4188 matches found
Apple Releases Security Update for QuickTime
Apple has released a security update to address multiple vulnerabilities in QuickTime for Windows 7 and Windows Vista. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Apple security...
Apple Releases Security Updates for OS X Server, iOS, Safari, and Yosemite
Apple has released security updates for OS X Server, iOS, Safari, and Yosemite to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: iOS 8.4.1 for iPhone 4s and later, iPod...
Lenovo Service Engine (LSE) BIOS Vulnerability
Certain Lenovo personal computers contain a vulnerability in LSE a Lenovo BIOS feature. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Lenovo Security Advisories for notebooks and desktops...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe...
IC3 Issues Alert on DDoS Extortion Campaigns
The Internet Crime Complaint Center IC3 has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service DDoS attack to its website unless it pays a ransom. Businesses are warned against...
Google Releases Security Update for Chrome
Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and...
Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex
Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack. Users and...
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition. Users and administrators are encouraged to review...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey
The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 36.0.4 Firefox ESR 31.5.3 SeaMonkey...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-05 and apply the...
Lenovo Computers Vulnerable to HTTPS Spoofing
Lenovo consumer personal computers employing the pre-installed Superfish VisualDiscovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic HTTPS,...
Microsoft Releases Critical Security Bulletin
Microsoft has released Security Bulletin MS15-011 to address a critical vulnerability in Windows. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected system. This security update contains a new policy feature UNC Hardened Access which is not...
VMware Releases Security Updates for vCenter Server, vCenter Server Appliance, and ESXi
VMware has released a security advisory to address multiple vulnerabilities in vCenter Server, vCenter Server Appliance, and ESXi. Exploitation of these vulnerabilities may allow a remote attacker to perform man-in-the-middle or cross-site scripting attacks. US-CERT encourages users and...
Microsoft Releases November 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Exchange, .NET Framework, SharePoint, and Internet Explorer as part of the Microsoft Security Bulletin Summary for November 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, ...
Apple Releases Security Update 2014-005
Apple has released Security Update 2014-005 to address vulnerabilities in SSL 3.0. US-CERT recommends users and administrators review Apple Security Update HT6531 for additional details. This product is provided subject to this Notification and this Privacy & Use policy. Please share your thought...
OpenSSL Patches Four Vulnerabilities
OpenSSL has released updates patching four vulnerabilities, some of which may allow an attacker to cause a Denial of Service DoS condition or execute man-in-the-middle attacks. The following updates are available: OpenSSL 1.0.1 users should upgrade to 1.0.1j OpenSSL 1.0.0 users should upgrade to...
Cisco Releases Security Advisory for ASA Software
Cisco has released an advisory to address multiple vulnerabilities in the Cisco Adaptive Security Appliance ASA Software that could result in a denial of service condition. Cisco has released free software updates that address these vulnerabilities. Users and administrators are encouraged to revi...
Cisco Integrated Management Controller Vulnerability
Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial of service condition. Migration to relea...
Adobe Releases Security Updates for Flash Player, Adobe Reader and Acrobat
Adobe has released security updates to address multiple vulnerabilities in Flash Player, Adobe Reader and Acrobat. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security...
Oracle Releases July 2014 Security Advisory
Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 29 for Oracle Fusion Middleware 7 for Oracle Hyperion 1 for Oracle Enterprise Manager Grid Control 5...
Cisco Addresses Apache Struts 2 Vulnerability
Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system. Cisco products affected by this vulnerability include: Cisc...
Microsoft Releases May 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Server Software, Office Services, Web Apps, and Productivity Software as part of the Microsoft Security Bulletin Summary for May 2014. These vulnerabilities could allow remote code executions. US-CERT...
Google Releases Security Update for Chrome
Google has released Chrome 34.0.1847.137 for Windows, Mac, and Linux to address multiple vulnerabilities. Some of these vulnerabilities could potentially allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review the Google Chrome Blog post and...
Microsoft Releases April 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Office, Office Services, Web Apps, Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for April, 2014. These vulnerabilities could allow remote code executions. US-CERT encourages users and...
Google Releases Chrome Update
Google has released Google Chrome 33.0.1750.149 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review the Google Chrome release blog ent...
Cisco UCS Director Default Credentials Vulnerability
Cisco has released a security advisory to address a vulnerability in Cisco Unified Computing System UCS Director. This vulnerability could allow an unauthenticated, remote attacker to take complete control of the affected device due to a default root user account created during installation...
Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild
An unpatched Internet Explorer 10 use-after-free vulnerability is being exploited in the wild. CERT/CC Vulnerability Note VU732479 has been published with further details about the vulnerability. US-CERT recommends users protect themselves against this exploit by using Microsoft's EMET utility,...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 27 Firefox ESR 24.3 Thunderbird 24.3 Seamonkey 2.24 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended access restrictions, cause a...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow a local unauthenticated user to execute arbitrary commands with escalated privileges or cause a denial-of-service DoS condition. These vulnerabilities affect the following: Cisco...
Oracle Releases January 2014 Security Advisory
Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 22 for Oracle Fusion Middleware 2 for Oracle Hyperion 4 for Oracle E-Business Suite 16 for Oracle...
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe has released updates to the following products: Adobe Flas...
Mozilla Releases Updates for Firefox, Thunderbird, and Seamonkey
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 25.0 Firefox ESR 24.1 Firefox ESR 17.0.10 Thunderbird 24.1 Thunderbird ESR 17.0.10 Seamonkey 2.22 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypa...
Apple Releases OS X Mountain Lion v10.8.5 Supplemental Update
Apple has released an OS X Mountain Lion v10.8.5 Supplemental Update to address a vulnerability. This vulnerability could potentially allow a local attacker to bypass authentication controls. US-CERT encourages users and administrator to review Apple Security Article HT5964 and apply any necessar...
Google Releases Google Chrome 30
Google has released Chrome 30 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, spoof the address bar, or obtain sensitive information. US-CERT encourages users and...
Cisco Releases Security Advisory for Cisco WebEx Players
Cisco has released a security advisory to address multiple vulnerabilities in Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial of service condition. US-CERT encourages users...
Cisco Releases Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an unauthenticated, remote attacker the ability to modify data, execute arbitrary commands, or cause a denial of service DoS condition. US-CERT encourages users and administrators to...
Google Releases Google Chrome 28.0.1500.95
Google has released Google Chrome 28.0.1500.95 for Chrome Frame, Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass intended restrictions or cause a denial-of-service condition. US-CERT encourages users and administrators to...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 22.0 Firefox ESR 17.0.7 Thunderbird 17.0.7 Thunderbird ESR 17.0.7 These vulnerabilities could allow a remote attacker to execute arbitrary code and potentially cause a cross-site...
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities could cause a denial-of-service condition and potentially allow an attacker to execute arbitrary code and take control of an affected system. The following versions of Adobe Flash...
Google Releases Google Chrome 26.0.1410.57
Google has released Google Chrome 26.0.1410.57 for all Chrome OS devices to address a vulnerability. This vulnerability could allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best-practice security...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to address multiple vulnerabilities. These vulnerabilities could allow an unauthorized user to bypass authentication controls. US-CERT recommends that users and administrators review...
Apple Releases Security Updates for Safari on OS X
Apple has released security updates for Safari Webkit 6.0.3 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a cross-site scripting attack. Safari 6.0.3 WebKit updates are available for the following versions: OSX Lion...
Updated Release of the February 2013 Oracle Java SE Critical Patch Update
Oracle has released an updated February 2013 Critical Patch Update for Oracle Java SE to address a vulnerability. This vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on vulnerable systems or to provide unauthorized disclosure of information. The following...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 19.0 Firefox ESR 17.0.3 Thunderbird 17.0.3 Thunderbird ESR 17.0.3 SeaMonkey 2.16 These vulnerabilities could allow an attacker to execute arbitrary code, bypass security features, o...
Research In Motion Releases Security Update for BlackBerry Enterprise Server
Research In Motion RIM has released a security advisory for BlackBerry Enterprise Server to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or allow elevation of privileges. RIM has released updates for the following...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a security advisory for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or take control of the affected system. Adobe has released updates for the following versions: Adob...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix to address multiple vulnerabilities in Adobe ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh, and UNIX. These vulnerabilities could allow an attacker to bypass authentication controls. US-CERT recommends that users and administrators review...
Microsoft Releases Security Advisory on Fraudulent Digital Certificates
Microsoft has released Security Advisory 2798897 in response to active attacks using fraudulent digital certificates issued by TURKTRUST Inc. These fraudulent certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This vulnerability affects al...
Google Releases Google Chrome 23.0.1271.91
Google has released Google Chrome 23.0.1271.91 for Windows, Mac, Linux, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities could result in a denial of service or allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 14 Firefox ESR 10.0.6 Thunderbird 14 Thunderbird ESR 10.0.6 SeaMonkey 2.11 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition...