt to exploit...
Increased Exploitation in Web Content Management Systems
US-CERT is aware of recent increases in the exploitation of known vulnerabilities in web content management systems CMSs such as Wordpress and Joomla. Compromised CMS installations can be used to host malicious content. US-CERT recommends that users and administrators ensure that their CMS...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 13.0 Firefox ESR 10.0.5 Thunderbird 13.0 Thunderbird ESR 10.0.5 SeaMonkey 2.10 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service...
RuggedCom Rugged Operating System Vulnerability
RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password. This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative...
Google Releases Google Chrome 18.0.1025.142
Google has released Chrome 18.0.1025.142 for Linux, Macintosh, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or perform a cross-site scripting attack. US-CERT encourages...
Google Releases Google Chrome 17.0.963.83
Google has released Chrome 17.0.963.83 for Linux, Macintosh, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Googl...
Mozilla Releases Firefox 9 and 3.6.25
The Mozilla Foundation has released Firefox 9 and Firefox 3.6.25 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or perform a cross-site scripting attack. US-CERT encourages users and administrators t...
Holiday Season Phishing Scams and Malware Campaigns
As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness. In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holidays and holiday shopping season. US-CERT remind...
Google Releases Chrome 15.0.874.102
Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Microsoft Releases October Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may all...
Cisco Releases Multiple Security Advisories
Cisco has released two security advisories to address vulnerabilities affecting the CiscoWorks LAN Management Solution, the Cisco Unified Service Monitor, and the Cisco Unified Operations Manager. These vulnerabilities may allow an unauthenticated attacker to execute arbitrary code. US-CERT...
Microsoft Releases August Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft .NET Framework, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for August 2011. These vulnerabilities may allow an attacker to execute...
Mozilla Releases Firefox 5.0.1
The Mozilla Foundation has released Firefox 5.0.1 to address an issue with Mac OS X 10.7 and Java for Mac OS X 10.6 Update 5. These issues could cause Firefox to crash. US-CERT encourages users and administrators to review the Mozilla Foundation Firefox 5.0.1 Release Notes and apply any necessary...
Apple Releases Malware Detection Tool
Apple has released Security Update 2011-003 for Mac OS X in response to the recent Mac fake anti-virus software. This update: adds a malware definition to the File Quarantine application causes the File Quarantine application to automatically update its malware definition list daily removes...
Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
Adobe has released a security update for Adobe Flash Player to address the vulnerability previously referenced in Adobe Security Advisory APSA11-02. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that...
Google Releases Chrome 10.0.648.204
Google has released Chrome 10.0.648.204 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry...
VideoLAN Releases VLC Media Player 1.1.8
VideoLAN has released VLC Media Player 1.1.8 to address two vulnerabilities. These vulnerabilities are due to the improper handling of .AMV and .NSV files. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review...
Google Releases Chrome 10.0.648.133
Google has released Chrome 10.0.648.133 for Windows, Mac, Linux, and Chrome Frame. This update addresses a vulnerability that may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary update...
Apple Releases Java Updates for Mac OS X 10.5 and OS X 10.6
Apple has released Java for Mac OS X 10.5 Update 9 and Java for Mac OS X 10.6 Update 4 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple...
Oracle Releases Critical Patch Update for Java SE and Java for Business
Oracle has released a Critical Patch Update for Java SE and Java for Business. This update addresses multiple vulnerabilities and contains 21 security fixes. US-CERT encourages users and administrators to review the Oracle Java SE and Java for Business Critical Patch Update Advisory for February...
Microsoft Releases Advance Notification for February Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its February release will contain 12 bulletins. Three of these bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. The remaining bulletins will have a severity...
Microsoft Security Advisory 2488013
Microsoft Security Advisory 2488013 addresses a vulnerability in Internet Explorer. This advisory has been updated to include Microsoft Fix It 50591 that prevents the recursive loading of CSS style sheets in Internet Explorer as a mitigation for this vulnerability. Exploitation of this...
Microsoft Internet Explorer 8 use-after-free Vulnerability
US-CERT is aware of a vulnerability affecting Microsoft Internet Explorer 8. This vulnerability is due to improper handling of circular memory references. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the user or cause a denial-of-service...
Microsoft Releases Advance Notification for December Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its December release will contain 17 bulletins. Two of these bulletins will have a severity rating of critical and will be for Microsoft Windows and Internet Explorer. Fourteen of the bulletins will have a severity rati...
