4188 matches found
Apple Releases QuickTime 7.7
Apple has released QuickTime 7.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple Support Article HT4826 and apply any necessary updates to...
WordPress Themes Vulnerability
TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site. US-CERT encourages users and administrators to: determine if any hosted blogs use TimThumb by...
Google Releases Chrome 12.0.742.112
Google released Chrome 12.0.742.112 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. This update also contains an updated version of Adobe Flash. US-CERT encourages users and...
Mozilla Releases Firefox 5 and 3.6.18
The Mozilla Foundation has released Firefox 5 and Firefox 3.6.18 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, violate the same origin policy, or perform a cross-site scripting attack. US-CERT encourages users and administrators to...
Adobe Releases Security Bulletin for Adobe Reader and Acrobat
Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Reader 10.0.1 and earlier versions for Windows, Adobe Reader 10.0.3 and earlier versions of Macintosh, and Adobe Acrobat 10.0.3 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities...
VMware Releases Security Advisory
VMware has released security advisory VMSA-2011-0009 to address multiple vulnerabilities in the following products: VMware Workstation 7.1.3 and earlier VMware Player 3.1.3 and earlier VMware Fusion 3.1.2 and earlier ESXi 4.1 without patch ESXi410-201104402-BG ESXi 4.0 without patch...
Google Chrome Releases 11.0.696.71
Google has released Chrome 11.0.696.71 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Mozilla Releases Firefox updates
Mozilla has released Firefox 4.0.1, 3.6.17, and 3.5.19 to address multiple vulnerabilities. The impact of these vulnerabilities includes arbitrary code execution, privilege escalation, directory traversal, and information disclosure. US-CERT encourages users and administrators to review the Mozil...
Video Game Phishing
US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that a...
Fraudulent SSL Certificates
US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates. Mozil...
Adobe Releases Security Updates for Reader and Acrobat
Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address a vulnerability in the authplay.dll component. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe...
Japan Earthquake and Tsunami Disaster Email Scams, Fake Antivirus and Phishing Attack Warning
US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in th...
Microsoft Releases Advance Notification for March Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its March release will contain three bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining two bulletins will have the severity rating of important...
Google Releases Chrome 9.0.597.107
Google has released Chrome 9.0.597.107 for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome...
Cisco Releases Multiple Security Advisories
Cisco has released six security advisories to address vulnerabilities in multiple Cisco products. Security advisory cisco-sa-20110223-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. Successful exploitation of these vulnerabilities could cause a...
RealNetworks, Inc. Releases Security Updates for RealPlayer
RealNetworks, Inc. has released security updates to address a vulnerability affecting Windows RealPlayer 14.0.1 and earlier versions and RealPlayer Enterprise 2.1.4 and earlier versions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the...
Google Releases Chrome 9.0.597.84
Google has released Chrome 9.0.597.84 for all platforms to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry an...
Microsoft Releases Blog Entry Regarding Recent Outlook 2007 Update
The Microsoft Outlook product team has posted a blog entry to inform users of several issues related to the Outlook 2007 update KB2412171 that was released on December 14. The product team has identified these issues as: Outlook fails to connect if Secure Password Authentication SPA is configured...
RealNetworks Releases Security Update for RealPlayer
RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks notice released on December 10, 2010 and appl...
WordPress Releases Version 3.0.3
WordPress has released WordPress 3.0.3 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.0.3 and apply any necessary updates to hel...
VMware Releases Security Patch for ESX
VMware has released a security patch for ESX to address a vulnerability. Exploitation of this vulnerability may allow a local user to gain additional privileges on the affected system. US-CERT encourages users and administrators to review VMware knowledgebase article 1029397 and apply any necessa...
Linux Root Access Vulnerabilities
US-CERT is aware of public reports of multiple vulnerabilities affecting Linux. Exploitation of these vulnerabilities may allow an attacker to access the system with root or "superuser" privileges. The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram...
Google Releases Chrome 7.0.517.41
Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions. US-CERT encourages users and...
Adobe Releases Security Advisory for Flash Player
Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player. This vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. Exploitation of this vulnerability...
Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat
Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited...
Mozilla Releases Firefox 3.6.9
The Mozilla Foundation has released Firefox 3.6.9 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, leverage cross-site scripting attacks, or cause a denial-of-service condition. The Mozilla Foundation has als...
Apple Releases iTunes 10
Apple has released iTunes 10 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4328 and apply any...
Microsoft Releases Security Advisory
Microsoft has released a security advisory indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries DLLs. If an application does not securely load DLL files, an attacker may be able to cause the applicati...
Adobe Releases Security Update for Flash Player
Adobe has released Flash Player 10.1.82.76 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This vulnerability also affects Adobe Air 2.0.2.12310 and earlier versions. US-CERT encourages users and...
Foxit Releases Foxit Reader 4.1.1.0805
Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the security release notes for...
Oracle Critical Patch Update Pre-Release Announcement
Oracle has issued a critical patch update pre-release announcement indicating that its July release will contain 59 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, July 13, 2010. US-CERT encourages users and administrators to review the pre-release...
Adobe Releases Update for Adobe Reader and Adobe Acrobat
Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect the following versions: Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh Exploitation of...
Apple Releases Security Update 2010-004 and Mac OS X v10.6.4
Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with elevated privileges, conduct...
Microsoft Windows Help and Support Center Vulnerability
US-CERT is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands. US-CERT encourages users a...
Opera Software Releases Opera 10.53
Opera Software has released Opera 10.53 to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Opera Software security advisory related to this vulnerability and upgrade to Opera 10....
VMware Releases Security Advisory for ESX Service Console Updates
VMware has released a security advisory to address vulnerabilities in the Samba and acpid packages of ESX Service Console. These vulnerabilities may allow an attacker to cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and...
Apple Releases Security Update 2010-002 and Mac OS X v10.6.3
Apple has released Security Update 2010-002 and Mac OS X v10.6.3 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, bypass security...
Cisco Releases Security Advisories for IOS Software
Cisco has released a bundled publication, which contains seven security advisories, to address multiple vulnerabilities in Cisco IOS Software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators ...
U.S. Census Bureau 2010 Census Campaign Warning
US-CERT asks users to be vigilant during the U.S. Census Bureau's 2010 Census campaign and to watch for potential census scams. According to the U.S. Census 2010 website, they began delivery of the printed census forms to every resident in the United States on March 1, 2010. The only way to...
IRS Warns of Online Scams
US-CERT is aware of reports of tax season phishing scams. The U.S. Internal Revenue Service has issued a news release on its website warning consumers about potential scams. These scams are circulating via fraudulent email or other online messages appearing to come from the IRS. They attempt to...
VMware Releases Multiple Updates for ESX
VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services NSS and NetScape Portable Runtime NSPR. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-39987link is external Marimo Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33634link is external Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-43468link is external Microsoft Configuration Manager SQL Injection Vulnerability CVE-2025-15556link is external Notepad++ Download of Code Without...
NIST and CISA Release Draft Interagency Report on Protecting Tokens and Assertions from Tampering Theft and Misuse for Public Comment
The Cybersecurity and Infrastructure Security Agency CISA and National Institute of Standards and Technology NIST have released an initial draft of Interagency Report IR 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report ...
Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
CISA has updated this Alert to include an additional vulnerability, CVE-2025-58034, and its relation to CVE-2025-64446, and associated resources. CISA is aware of the exploitation of two vulnerabilities, CVE-2025-64446link is external and CVE-2025-58034link is external, in Fortinet FortiWeb, a we...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-64446link is external Fortinet FortiWeb Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-296-01 AutomationDirect Productivity Suite ICSA-25-296-02 ASKI Energy ALS-Mini-S8 and ALS-Mini-S4...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-48503link is external Apple Multiple Products Unspecified Vulnerability CVE-2025-2746link is external Kentico Xperience Staging Sync Server Digest Passwor...
UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities
Update 08/06/2025: CISA released a Malware Analysis Report MAR on six files related to CVE-2025-49704link is external, CVE-2025-49706link is external, CVE-2025-53770link is external, and CVE-2025-53771link is external. For more information see MAR-251132.c1.v1 Exploitation of SharePoint...