Security Advisories
-
2016-84: Vulnerability in Java installers
Thursday, February 11, 2016 03:28:00 PM CETA user can be tricked into downloading files before installing Java 6, 7 or 8 resulting to a full compromise of his system.
-
2016-62: SSH Login vulnerability on multiple Fortinet products
Tuesday, January 26, 2016 03:45:00 PM CETThe FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible.
-
2016-50: OpenSSH roaming feature vulnerabilities
Tuesday, January 19, 2016 10:21:00 AM CETSince version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. [1]
-
2016-45: FortiOS login vulnerability
Tuesday, January 19, 2016 10:19:00 AM CETThe FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible. A Pyhton script was released that can be used to exploit the vulnerability.
-
2016-142: UPDATE Critical Firefox Vulnerability
Thursday, December 01, 2016 04:00:00 PM CETOn 29th of November 2016, a JavaScript code exploiting a vulnerability in Firefox has been discovered. The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code [5].
-
2016-141: Black Nurse ICMP DOS attacks
Monday, November 14, 2016 05:11:00 PM CETTDC-SOC-CERT the CERT from TDC A/S, a Danish telecommunications company, observed and started analyzing a number of denial of service attacks (DOS) based on the ICMP protocol.
-
2016-140: URGENT - 0 day Adobe Flash vulnerability
Thursday, October 27, 2016 10:32:00 AM CEST"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system."
-
2016-139: Linux Kernel vulnerability "Dirty COW"
Monday, October 24, 2016 11:40:00 AM CESTIt has been reported a serious vulnerability that has been present for nine years in a section of the Linux kernel, which is most probably part of all the distributions of this OS.
-
2016-138: IKEv1 vulnerability in CISCO devices
Monday, September 26, 2016 09:38:00 AM CESTThe advisory recommends integrity checks and provides detection guidance for the IKEv1 vulnerabilities discovered by CISCO in its devices.
-
2016-137: Critical Adobe Flash Player vulnerabilities
Thursday, September 15, 2016 04:08:00 PM CESTAdobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS to address multiple critical vulnerabilities.
-
2016-136: Pegasus Spyware targeting iOS devices
Wednesday, August 31, 2016 03:14:00 PM CESTThree critical zero-day vulnerabilities were discovered, impacting Apple iOS and OS X devices. This advisory presents recommendations for end-users and Mobile Device Management administrators.
-
2016-135: Leak of hacking tools targeting Fortinet devices
Tuesday, August 30, 2016 04:21:00 PM CESTOn 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include Fortinet devices. This advisory presents risk mitigation recommendations.
-
2016-133: Leak of hacking tools targeting CISCO firewalls
Tuesday, August 23, 2016 12:11:00 PM CESTOn 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include CISCO Adaptive Security Appliance (ASA) and PIX firewalls. This advisory presents risk mitigation recommendations.
-
2016-132: SMB bug allows to leak user login and NTLMv2 hashes
Thursday, August 04, 2016 01:28:00 PM CESTThe Server Message Block (SMB) protocol is a network protocol allowing files and printers sharing over different networks (TCP/IP included).
-
2016-130: HTTPoxy - CGI "HTTP_PROXY" variable name clash
Wednesday, July 20, 2016 03:45:00 PM CESTWeb servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts [1].
-
2016-129: Drupal RESTful Web Services Module Remote Code Execution Vulnerability
Friday, July 15, 2016 02:42:00 PM CESTThe RESTful Web Services module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
-
2016-128: Drupal Webform Multiple File Upload Module Remote Code Execution Vulnerability
Thursday, July 14, 2016 02:38:00 PM CESTThe Webform Multiple File Upload module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
-
2016-127: Drupal Coder Module Remote Code Execution Vulnerability
Thursday, July 14, 2016 02:37:00 PM CESTThe Coder module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
-
2016-125: Critical vulnerability in Adobe Flash Player
Tuesday, May 17, 2016 10:28:00 AM CESTA critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system [1].
-
2016-124: Critical vulnerability in ImageMagick allowing remote code execution
Wednesday, May 04, 2016 02:41:00 PM CESTOn May 3rd, 2016, security researchers reported several bugs in ImageMagick [1], a package commonly used by web services to process images. [2][3]
-
2016-123: Badlock Bug in Windows and Samba
Wednesday, April 13, 2016 02:18:00 PM CESTOn April 12th, 2016 Badlock, a crucial security bug in Windows and Samba was disclosed.
-
2016-122: Cisco - Denial of Service Vulnerabilities
Wednesday, April 13, 2016 02:15:00 PM CESTThe March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes six Cisco Security Advisories that describe vulnerabilities in Cisco IOS Software.
-
2016-121: UPDATE Remote Code Execution in all git versions (client + server) < 2.7.1
Thursday, March 17, 2016 12:37:00 PM CETVersion: 17/03/2016 Corrigendum initial publication typos A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
-
2016-120: Remote Code Execution in all git versions (client+server)<2.7.1
Wednesday, March 16, 2016 04:17:00 PM CETA vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
-
2016-119: CISCO CVE-2016-1329
Tuesday, March 15, 2016 09:38:00 AM CETA vulnerability in Cisco NX-OS Software allows a perpetrator to connect to the device with administrative privileges.
-
2016-118: DROWN Attack
Wednesday, March 02, 2016 10:13:00 AM CETA vulnerability in SSLv2 can lead to a compromise the cryptographic scheme of safe transactions over Internet. The attack that exploits the vulnerability is called "DROWN". The attacker can easily interfere between client and server and monitor the transaction or even alter it. In other words, the vulnerability allows successful Man-In-the-Middle attacks.
-
2016-117: Palo Alto critical bugs
Wednesday, March 02, 2016 10:11:00 AM CETPalo Alto Networks has revealed four new vulnerabilities
-
2016-116: Vulnerability in Microsoft Enhanced Mitigation Experience Toolkit
Thursday, February 25, 2016 04:15:00 PM CETThe Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited.
-
2016-115: UPDATE CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
Wednesday, February 17, 2016 02:52:00 PM CETUpdated: CentOS has released updates to vulnerability remedy. F5 has published information about products affected products.
-
2016-114: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
Wednesday, February 17, 2016 01:19:00 PM CETVulnerability in glibc allows unauthenticated attacker to remotely exploit and cause: - Denial-of-Service (DoS) - Remote code execution (administrator / root privileges) - Remote code execution (User)
-
2016-113: CISCO IKE v1 and v2 Vulnerability
Thursday, February 11, 2016 03:59:00 PM CETA vulnerability in the Internet Key Exchange .v1 and .v2 of CISCO ASA software can be exploited causing DOS or even remote code execution.
-
2015-761: Crypto implementation flaws in Pacom GMS System
Tuesday, January 19, 2016 10:15:00 AM CETThe Pacom 1000 implementation have several serious implementation flaws in cryptography mechanisms. The flaws that were found can bypass the security of any unpatched installation. The issue could affect the Psysical Security entities of a constituent depending on the infrastructure.