| |
Vulnerabilities and Alerts:
SecurityFocus Vulnerabilities:
 30 Jul :
GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability
|
30 Jul :
Multiple Mozilla Products 'importScripts()' Method Cross Domain Information Disclosure Vulnerability
|
30 Jul :
Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability
|
30 Jul :
Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability
|
ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability
|
XSS vulnerability in Campsite
|
Akamai Download Manager arbitrary file download & execution
|
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
|
Microsoft Vulnerabilities:
13 Jul :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
13 Jul :
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
13 Jul :
Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
|
13 Jul :
Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.
|
8 Jun :
Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
|
8 Jun :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
|
8 Jun :
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
|
8 Jun :
Bulletin Severity Rating:Important - This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
8 Jun :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
|
8 Jun :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
|
8 Jun :
Bulletin Severity Rating:Critical - This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
8 Jun :
Bulletin Severity Rating:Critical - This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
|
8 Jun :
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
8 Jun :
Bulletin Severity Rating:Important - This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
|
11 May :
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
Redhat Vulnerabilities:
Red Hat Enterprise Linux: Updated qspice packages that fix a bug are now available.
|
Red Hat Enterprise Linux: This is the 3-month notification of the End Of Life plans for Red Hat
Enterprise Linux 3.
|
Red Hat Enterprise Linux: Updated freetype packages that fix various security issues are now
available for Red Hat Enterprise Linux 3.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
CVE-2010-2500, CVE-2010-2527, CVE-2010-2541
|
Red Hat Enterprise Linux: Updated freetype packages that fix various security issues are now
available for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527, CVE-2010-2541
|
Red Hat Enterprise Linux: Updated kvm packages that resolve several issues are now available.
|
Red Hat Enterprise Linux: Updated vdsm22 packages that fix several bugs are now available for Red Hat
Enterprise Linux 5.5.
|
Red Hat Enterprise Linux: Updated Xen packages that fix a bug are now available for Red Hat Enterprise
Linux.
|
Red Hat Enterprise Linux: An updated setup package that fixes various bugs is now available.
|
Red Hat Enterprise Linux: Updated rhev-hypervisor packages that fix several bugs are now available.
|
Secunia Vulnerabilities:
[CaRP] XML error: mismatched tag at line 45
CERT Vulnerabilities:
Oracle Updates for Multiple Vulnerabilities
|
Microsoft Updates for Multiple Vulnerabilities
|
Adobe Flash and AIR Vulnerabilities
|
Microsoft Updates for Multiple Vulnerabilities
|
Adobe Flash, Reader, and Acrobat Vulnerability
|
Microsoft Updates for Multiple Vulnerabilities
|
Adobe Reader and Acrobat Vulnerabilities
|
Oracle Updates for Multiple Vulnerabilities
|
Microsoft Updates for Multiple Vulnerabilities
|
Microsoft Internet Explorer Vulnerabilities
|
IGX Vulnerabilities:
[CaRP] Success (0)
[CaRP] XML error: mismatched tag at line 10
This page is created dynamically and was last updated :
31 July, 2010 GMT
|
|