Insecure Loading of Dynamic Link Libraries in Windows Applications
US-CERT is aware of a class of vulnerabilities related to how some Windows applications may load external dynamic link libraries DLLs. When an application loads a DLL without specifying a fully qualified path name, Windows will attempt to locate the DLL by searching a defined set of directories. ...
Google Releases Chrome 7.0.517.44
Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates...
Fraud Advisory for Businesses Released: Corporate Account Take Over
As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center IC3 and the Financial Services Information Sharing and Analysis Center FS-ISAC have released Fraud Advisory for Businesses: Corporate Account Take Over PDF. The...
RealNetworks Releases Security Update for RealPlayer Vulnerabilities
RealNetworks has issued a Security Update to address multiple vulnerabilities affecting RealPlayer. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks security advisory and apply any necessa...
RIM Releases Security Advisory for BlackBerry Enterprise Server
RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...
Microsoft Releases Advance Notification for October Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain sixteen bulletins. Four bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. Ten bulletins will have the severity rating of...
OpenX Releases Security Update
OpenX has released a security update to address a vulnerability in the 2.8 downloadable version of OpenX. Exploitation of this vulnerability may allow an attacker to compromise the integrity of the server running OpenX. US-CERT encourages users and administrators to review the OpenX "Security...
Apple Releases Security Update 2010-006
Apple has released security update 2010-006 for Mac OS X and Mac OS X Server to address a vulnerability in the AFP package. This vulnerability may allow an attacker to bypass password validation and obtain sensitive information. The article indicates that this vulnerability does not affect system...
Malicious Email Campaign Circulating
US-CERT is aware of public reports of malware spreading via email. These reports indicate that the malicious email messages contain the subject line "Here you have" or "Just For You" and contain a link to a seemingly legitimate PDF file. If users click on this link, they will be redirected to a...
Google Releases Chrome 6.0.472.53
Google has released Chrome 6.0.472.53 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct spoofing attacks. US-CERT encourages users and...
Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol
Cisco has released a security advisory to address a vulnerability in the Cisco IOS XR Software Border Gateway Protocol feature. Exploitation of this vulnerability may result in the continuous resetting of BGP peering sessions, which may cause a denial-of-service condition for affected networks...
Cisco Releases Advisories for Unified Communications Manager and Unified Presence
Cisco has released security advisories to address multiple vulnerabilities affecting Unified Communications Manager and Unified Presence. These vulnerabilities affect the processing of Session Initiation Protocol SIP messages. Exploitation of these vulnerabilities may allow an attacker to cause a...
VideoLAN Releases a Security Advisory for VLC Media Player
VideoLAN has released a security advisory to address a vulnerability in VLC Media Player. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The updated release also addresses additional issues that could result in a denial-of-service attack...
Apple Releases QuickTime 7.6.7
Apple has released QuickTime 7.6.7 for Windows to address a vulnerability. This vulnerability is due to a stack buffer overflow that exists in QuickTime error logging. By convincing a user to open a specially crafted movie file, a remote attacker may be able to execute arbitrary code or cause a...
Apple Releases Safari 5.0.1 and Safari 4.1.1
Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users...
Google Releases Chrome 5.0.375.125
Google has released Chrome 5.0.375.125 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entr...
Firefox Releases Firefox 3.6.8
The Mozilla Foundation has released Firefox 3.6.8 to address a critical vulnerability. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Mozilla Foundation security advisory MFSA 2010-48 and update to Firefox 3.6.8 to hel...
Apple Releases Updates for Java Mac OS X 10.5 and 10.6
Apple has released Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple...
Foxit Releases Foxit Reader 3.3
The Foxit Corporation has released Foxit Reader 3.3 for Windows. This release of Foxit Reader contains a component called Trust Manager. Foxit Reader release notes indicate that the Trust Manager enables users to allow or deny unauthorized actions and data transmission, including URL connection,...
Cisco Releases Security Advisory
Cisco has released a security advisory to address a vulnerability in Cisco Secure Desktop. Cisco Secure Desktop contains a vulnerable ActiveX control that may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisory...
Microsoft Releases April Security Bulletin
Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, and Exchange as part of the Microsoft Security Bulletin Summary for April 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, cause a...
Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability
The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR...
Foxit Reader 3.2.1.0401 Released
The Foxit Corporation has released Foxit Reader 3.2.1.0401 to address a critical vulnerability. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Foxit notice regarding the release a...
Mozilla Releases Firefox 3.6.2
The Mozilla Foundation has released Firefox 3.6.2 to address multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code. US-CERT encourages users and administrators to do the following to help mitigate the risks: Review the Firefox 3.6....