Security Advisories
-
2014-253: Microsoft Security Bulletin MS14-068 - Critical Vulnerability in Kerberos Could Allow Elevation of Privileges
Thursday, November 20, 2014 10:18:00 AM CETThe vulnerability in Microsoft Windows Kerberos KDC could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.
-
2014-249: Malware distribution to German-speaking users
Thursday, November 20, 2014 10:15:00 AM CETCERT-EU has identified a malware distribution and fraud campaign with focus on german-speaking users.
-
2014-248: IMPORTANT: Critical Vulnerability in Schannel Could Allow Remote Code Execution (KB2992611) CVE-2014-6321
Thursday, November 20, 2014 10:11:00 AM CETA privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows has been found.
-
2014-169: NEW SSLv3 Padding Oracle On Downgraded Legacy Encryption attack
Thursday, November 20, 2014 10:09:00 AM CETThe SSL protocol 3.0, as used in OpenSSL and other products, uses non-deterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-oracle attack, aka the "POODLE" issue.
-
2014-138: New: BadUSB
Thursday, November 20, 2014 10:07:00 AM CETBadUSB is a dangerous USB security flaw that allows attackers to turn a simple USB device into a keyboard, which can then be used to type malicious commands into the victim's computer.
-
2014-137: BASH Vulnerability
Thursday, November 20, 2014 10:05:00 AM CETGNU BASH is prone to remote code execution vulnerability. Vulnerable GNU BASH versions processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code.
-
2014-054: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Wednesday, June 11, 2014 10:06:00 AM CESTMultiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack.
-
2014-053: Multiple Vulnerabilities in OpenSSL
Wednesday, June 11, 2014 10:04:00 AM CESTSeveral vulnerabilities have been discovered in OpenSSL library.
-
2014-052: GnuTLS Hello Vulnerability
Thursday, June 05, 2014 09:09:00 AM CESTThis vulnerability affects the client side of the GnuTLS library. A server that sends a specially crafted Server Hello could corrupt the memory of a requesting client.
-
2014-051: Cisco RADIUS DoS
Friday, May 23, 2014 01:57:00 PM CESTCisco Identity Services Engine Software (ISE) is an authentication, authorization, and accounting application.
-
2014-050: Microsoft Internet Explorer 8 Remote Code Execution
Friday, May 23, 2014 01:55:00 PM CESTInternet Explorer 8 is prone to a remote code-execution vulnerability due to a use-after-free condition.
-
2014-049: Microsoft Security Updates
Friday, May 16, 2014 11:08:00 AM CESTMicrosoft has published on a number of new security updates which has been released on May 08, 2014.
-
2014-048: Security updates available for Adobe Reader and Acrobat
Friday, May 16, 2014 11:06:00 AM CESTAdobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.
-
2014-047: Security updates available for Adobe Flash Player
Friday, May 16, 2014 11:05:00 AM CESTAdobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux.
-
2014-046: BIND nameservers security update
Thursday, May 15, 2014 03:08:00 PM CESTA defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes.
-
2014-045: FreeBSD Security Advisory
Thursday, May 15, 2014 03:07:00 PM CESThen network packets making up a TCP stream (``TCP segments'') are received out-of-sequence, they are maintained in a reassembly queue by the destination system until they can be re-ordered and re-assembled.
-
2014-044: Citrix NetScaler Application Delivery Security Update
Thursday, May 15, 2014 03:04:00 PM CESTA number of security vulnerabilities have been identified in the management component of the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products.
-
2014-043: Oracle Critical Patch Update Advisory
Thursday, May 08, 2014 04:31:00 PM CESTThe Oracle Critical Patch Update for April 2014 [1] were released.
-
2014-042: Security updates available for Adobe Flash Player
Tuesday, April 29, 2014 04:12:00 PM CESTAdobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux.
-
2014-041: UPDATE Vulnerability in Internet Explorer Could Allow Remote Code Execution
Monday, May 12, 2014 04:28:00 PM CESTUPDATE: Microsoft has issued a cumulative security update for Internet Explorer (no 2965111) resolving the publicly disclosed vulnerability (CVE-2014-1776 [1]) as well as other eight privately reported vulnerabilities in IE [2].
