Security Advisories
-
2011-0032: Multiple vulnerabilities on Mozilla Firefox / Thunderbird / SeaMonkey
Wednesday, December 21, 2011 09:28:00 PM CETMultiple vulnerabilities have been found in Mozilla Firefox / Thunderbird. A fix is available.
-
2011-0031: Multiple vulnerabilities on JBoss Enterprise Portal Platform
Wednesday, December 21, 2011 09:24:00 PM CETMultiple vulnerabilities have been found in JBoss Enterprise Portal Platform. A patch is available.
-
2011-0030: RSA SecurID Software Token DLL Loading Arbitrary Code Execution
Wednesday, December 21, 2011 09:21:00 PM CETRSA SecurID Software Token is prone to a vulnerability that lets attackers execute arbitrary code. This vulnerability may be exploited to load arbitrary libraries by tricking a user into opening a Software Token file located on a compromised or malicious share.
-
2011-0028: Mozilla Firefox/Thunderbird/SeaMonkey information disclosure vulnerability
Wednesday, December 14, 2011 11:29:00 AM CETMozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 are prone to an information disclosure vulnerability, exploitable by a remote attacker to obtain information from the browser history.[1] Updated versions are available.[3]
-
2011-0027: Unspecified vulnerability in Adobe Flash Player 11.1.102.55
Wednesday, December 14, 2011 11:27:00 AM CETAdobe Flash Player 11.1.102.55 on Windows and Mac OS X is prone to remote attacks by execution of arbitrary code via a crafted SWF file.
-
2011-0025: JBoss Application Server Administrative Console Cross-Site Scripting
Monday, December 05, 2011 05:48:00 PM CETJBoss Application Server console is prone to a cross-site scripting vulnerability while handling DOM objects; fixes are available.
-
2011-0024: JBoss AS Administration Cross Site Request Forgery Vulnerability
Monday, December 05, 2011 05:47:00 PM CETJBoss AS is prone to a cross-site request-forgery vulnerability; fixes are available.
-
2011-0023: HP Printers and Digital Senders Remote Security Bypass Vulnerability
Friday, December 02, 2011 03:22:00 PM CETHP Printers and Digital Senders are prone to a security-bypass vulnerability leading to the installation of a malicious firmware
-
2011-0022: Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
Friday, November 25, 2011 02:42:00 PM CETApache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability Apache HTTP Server is prone to a security-bypass vulnerability.
-
2011-0021: Multiple Linux Kernel Vulnerabilities
Friday, November 25, 2011 02:41:00 PM CETLinux kernel is prone to multiple 'hardlink' stack-based buffer-overflow vulnerabilities and multiple integer-overflow vulnerabilities because of a failure to properly bounds check user-supplied input. Specifically, hardlink fails to properly handle deeply nested directories.
-
2011-0020: IBM Lotus Mobile Connect - Cross Site Scripting Vulnerability 9
Wednesday, November 23, 2011 05:58:00 PM CETIBM Lotus Mobile Connect is prone to a cross-site scripting vulnerability. Fixes are available. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
-
2011-0019: Linux Kernel - Remote Denial of Service Vulnerability
Wednesday, November 23, 2011 05:57:00 PM CETThe Linux kernel is prone to a remote denial-of-service vulnerability. Specifically, this issue occurs when using certain network drivers for handling VLAN 0 frames with the priority tag set. Attackers can remotely exploit this issue by sending specially crafted packets to the affected computer. An attacker can exploit this issue to cause the kernel to crash, denying service to legitimate users.
-
2011-0018: Linux Kernel - Remote Denial of Service Vulnerability
Wednesday, November 23, 2011 05:56:00 PM CETThe Linux kernel is prone to a remote denial-of-service vulnerability. To exploit this issue, attackers can use readily available network utilities.
-
2011-0017: Microsoft Windows Kernel Remote Code Execution Vulnerability
Wednesday, November 23, 2011 05:55:00 PM CETMicrosoft Windows is prone to a remote code-execution vulnerability. A commercial exploit is available for CORE IMPACT; urgency raised.
