4188 matches found
Apple Releases QuickTime 7.7.5
Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary...
Google Releases Google Chrome Update
Google has released Google Chrome 33.0.1750.124 for several Chrome OS devices to address multiple vulnerabilities, one of which could allow a server certificate to change in a renegotiation. Users and administrators are encouraged to review the Google Chrome release blog entry and apply the updat...
Google Releases Google Chrome Update
Google has released Google Chrome 33.0.1750.117 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to completely compromise a vulnerable system. Users and administrators are encouraged to review the Google Chrome Release...
Google Releases Google Chrome Updates
Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices except Chromebook Pixel, Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to...
Apple Releases Apple Remote Desktop 3.7
Apple has released Apple Remote Desktop 3.7 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5998 and follow best practi...
Cisco Releases Security Advisory
Cisco has released a security advisory to address a vulnerability in Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is only present when Cisco ACS is configur...
Microsoft Releases August 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for August 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, ...
Google Releases Google Chrome 28.0.1500.71
Google has released Google Chrome 28.0.1500.71 for Windows, Macintosh, and Chrome Frame platforms to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended restrictions, obtain sensitive information or cause a...
WordPress Releases Security Update for WordPress 3.5.2
WordPress has released WordPress 3.5.2 for all previous versions to address multiple vulnerabilities. These vulnerabilities could potentially enable a remote attacker to cause a cross-site scripting attack, elevation of privilege, or cause a denial-of-service condition. US-CERT recommends users a...
Google Releases Google Chrome 27.0.1453.116
Google has released Google Chrome 27.0.1453.116 for all Chrome OS devices to address a vulnerability. This vulnerability could allow a remote attacker to obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome release blog entry and follow best practi...
Security Updates Available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Security updates are available for the following versions of Adobe Flash Player: Adobe Flash Player...
Apple Releases Security Updates for Apple QuickTime 7.7.4
Apple has released security updates for Apple QuickTime 7.7.4 for Windows 7, Vista, and XP SP2 or later to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...
Microsoft Releases Security Advisory for Internet Explorer
Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer 8 and is aware of attacks that attempt to exploit this vulnerability. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsof...
Oracle Releases April 2013 Security Advisory
Oracle has released its Critical Patch Update for April 2013 to address 128 vulnerabilities across multiple products. This update contains the following security fixes: 4 for Oracle Database Server 29 for Oracle Fusion Middleware 6 for Oracle E-Business Suite 3 for Oracle Supply Chain Products...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to address multiple vulnerabilities. These vulnerabilities could allow an unauthorized user to bypass authentication controls. US-CERT recommends that users and administrators review...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates to address multiple vulnerabilities. These vulnerabilities could allow an attacker to initiate a cross-site scripting attack or obtain sensitive information, enable privilege escalation or execute arbitrary code, or cause a denial-of-service condition...
Google Releases Google Chrome 25.0.1364.173
Google has released Google Chrome 25.0.1364.173 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update ...
Microsoft Releases Advance Notification for February Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its February release will contain eleven bulletins. These bulletins will have the severity rating of critical and important, and will be for Microsoft Windows, Internet Explorer, Server Software, and .NET Framework. The...
Microsoft Releases Advance Notification for January Security Bulletin
Microsoft has issued a Security Bulletin Advanced Notification indicating that its January release will contain seven bulletins. These bulletins will have the serverity rating of critical and important and will be for Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framewor...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services IIS, which could result in a denial of service. US-CERT encourages users and administrators to review Adobe...
Google Releases Google Chrome 23.0.1271.64
Google has released Google Chrome 23.0.1271.64 for Windows, Macintosh, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and...
Microsoft Releases August Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SQL Server, Server Software, Developer Tools, and Exchange Server as part of the Microsoft Security Bulletin summary for August 2012. These vulnerabilities may allow an attacker to execute...
Google Releases Google Chrome 20.0.1132.57
Google has released Google Chrome 20.0.1132.57 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Google Releases Google Chrome 20.0.1132.43
Google has released Google Chrome 20.0.1132.43 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Unauthorized Microsoft Digital Certificates
Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack. The followi...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a Security Advisory for Adobe Flash Player to address a vulnerability affecting the following software versions: Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems Adobe Flash Player 11.1.115.7 and earlier versions for Andro...
DNSChanger Malware
US-CERT encourages users and administrators to ensure their systems are not infected with the DNSChanger malware by utilizing tools and resources available at the DNS Changer Working Group DCWG website. Computers testing positive for infection of DNSChanger malware will need to be cleaned of the...
Apple Releases Safari 5.1.4
Apple has released Safari 5.1.4 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, spoof a domain name, obtain sensitive information, or perform a cross-site scripting attack. US-CERT encourages users and administrators to review Apple...
Adobe Releases Update for Adobe Flash Player
Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities affecting the following software versions: Adobe Flash Player 11.1.102.62 and earlier versions from Windows, Linux, and Solaris operating systems Adobe Flash Player 11.1.115.6 and earlier versions fo...
Google Releases Chrome 17.0.963.56
Google has released Chrome 17.0.963.56 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...
Google Releases Chrome 17.0.963.46
Google has released Chrome 17.0.963.46 for Linux, Mac, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code and cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Google Releases Chrome 16.0.912.77
Google has released Chrome 16.0.912.77 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chro...
Adobe Releases Security Advisory for Adobe Flex SDK
Adobe has released a security advisory to alert users of a vulnerability that affects Adobe Flex SDK. This vulnerability affects Adobe Flex SDK 4.5.1 and earlier 4.X and 3.6 and earlier 3.X for Windows, Macintosh, and Linux operating systems. Exploitation of this vulnerability may allow an attack...
Apple Releases iOS 5.0.1
Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S, iPod 3rd generation or later, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators...
Fraudulent Digital Certificates Could Allow Spoofing
US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the pare...
Oracle Releases Critical Patch Update for October 2011
Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 10 for Oracle Fusion Middleware 5 for Oracle E-Business...
Cisco Releases Security Advisory for Identity Services Engine
Cisco has released a security advisory to address a vulnerability in Cisco Identity Services Engine. Exploitation of this vulnerability may allow a remote attacker to gain complete administrative control of the device. US-CERT encourages users and administrators to review Cisco Security Advisory...
Cisco Releases Security Advisory and Applied Mitigation Bulletin
Cisco has released a security advisory and an applied mitigation bulletin to address vulnerabilities in Cisco TelePresence Recording Server Software Release 1.7.2.0. Successful exploitation of these vulnerabilities may allow an attacker to bypass security restrictions or take control of the...
Apple Releases Safari 5.1 and 5.0.6
Apple has released Safari 5.1 and 5.0.6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site scripting attack, or disclose sensitive information. US-CERT encourages users and administrators to review Apple Support Article...
Apple Releases iOS 4.3.4 and iOS 4.2.9
Apple has released iOS 4.3.4 for the iPhone GSM model, iPod touch, and iPad, and iOS 4.2.9 for the iPhone CDMA model to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges. US-CERT encourages users and...
Microsoft Releases July Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office as part of the Microsoft Security Bulletin Summary for July 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users...
Adobe Releases Security Bulletin for Critical Vulnerabilities in Shockwave Player
Adobe has released security bulletin APSB11-17 to alert users of critical vulnerabilities in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT...
Microsoft Releases Advance Notification for May Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating its May release will contain two bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining bulletin will have the severity rating of important and will be fo...
Microsoft Releases Advance Notification for April Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating its April release will contain 17 bulletins. Nine of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer and Office. The remaining bulletins will have the severity...
Apple Releases Security Updates
Apple has released Mac OS X v10.6.7 and Security Update 2011-001 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and...
Apple Releases iTunes 10.2
Apple has released iTunes 10.2 to address multiple vulnerabilities affecting the ImageIO, libxml, and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to revie...
VMware Releases Advisory for Windows 7 Users
VMware has released an advisory to alert users of an issue affecting VMware on the Microsoft Windows 7 platform. This issue prevents VMware from connecting from the View Client on Windows 7 to the View Connection Server after installing the Microsoft patches 2482017 and 2467023 from Microsoft...
Cisco Releases Security Advisory for Tandberg E, EX, and C Series Endpoints
Cisco has released a security advisory to address a vulnerability in the Tandberg C Series Endpoints and E/EX Personal Video units running software versions prior to TC4.0.0. This vulnerability may allow an attacker to gain administrative access to the device. US-CERT encourages users and...
Apple Releases Mac OS X v10.6.6
Apple has released Mac OS X v10.6.6 to address a vulnerability affecting PackageKit. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4498 and apply any...
Microsoft WMI Administrative Tool ActiveX Control Vulnerability
US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the...