-
2014-040: VMware Security Advisories (VMSA-2014-0004.6)
Wednesday, April 23, 2014 04:20:00 PM CESTVMware product updates address OpenSSL security vulnerabilities.
-
2014-039: VMware Security Advisories
Wednesday, April 23, 2014 04:19:00 PM CESTVMware vSphere Client updates address security vulnerabilities
-
2014-038: Oracle Critical Patch Update Advisory of April 2014
Wednesday, April 23, 2014 04:17:00 PM CESTOracle Critical Patch Update Advisory of April 2014 contains 104 new security fixes across the product families.
-
2014-037: Apache Tomcat Update
Thursday, April 10, 2014 10:56:00 AM CESTIt was possible to craft a malformed Content-Type header for a multipart request that caused Apache Tomcat to enter an infinite loop. A malicious user could, therefore, craft a malformed request that triggered a denial of service.
-
2014-036: Microsoft Security Updates
Wednesday, April 09, 2014 03:23:00 PM CESTMicrosoft has published on a number of new security updates which has been released on April 08, 2014.
-
2014-035: Security updates available for Adobe Flash Player
Wednesday, April 09, 2014 03:16:00 PM CESTAdobe has released security updates for Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.346 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.
-
2014-034: UPDATE OpenSSL CRITICAL vulnerability
Friday, April 11, 2014 09:57:00 AM CESTOpenSSL library is vulnerable to a memory leakage. Both servers and clients are affected. It can lead to a leak of the content of the memory allowing access to private keys, credentials, or any other confidential data . There are already some proofs of concept of this vulnerability available in the wild exploiting servers and clients.
-
2014-033: Multiple vulnerabilities in Cisco IOS
Friday, April 04, 2014 02:47:00 PM CESTCisco released its semiannual Cisco IOS Software Security Advisory Bundled Publication on March 26, 2014.
-
2014-032: Vulnerability in Microsoft Word could allow remote code execution
Thursday, March 27, 2014 02:37:00 PM CETThere is a vulnerability affecting multiple versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
-
2014-031: Security updates available for Adobe Flash Player
Thursday, March 13, 2014 04:19:00 PM CETAdobe has released security updates for Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. [1]
-
2014-030: Multiple vulnerabilities in Microsoft products
Thursday, March 13, 2014 04:16:00 PM CETMicrosoft released five bulletins [1] to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight.
-
2014-029: Snake Campaign and Cyber Espionage Toolkit
Thursday, March 13, 2014 04:10:00 PM CETBAE Systems have recently published a report on so called Snake Campaign and Cyber Espionage Toolkit [1].
-
2014-028: Cisco Small Business Router Password Disclosure Vulnerability
Tuesday, March 11, 2014 11:24:00 AM CETA vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device.
-
2014-027: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Tuesday, March 11, 2014 11:21:00 AM CETThe Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities
-
2014-026: JBoss Enterprice Aplication Platform update
Tuesday, March 11, 2014 11:19:00 AM CETAn update for Red Hat JBoss Enterprise Application Platform 6.2.1 is now available from the Red Hat Customer Portal.
-
2014-025: SSL/TSL implementation security Issues
Tuesday, March 11, 2014 11:18:00 AM CETRecently have been published a couple of bugs in ssl/tsl protocol from Apple [1] and GNU [2].
-
2014-024: SOHO routers vulnerabilities leading to man-in-the-middle attack
Tuesday, March 11, 2014 11:17:00 AM CETDifferent vulnerabilities and default configuration in several brands of SOHO routers allowed dns misconfiguration in hundreds of thousands of devices.
-
2014-023: Cisco Prime Infrastructure Command Execution Vulnerability
Tuesday, March 11, 2014 11:16:00 AM CETA vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.
-
2014-022: SSL Vulnerability in iOS and OS X
Wednesday, February 26, 2014 11:40:00 AM CETDue to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.
-
2014-021: Microsoft Security Advisory
Monday, February 24, 2014 03:11:00 PM CETMicrosoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10.