-
2011-0016: Oracle Java Remote Java Runtime Environment
Wednesday, November 23, 2011 05:41:00 PM CETOracle Java SE is prone to a remote vulnerability in Java Runtime Environment. A commercial exploit is available through VUPEN Security; urgency raised.
-
2011-0015: ISC BIND 9 Recursive Queries Remote DoS
Wednesday, November 23, 2011 05:37:00 PM CETISC BIND is prone to a remote denial-of-service vulnerability
-
2011-0014: Adobe Acrobat and Reader - Multiple Vulnarabilities
Wednesday, November 23, 2011 05:34:00 PM CETCritical vulnerabilities have been identified in Adobe Acrobat and Reader.
-
2011-0013: Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
Wednesday, November 23, 2011 05:10:00 PM CETOracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0013)
-
2011-0012: Adobe Flash Player - Multiple Vulnerabilities
Friday, November 11, 2011 06:09:00 PM CETCritical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. [1]
-
2011-0011: Mozilla Firefox and Thunderbird 'loadSubScript()' Security Bypass
Friday, November 11, 2011 06:01:00 PM CETMozilla Firefox and Thunderbird are prone to a security-bypass vulnerability [1]. This issue occurs because installed add-ons fail to properly use 'XPCNativeWrappers' in the 'loadSubScript()' function.
-
2011-0010: Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
Thursday, November 10, 2011 04:04:00 PM CETMozilla Firefox and Thunderbird are prone to an HTML-injection vulnerability CVE-2011-3648(Candidate) Exploits are available. Fixes are available.
-
2011-0009: Multiple vulnerabilities on Adobe Shockwave Player
Wednesday, November 09, 2011 04:59:00 PM CETAdobe Shockwave Player is prone to several memory corruption vulnerabilities [1] leading to arbitrary code execution.
-
2011-0008: Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability
Wednesday, November 09, 2011 04:58:00 PM CETOracle is prone to a buffer-overflow discovered in 2007 which remains unpatched [1][2]. An exploit code has become available [3] which raises the criticality of the advisory.
-
2011-0007: Potential DoS threat against SSL/TLS servers
Wednesday, November 09, 2011 04:54:00 PM CETA hacker group has released a tool [1] that can perform denial of service attacks against SSL based servers. The released tool exploits a flaw in the SSL secure renegotiation feature. The attack requires very low resources at the client side, a single PC with a DSL connection might be enough to take all resources of an average SSL server. It will require more resources (about 20 laptops) to take the resources of larger server farms. This makes the threat more important than standard DoS attempts through resource exhaustion.
-
2011-0006: Vulnerability on Apache HTTP server with mod_proxy exposes internal networks
Wednesday, October 12, 2011 08:55:00 AM CESTA vulnerability [1] has been released on the Apache HTTP server in reverse-proxy mode. The vulnerability impacts httpd 1.3 all versions and httpd 2.x all versions using the mod_proxy with certain configuration of RewriteRule or ProxyPassMatch. See [1] https://seclists.org/fulldisclosure/2011/Oct/232 for further details.
-
2011-0005: Background information about the recent "BEAST attack on SSL / TLS"
Thursday, September 29, 2011 04:59:00 PM CESTTwo security researchers demonstrated[1] an attack against encrypted SSL and TLS "cookies", which sometimes store credentials (for example, Google or Facebook) to keep a user logged in. The attack received a lot of media attention. This advisory aims at explaining what a potential attacker would need to do for a successful attack, and what can/must be done to mitigate it. Click for further details.
-
2011-0004: Adobe emergency patch for multiple Flash Player vulnerabilities
Thursday, September 29, 2011 04:57:00 PM CESTAdobe announced[1] the availability of a patch for multiple critical vulnerabilities found in Flash Player. Click for further details.
-
2011-0003: Oracle emergency patch for Apache HTTPD DoS vulnerability
Thursday, September 29, 2011 04:56:00 PM CESTOracle announced[1] the availability of a patch for a denial of service vulnerability in Apache HTTPD. Click for further details.