image
image

 Home News Alerts Trends Statistics Research Services Incident Reporting Training/Events Links Careers Contact About



OPEN SOURCE VULNERABILITY DATABASE

________________

GENERAL SECURITY TIPS

Keep your computer updated with the latest vendor patches

Use anti-virus software and ensure its signatures are updated regularly

Use a personal or host-based firewall

Exercise caution when opening e-mail attachments or following unsolicited links
________________

Alerts and Updates:
Adobe
Apple
Borderware
Cisco Systems
GnuPG
Microsoft
Mozilla
OpenOffice
Opera
PGP
Real Networks
Red Hat
Skype
Snort
Sun
VideoLAN
Wireshark

IPS/IDS Signature Updates:
Cisco
Snort

Note: The majority of links on this page are to external websites. ________________

Alerts and Updates (Archives) for Jul 2007 to Dec 2007
The alert and updates listed on this page are a brief summary of those derived from the Internet, other Computer Emergency Teams, vendors, and the community at large. It is by no means intended to be a comprehensive list... more products may be added on request. It is recommended that you subscribe directly to Vendor security alerts relevant to your systems as well as augment your product security from a number of different security resources.

NZCERT uses the following colour codings to classify these alerts and updates:

Critical
Important
Moderate
Low
Unassigned or classification not available

Note: Where Vendors use the Common Vulnerability Scoring System (CVSS), NZCERT uses this to classify the vulnerability using the above categories. If multiple CVSS scores are provided under the same security alert, this classification is based on the highest CVSS Temporal Score when available. More information on CVSS can be found here.

Archived alerts can be found here.

Adobe
Adobe: Vulnerabilities in some SWF files could allow cross-site scripting23Dec07
Adobe: Flash Player update available to address security vulnerabilities11Dec07
Adobe: Update available for ColdFusion MX 7 and ColdFusion 8 potential session hijacking issue13Nov07
Adobe: Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat22Oct07
Adobe: Potential Vulnerability with Adobe Flash Player and Opera on Mac OSX19Oct07
Adobe: GoLive 9 update to address potential security vulnerabilities09Oct07
Adobe: Illustrator CS3 update to address potential security vulnerabilities09Oct07
Adobe: Patch available for PageMaker buffer overflow vulnerability09Oct07
Adobe: Patch available for Adobe Connect Enterprise Server information disclosure issue11Sep07
Adobe: Photoshop CS2 and CS3 updates to address security vulnerabilities10Jul07
Adobe: Flash Player update available to address security vulnerabilities10Jul07

Apple
Apple: Security Update 2007-009 v1.1 released to address security vulnerabilities for Mac OS X 10.4.11 and 10.5.121Dec07
Apple: Safari 3 Beta Update 3.0.4 Security Update for 1.1 Windows Vista/XP21Dec07
Apple: Safari 3 Beta Update 3.0.4 Security Update for Windows Vista/XP17Dec07
Apple: Security Update 2007-009 released to address security vulnerabilities for Mac OS X 10.4.11 and 10.5.117Dec07
Apple: Java Release 6 released for Mac OS X 10.4 to address security vulnerabilities13Dec07
Apple: QuickTime 7.3.1 Security Update released to address security vulnerabilities13Dec07
Apple: Mac OS X 10.5.1 Security Update released to address security vulnerabilities15Nov07
Apple: Mac OS X 10.4.11 and Security Update 2007-008 released to address security vulnerabilities14Nov07
Apple: Safari 3 Beta Update 3.0.4 released to address security vulnerabilities14Nov07
Apple: iPhone 1.1.2 and iPod touch 1.1.2 released to address security vulnerabilities12Nov07
Apple: Quicktime 7.3 released to address security vulnerabilities05Nov07
Apple: Xcode Tools 2.5 released to address security vulnerabilities30Oct07
Apple: Security Update for QuickTime 7.203Oct07
Apple: iPhone 1.1.1 Update27Sep07
Apple: iTunes 7.4 released to address security vulnerabilities05Sep07
Apple: Firmware Update 7.2.1 for AirPort Extreme Base Station with 802.11n 29Aug07
Apple: Security Update 2007-007 for Mac OS X 10.3.9, and X 10.4.10 31Jul07
Apple: iPhone v1.0.1 Update for iPhone v1.0 31Jul07
Apple: Safari 3 Beta Update 3.0.3 for Mac OS X v10.4.9 or later, Windows XP / Vista 31Jul07
Apple: QuickTime 7.2 released for MAC and Windows to address multiple security vulnerabilities 11Jul07

Borderware

Cisco Systems
Cisco: Application Inspection Vulnerability in Cisco Firewall Services Module19Dec07
Cisco: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability05Dec07
Cisco: Cisco Unified Communications Web-based Management Vulnerability17Oct07
Cisco: Cisco Unified Communications Manager Denial of Service Vulnerabilities17Oct07
Cisco: Multiple Vulnerabilities in Cisco PIX and ASA Appliance17Oct07
Cisco: Multiple Vulnerabilities in Firewall Services Module17Oct07
Cisco: Cisco Wireless Control System Conversion Utility Adds Default Password10Oct07
Cisco: Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities 05Sep07
Cisco: Denial of Service Vulnerabilities in Content Switching Module05Sep07
Cisco: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page29Aug07
Cisco: Local Privilege Escalation Vulnerabilities in Cisco VPN Client15Aug07
Cisco: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager08Aug07
Cisco: Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR08Aug07
Cisco: Cisco IOS Next Hop Resolution Protocol Vulnerability08Aug07
Cisco: Cisco IOS Secure Copy Authorization Bypass Vulnerability08Aug07
Cisco: Vulnerability in Java Secure Socket Extension25Jul07
Cisco: Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software 24Jul07
Cisco: Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software 18Jul07
Cisco: Cisco Unified Communications Manager Overflow Vulnerabilities11Jul07
Cisco: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities 11Jul07

GnuPG

Microsoft
Microsoft: Security Bulletin for Dec 2007 (3 updates critical) 11Dec07
Microsoft: Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure03Dec07
Microsoft: Information Security at Microsoft Overview Whitepaper Released20Nov07
Microsoft: Security Bulletin for Nov 2007 (1 update critical) 13Nov07
Microsoft: Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege05Nov07
Microsoft: URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows IE 7 Could Allow Remote Code Execution - Updated25Oct07
Microsoft: Microsoft releases Security Intelligence Report (Jan to Jun 2007)22Oct07
Microsoft: URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows IE 7 Could Allow Remote Code Execution10Oct07
Microsoft: Security Bulletin for Oct 2007 (4 updates critical) 09Oct07
Microsoft: Security Bulletin for Sep 2007 (1 update critical) 11Sep07
Microsoft: Security Bulletin for Aug 2007 (6 updates critical) 14Aug07
Microsoft: Update to Improve Kernel Patch Protection 14Aug07
Microsoft: Microsoft releases IE7 Security Guide 09Aug07
US-CERT: Microsoft Windows URI Protocol Handling Vulnerability 27Jul07
Microsoft: Security Bulletin for Jul 2007 (4 updates critical) 10Jul07

Mozilla
Mozilla: Thunderbird 1.5.0.14 upgrade available for 1.5.0.13 install package users19Dec07
Mozilla: Firefox 2.0.0.10 released to addressed security vulnerabilities27Nov07
Mozilla: URIs with invalid %-encoding mishandled by Windows18Oct07
Mozilla: XPCNativeWrapper pollution using Script object18Oct07
Mozilla: Possible file stealing through sftp protocol18Oct07
Mozilla: XUL pages can hide the window titlebar18Oct07
Mozilla: File input focus stealing vulnerability18Oct07
Mozilla: Browser digest authentication request splitting18Oct07
Mozilla: onUnload Tailgating18Oct07
Mozilla: Crashes with evidence of memory corruption (rv:1.8.1.8)18Oct07
Mozilla: Firefox 2.0.0.7 released to address vulnerability exploiting Quicktime Media-Link files 19Sep07
Mozilla: Unescaped URIs passed to external programs 30Jul07
Mozilla: Privilege escalation through chrome-loaded about:blank windows 30Jul07
US-CERT: Mozilla Firefox URI Sanitization vulnerability 26Jul07
Mozilla: XPCNativeWrapper pollution 17Jul07
Mozilla: Unauthorized access to wyciwyg:// documents17Jul07
Mozilla: Remote code execution by launching Firefox from Internet Explorer17Jul07
Mozilla: File type confusion due to %00 in name17Jul07
Mozilla: Privilege escallation using an event handler attached to an element not in the document17Jul07
Mozilla: Frame spoofing while window is loading17Jul07
Mozilla: XSS using addEventListener and setTimeout17Jul07
Mozilla: Crashes with evidence of memory corruption17Jul07

OpenOffice
OpenOffice: Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)07Dec07
OpenOffice: Manipulated TIFF files can lead to heap overflows and arbitrary code execution 18Sep07

Opera Software
Opera: Opera 9.25 released to address cross domain scripting vulnerability19Dec07
Opera: Scripts can overwrite functions on pages from other domains19Oct07
Opera: External news readers and e-mail clients can be used to execute arbitrary code19Oct07
Opera: a specially crafted JavaScript can make Opera execute arbitrary code14Aug07
Opera: Opera's HTTP authentication cuts off long server names at the end19Jul07
Opera: data: URLs can spoof trusted trusted sites 19Jul07

PGP Corporation

Real Networks
Real Networks: Security Vulnerability in RealPlayer25Oct07
Real Networks: Security Vulnerability in RealPlayer19Oct07

Red Hat
Red Hat: v.5 autofs security update20Dec07
Red Hat: v.4 autofs security update20Dec07
Red Hat: v.4 and v.5 libexif security update19Dec07
Red Hat: v.4 and v.5 squid security update19Dec07
Red Hat: v.4 and v.5 mysql security update19Dec07
Red Hat: v.4 thunderbird security update19Dec07
Red Hat: v.4 kernel security and bug fix update19Dec07
Red Hat: v.4 and v.5 flash-plugin security update18Dec07
Red Hat: v.4 java-1.4.2-bea security update12Dec07
Red Hat: v.4 and v.5 autofs security update12Dec07
Red Hat: v.4 python security update10Dec07
Red Hat: v.4 and V.5 samba security and bug fix update10Dec07
Red Hat: v.4 openoffice.org2 security update05Dec07
Red Hat: v.4 and v.5 htdig security update03Dec07
Red Hat: v.4 and v.5 Kernel security update26Nov07
Red Hat: v.5 pcre security update26Nov07
Red Hat: v.4 pcre security update26Nov07
Red Hat: v.5 cairo security update21Nov07
Red Hat: v.4 and v.5 Firefox security update26Nov07
Red Hat: v.4 Seamonkey security update26Nov07
Red Hat: v.4 Java-1.5.0-ibm security update21Nov07
Red Hat: v.4 tcpdump security and bug fix update15Nov07
Red Hat: v.4 xterm security update15Nov07
Red Hat: v.4 openssh security and bug fix update15Nov07
Red Hat: v.4 wireshark security and bug fix update15Nov07
Red Hat: v.4 pam security, bug fix, and enhancement update15Nov07
Red Hat: v.4 httpd security, bug fix, and enhancement update15Nov07
Red Hat: v.4 mailman security and bug fix update15Nov07
Red Hat: v.4 openssl security and bug fix update15Nov07
Red Hat: v.4 openldap security and enhancement update15Nov07
Red Hat: v.4 and v.5 util-linux security update15Nov07
Red Hat: v.4 and v.5 samba security update15Nov07
Red Hat: v.4 and v.5 net-snmp security update15Nov07
Red Hat: v.4 and v.5 pcre security update15Nov07
Red Hat: v.4 and v.5 ruby security update13Nov07
Red Hat: v.4 kdegraphics security update12Nov07
Red Hat: v.4 and v.5 pcre security update09Nov07
Red Hat: v.4 and v.5 tetex security update08Nov07
Red Hat: v.5 openldap security and enhancement update08Nov07
Red Hat: v.4 cups security update07Nov07
Red Hat: v.4 gpdf security update07Nov07
Red Hat: v.4 xpdf security update07Nov07
Red Hat: v.5 tcpdump security and bug fix update07Nov07
Red Hat: v.5 openssh security and bug fix update07Nov07
Red Hat: v.5 mcstrans security and bug fix update07Nov07
Red Hat: v.5 pam security, bug fix, and enhancement update07Nov07