-
2014-020: Microsoft Security Advisory related to Adobe Flash Player
Monday, February 24, 2014 03:09:00 PM CETMicrosoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
-
2014-019: Security updates available for Adobe Flash Player
Monday, February 24, 2014 03:07:00 PM CETAdobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux.
-
2014-018: JBoss Enterprice Aplication Platform update
Friday, February 21, 2014 02:38:00 PM CETAn update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.
-
2014-017: Title: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
Friday, February 21, 2014 02:09:00 PM CETCisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system.
-
2014-016: Multiple Vulnerabilities in Cisco IPS Software
Friday, February 21, 2014 02:07:00 PM CETCisco Intrusion Prevention System (IPS) Software is affected by the following vulnerabilities
-
2014-015: Cisco UCS Director Default Credentials Vulnerability
Friday, February 21, 2014 02:04:00 PM CETA vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.
-
2014-014: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
Friday, February 21, 2014 02:01:00 PM CETA vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.
-
2014-013: Man-in-the-Middle Attack Against Email Synchronization
Friday, February 21, 2014 01:59:00 PM CETThe attack consists in spoofing a SSID of a WiFi network to which devices try to connect (most devices actively advertise SSIDs of all networks known to them). Once a device connects to such network and tries to synchronize e-mails, a malicious server inside the spoofed network may potentially be able to access the email credentials. In case the SSL is used, a such server may try to impersonate the target email server and perform the SSL handshake, if the device is set to accept self-signed certificates.
-
2014-012: Security updates available for Adobe Flash Player
Friday, February 14, 2014 12:12:00 PM CETAdobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system.
-
2014-011: Security update available for Adobe Shockwave Player
Friday, February 14, 2014 12:09:00 PM CETAdobe has released a security update for Adobe Shockwave Player 12.0.7.148 and earlier versions on the Windows and Macintosh operating systems. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system.
-
2014-010: Critical Vulnerability in MediaWiki Platform
Wednesday, February 05, 2014 09:25:00 AM CETResearchers have discovered a critical vulnerability in the popular MediaWiki Web platform, which is used to run Wikipedia and tens of thousands of other wiki sites around the world. This vulnerability allows an attacker to perform remote code execution
-
2014-009: Microsoft Security Updates
Friday, February 14, 2014 12:06:00 PM CETMicrosoft has published on a number of new security updates. This advisory is intended to help you plan for the deployment of these security updates more effectively.
-
2014-008: UPDATED Bios update for Hewlett Packard server products
Wednesday, February 26, 2014 11:52:00 AM CETThere is a Bios update for HP Proliant G7 server.
-
2014-007: Denial of Service on Bind BIND nameservers
Thursday, January 23, 2014 03:04:00 PM CETBecause of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones.
-
2014-006: VMware multiple vulnerabilities
Thursday, January 23, 2014 03:03:00 PM CETVMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues: VMware ESXi and ESX NFC NULL pointer dereference (CVE-2014-1207).
-
2014-005: Multiple Bugfixes in PHP
Thursday, January 23, 2014 03:00:00 PM CETThe PHP development team announces the immediate availability of PHP 5.5.8. About 15 bugs were fixed. The PHP development team announces the immediate availability of PHP 5.4.20. About 30 bugs were fixed.
-
2014-004: Multiple Vulnerabilities in Cisco Secure Access Control System
Thursday, January 23, 2014 02:57:00 PM CETCisco Secure Access Control System (ACS) is affected by the following vulnerabilities: -Cisco Secure ACS RMI Privilege Escalation Vulernability -Cisco Secure ACS RMI Unauthenticated User Access Vulnerability -Cisco Secure ACS Operating System Command Injection Vulnerability
-
2014-003: Oracle Critical Patch Update Advisory of January 2014
Tuesday, January 21, 2014 03:03:00 PM CETOracle Critical Patch Update Advisory of January 2014 contains 144 new security fixes across the product families.
-
2014-002: Multiple Microsoft vulnerabilities
Tuesday, January 21, 2014 03:01:00 PM CETThe vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. [1]
-
2014-001: Multiple Adobe vulnerabilities
Tuesday, January 21, 2014 02:59:00 PM CETAdobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh.