4188 matches found
Google Releases Chrome Update
Google has released Google Chrome 33.0.1750.149 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review the Google Chrome release blog ent...
Cisco UCS Director Default Credentials Vulnerability
Cisco has released a security advisory to address a vulnerability in Cisco Unified Computing System UCS Director. This vulnerability could allow an unauthenticated, remote attacker to take complete control of the affected device due to a default root user account created during installation...
Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild
An unpatched Internet Explorer 10 use-after-free vulnerability is being exploited in the wild. CERT/CC Vulnerability Note VU732479 has been published with further details about the vulnerability. US-CERT recommends users protect themselves against this exploit by using Microsoft's EMET utility,...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 27 Firefox ESR 24.3 Thunderbird 24.3 Seamonkey 2.24 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended access restrictions, cause a...
Google Releases Google Chrome Updates
Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices except Chromebook Pixel, Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to...
Oracle Releases January 2014 Security Advisory
Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 22 for Oracle Fusion Middleware 2 for Oracle Hyperion 4 for Oracle E-Business Suite 16 for Oracle...
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe has released updates to the following products: Adobe Flas...
Mozilla Releases Updates for Firefox, Thunderbird, and Seamonkey
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 25.0 Firefox ESR 24.1 Firefox ESR 17.0.10 Thunderbird 24.1 Thunderbird ESR 17.0.10 Seamonkey 2.22 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypa...
Google Releases Google Chrome 30
Google has released Chrome 30 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, spoof the address bar, or obtain sensitive information. US-CERT encourages users and...
Cisco Releases Security Advisory for Cisco WebEx Players
Cisco has released a security advisory to address multiple vulnerabilities in Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial of service condition. US-CERT encourages users...
Cisco Releases Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an unauthenticated, remote attacker the ability to modify data, execute arbitrary commands, or cause a denial of service DoS condition. US-CERT encourages users and administrators to...
Google Releases Google Chrome 28.0.1500.95
Google has released Google Chrome 28.0.1500.95 for Chrome Frame, Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass intended restrictions or cause a denial-of-service condition. US-CERT encourages users and administrators to...
Recent Reports of DHS-Themed Ransomware (UPDATE)
US-CERT has received reports of increased activity concerning an apparently DHS-themed ransomware malware infection occurring in the wild. Users who are being targeted by the ransomware receive a message claiming that use of their computer has been suspended and that the user must pay a fine to...
Digital Alert Systems and Monroe Electronics EAS Firmware Security Advisory
Digital Alert Systems' DASDEC and Monroe Electronics' One-Net E189 Emergency Alert System EAS encoder/decoder ENDEC devices exposed a shared private root SSH key in publicly available firmware images. Additional information is also available in CERT Vulnerability Note VU662676. US-CERT recommends...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 22.0 Firefox ESR 17.0.7 Thunderbird 17.0.7 Thunderbird ESR 17.0.7 These vulnerabilities could allow a remote attacker to execute arbitrary code and potentially cause a cross-site...
WordPress Releases Security Update for WordPress 3.5.2
WordPress has released WordPress 3.5.2 for all previous versions to address multiple vulnerabilities. These vulnerabilities could potentially enable a remote attacker to cause a cross-site scripting attack, elevation of privilege, or cause a denial-of-service condition. US-CERT recommends users a...
Google Releases Google Chrome 27.0.1453.116
Google has released Google Chrome 27.0.1453.116 for all Chrome OS devices to address a vulnerability. This vulnerability could allow a remote attacker to obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome release blog entry and follow best practi...
Google Releases Google Chrome 26.0.1410.57
Google has released Google Chrome 26.0.1410.57 for all Chrome OS devices to address a vulnerability. This vulnerability could allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best-practice security...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to address multiple vulnerabilities. These vulnerabilities could allow an unauthorized user to bypass authentication controls. US-CERT recommends that users and administrators review...
Apple Releases Security Updates for Safari on OS X
Apple has released security updates for Safari Webkit 6.0.3 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a cross-site scripting attack. Safari 6.0.3 WebKit updates are available for the following versions: OSX Lion...
Updated Release of the February 2013 Oracle Java SE Critical Patch Update
Oracle has released an updated February 2013 Critical Patch Update for Oracle Java SE to address a vulnerability. This vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on vulnerable systems or to provide unauthorized disclosure of information. The following...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 19.0 Firefox ESR 17.0.3 Thunderbird 17.0.3 Thunderbird ESR 17.0.3 SeaMonkey 2.16 These vulnerabilities could allow an attacker to execute arbitrary code, bypass security features, o...
Research In Motion Releases Security Update for BlackBerry Enterprise Server
Research In Motion RIM has released a security advisory for BlackBerry Enterprise Server to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or allow elevation of privileges. RIM has released updates for the following...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a security advisory for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or take control of the affected system. Adobe has released updates for the following versions: Adob...
Microsoft Releases Security Advisory on Fraudulent Digital Certificates
Microsoft has released Security Advisory 2798897 in response to active attacks using fraudulent digital certificates issued by TURKTRUST Inc. These fraudulent certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This vulnerability affects al...
Google Releases Google Chrome 23.0.1271.91
Google has released Google Chrome 23.0.1271.91 for Windows, Mac, Linux, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities could result in a denial of service or allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google...
Microsoft Releases October Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, SQL Server, Server Software, Office, and Lync as part of the Microsoft Security Bulletin summary for October 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 14 Firefox ESR 10.0.6 Thunderbird 14 Thunderbird ESR 10.0.6 SeaMonkey 2.11 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition...
Microsoft Releases a Security Advisory for Windows Sidebar and Gadgets
Microsoft has released security advisory 2719662 to address a vulnerability in Microsoft Windows Sidebar and Gadgets. This vulnerability may allow an attacker to execute arbitrary code, take control of an affected system, or disclose sensitive information. US-CERT encourages users and...
Microsoft Releases July Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Developer Tools, and Server Software as part of the Microsoft Security Bulletin summary for July 2012. These vulnerabilities may allow an attack to execute arbitrary code, operate with...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address vulnerabilities affecting the following products: Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA Cisco Catalyst 6500 Series ASA Service Module Cisco ASASM Cisco AnyConnect Secure Mobility Client Cisco Application Control Engine...
Apple Releases Java Update for OS X Lion and Mac OS X
Apple has released a Java update to address multiple vulnerabilities for the following products: Mac OS X v10.6.8 Mac OS X Server v10.6.8 OS X Lion v10.7.4 OS X Lion Server v10.7.4 These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CER...
Google Releases Google Chrome 19
Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome...
Microsoft Releases May Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, .NET Framework, and Silverlight as part of the Microsoft Security Bulletin Summary for May 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CE...
Apple Releases iOS 5.1.1
Apple has released iOS 5.1.1 for iPhone, iPod, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site-scripting attack, or spoof a website address. US-CERT encourages users and administrators to review Appl...
Apple Releases Multiple Security Updates
Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities for the following products. Apple TV 2nd generation iPhone 3GS iPhone 4 and 4S iPod Touch 3rd generation and later iPad and iPad 2 iTunes for Windows 7, Vista, and XP service pack 2 or late...
Adobe Releases Update for Adobe Flash Player
Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities affecting the following software versions: Adobe Flash Player 11.1.102.62 and earlier versions from Windows, Linux, and Solaris operating systems Adobe Flash Player 11.1.115.6 and earlier versions fo...
Microsoft Releases February Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .Net Framework, Silverlight, Office, and Server Software as part of the Microsoft Security Bulletin Summary for February 2012. These vulnerabilities may allow an attacker to execute arbitrary code o...
Google Releases Chrome 15.0.874.121
Google has released Chrome 15.0.874.121 for Linux, Mac, Windows, and Chrome Frame to address a vulnerability. This vulnerability allows an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome...
Fraudulent Digital Certificates Could Allow Spoofing
US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the pare...
Google Releases Chrome 15.0.874.120
Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Mozilla Releases Firefox 8 and 3.6.24
The Mozilla Foundation has released Firefox 8 and Firefox 3.6.24 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-services condition, obtain sensitive information, or perform a cross-si...
Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing
Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code. Microsoft has indicated th...
Microsoft Releases November Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for November 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges...
Adobe Releases Security Advisory for Adobe Reader and Acrobat
Adobe has released a security advisory to address multiple vulnerabilities in Adobe Reader and Acrobat. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges. US-CERT encourages users and administrators to review Adobe security...
RIM Releases Security Advisory for BlackBerry Enterprise Server
RIM has released a security advisory to address a vulnerability in the BlackBerry MDS Connection Service and BlackBerry Messaging Agent for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or gain unauthorized access to the BlackBerry Enterprise...
Adobe Releases Security Bulletins for Multiple Products
Adobe has released security bulletins to alert users of critical and important vulnerabilities in multiple products. The following products are affected: Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems Adobe Flash Player 10.3.181.36 and earlie...
Oracle Releases Critical Patch Update for July 2011
Oracle has released its Critical Patch Update for July 2011 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 13 for Oracle Database Server 3 for Oracle Secure Backup 7 for Oracle Fusion Middleware 18 for Oracle Enterprise Manager 1 for...
Google Releases Chrome 12.0.742.112
Google released Chrome 12.0.742.112 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. This update also contains an updated version of Adobe Flash. US-CERT encourages users and...
Google Releases Chrome 12.0.742.100
Google released Chrome 12.0.742.100 for Windows, Mac, Linux, and Chrome Frame to address a critical vulnerability in the Flash player plug-in. This vulnerability could allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review the Google Chrome...