Red Hat: v.5 coolkey security and bug fix update07Nov07
Red Hat: v.5 wireshark security update07Nov07
Red Hat: v.5 httpd security, bug fix, and enhancement update07Nov07
Red Hat: v.4 and v.5 perl security update05Nov07
Red Hat: v.4 and v.5 pcre security update05Nov07
Red Hat: v.4 kernel update01Nov07
Red Hat: v.5 cups security and bug fix update31Oct07
Red Hat: v.4 and v.5 libpng security update23Oct07
Red Hat: v.5 kernel security update22Oct07
Red Hat: v.4 and v.5 flac security update22Oct07
Red Hat: v.4 and v.5 firefox security update19Oct07
Red Hat: v.4 and v.5 java-1.5.0-bea security update16Oct07
Red Hat: v.5 openssl security update12Oct07
Red Hat: v.4 and v.5 java-1.5.0-sun security update12Oct07
Red Hat: v.5 hplip security update11Oct07
Red Hat: v.4 and v.5 kdebase security update08Oct07
Red Hat: v.4 and v.5 kdelibs security update08Oct07
Red Hat: v.4 and v.5 elinks security update03Oct07
Red Hat: v.5 xen security update02Oct07
Red Hat: v.5 nfs-utils-lib security update02Oct07
Red Hat: v.5 kernel security update27Sep07
Red Hat: v.4 & v.5 gimp security update26Sep07
Red Hat: v.5 tomcat security update26Sep07
Red Hat: v.4 & v.5 php security update20Sep07
Red Hat: v.4 & v.5 libvorbis security update19Sep07
Red Hat: v.4 xorg-x11 security update19Sep07
Red Hat: v.4 nfs-utils-lib security update19Sep07
Red Hat: v.4 openoffice.org security update18Sep07
Red Hat: v.5 kernel security update13Sep07
Red Hat: v.4 & v.5 qt security update13Sep07
Red Hat: v.4 kernel security and bugfix update04Sep07
Red Hat: v.4 cyrus-sasl security and bug fix update04Sep07
Red Hat: v.5 aide security update04Sep07
Red Hat: v.5 krb5 security update04Sep07
Red Hat: v.4 & v.5 star security update04Sep07
Red Hat: v.4 & v.5 mysql security update30Aug07
Red Hat: v.4 & v.5 tar security update23Aug07
Red Hat: v.4 & v.5 RealPlayer security update17Aug07
Red Hat: v.5 gdm security and bug fix update07Aug07
Red Hat: v.4 libgtop2 security update07Aug07
Red Hat: v.4 java-1.5.0-ibm security update07Aug07
Red Hat: v.4 & v.5 java-1.4.2-ibm security update 06Aug07
Red Hat: v.4 java-1.5.0-sun security update06Aug07
Red Hat: v.4 & v.5 tetex security update 01Aug07
Red Hat: v.4 & v.5 qt security update 31Jul07
Red Hat: v.4 & v.5 cups security update 30Jul07
Red Hat: v.4 & v.5 kdegraphics security update 30Jul07
Red Hat: v.4 & v.5 poppler security update 30Jul07
Red Hat: v.4 gpdf security update 30Jul07
Red Hat: v.4 xpdf security update 30Jul07
Red Hat: v.4 & v.5 Bind security update24Jul07
Red Hat: v.4 seamonkey security update 18Jul07
Red Hat: v.4 thunderbird security update18Jul07
Red Hat: v.4 & v.5 firefox security update 18Jul07
Red Hat: v.5 tomcat security update 18Jul07
Red Hat: v.4 httpd security update 13Jul07
Red Hat: v.4 & v.5 flash-plugin security update12Jul07
Red Hat: v.5 xorg-x11-xfs security update 12Jul07
Red Hat: v.5 perl-Net-DNS security update 12Jul07
Red Hat: v.4 xorg-x11 security update 12Jul07
Red Hat: v.4 perl-Net-DNS security update 12Jul07
Red Hat: v.5 kernel security and bug fix update09Jul07

Snort

Skype

<
Sun
Sun: Security Vulnerabilities in the Apache 1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross Site Scripting (XSS) or Denial of Service (DoS)21Dec07
Sun: Cross-site Scripting Vulnerability in Sun Java System Web Server and Web Proxy Server21Dec07
Sun: Security Vulnerability in Sun Management Center (Sun MC) May Allow Unauthorized Access to System and Data18Dec07
Sun: Security Vulnerabilities in the Sun Ray Device Manager Daemon18Dec07
Sun: Multiple Security Vulnerabilities Within the GIMP Plugins18Dec07
Sun: Solaris 9 sshd(1M) Patches May Cause Incorrect Audit Data to be Logged18Dec07
Sun: Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data18Dec07
Sun: Solaris 10 Kernel Patches May Allow Privileged Remote Users to Gain Root Access to Files Shared by NFS Servers14Dec07
Sun: Manipulated Database Documents for StarOffice/StarSuite 8 May Lead to Arbitrary Code Execution07Dec07
Sun: Security Vulnerabilities in Early Versions of Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control Package (XCP) firmware may Result in a Denial of Service (DoS) Condition04Dec07
Sun: Users in lx(5) Branded Zones May be Able to Panic Solaris 10 x86 Systems30Nov07
Sun: A Security Vulnerability Resulting From Solaris 10 fcp(7D) and devfs(7FS) Interaction May Allow Certain File Operations to Cause a System Hang29Nov07
Sun: Security Vulnerabilities in libtiff(3) May Allow Denial of Service (DoS) or Privilege Elevation28Nov07
Sun: Race Condition in the Solaris Remote Procedure Calls (RPC) Module May Result in a System Panic28Nov07
Sun: A Security Vulnerability in unzip(1L) May Set Unintended Permissions on Extracted Files14Nov07
Sun: Multiple Security Vulnerabilities in the Solaris Tag Image File Format Library libtiff(3)12Nov07
Sun: Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 1008Nov07
Sun: A Security Vulnerability in Solaris Volume Manager (SVM) May Allow a Denial of Service (DoS)07Nov07
Sun: Security Vulnerability in the Sun Remote Services (SRS) Net Connect Software02Nov07
Sun: Multiple Security Vulnerabilities in the Layout Engine in Mozilla 1.7 for Solaris 8, 9 and 1030Oct07
Sun: Security Vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may Lead to a Denial of Service (DoS) Condition29Oct07
Sun: Multiple Security Vulnerabilities in JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 1026Oct07
Sun: Security Vulnerability in Solaris 10 SCTP INIT Processing26Oct07
Sun: Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function25Oct07
Sun: Multiple Memory Corruption Vulnerabilities in Layout Engine for Mozilla 1.722Oct07
Sun: Vulnerability in Java Runtime Environment Virtual Machine May Allow Untrusted Application or Applet to Elevate Privileges22Oct07
Sun: Security Vulnerabilities in Solaris Kernel Statistics Retrieval Process May Allow a Denial of Service (DoS)18Oct07
Sun: Two Security Vulnerabilities in the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be Modified or Allow for Arbitrarily Large Files to be Created16Oct07
Sun: FTP Security Vulnerability May Cause a Denial of Service to Sun StorEdge 3510 Data Services15Oct07
Sun: Security Vulnerability in the Solaris RPC Services Library (librpcsvc(3LIB)) may Lead to a Denial of Service (DoS) Against Networked File System13Oct07
Sun: Multiple Security Issues Within The X Font Server (xfs(1)) QueryXBitmaps and QueryXExtents Protocol Handlers10Oct07
Sun: Security Vulnerability in the Solaris Auditing (BSM) Related to Network Auditing May Lead to Denial of Service (DoS)10Oct07
Sun: Security Vulnerability in the Solaris 10 Virtual File System (VFS) may Lead to a Denial of Service (DoS) Condition09Oct07
Sun: Security Vulnerabilities in the Solaris Trusted Extensions "labeld" Service May Lead to a Denial of Service (DoS) Condition09Oct07
Sun: Security Vulnerability in the vuidmice(7M) STREAMS Modules May Lead to a Denial of Service (DoS) Condition08Oct07
Sun: Security Vulnerability in Mozilla 1.7 May Allow Arbitrary JavaScript Commands to be Run08Oct07
Sun: Java Runtime Environment (JRE) May Allow Untrusted Applets or Applications to Display An Oversized Window so that the Warning Banner is Not Visible to User03Oct07
Sun: Multiple Security Vulnerabilities in Java Web Start Relating to Local File Access03Oct07
Sun: Security Vulnerability in Java Runtime Environment With Applet Caching May Allow Network Access Restrictions to be Circumvented03Oct07
Sun: Security Vulnerabilities in Java Runtime Environment May Allow Network Access Restrictions to be Circumvented03Oct07
Sun: An Untrusted Java Web Start Application or Java Applet May Move or Copy Arbitrary Files by Requesting the User to Drag and Drop a File from Application or Applet Window to a Desktop Application02Oct07
Sun: Solaris 10 libc(3LIB) Patches May Cause svc.startd(1M) to Hang02Oct07
Sun: Security Vulnerability in Solaris Named Pipes (pipe(2)) May Allow Unauthorized Data Access02Oct07
Sun: Java SE 6: Update 3 Patches (equivalent to JDK 6 Update 3) WITHDRAWN02Oct07
Sun: Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution, Elevation of Privileges, Remote Shell Command Execution, or Denial of Service (DoS)28Sep07
Sun: Sun Fire X2100 M2/X2200 M2 ELOM is Vulnerable to Unauthorized Access 28Sep07
Sun: Installation of Sun Java System Access Manager 7.1 on Sun Java System Application Server 9.1 or 8.x May Compromise Application Server Security27Sep07
Sun: A Security Vulnerability in the Handling of Thread Contexts in the Solaris Kernel May Allow a Denial of Service (DoS)26Sep07
Sun: Security Vulnerability in the Human Interface Device (HID) Class Driver for Solaris25Sep07
Sun: Manipulated TIFF Files or Documents Containing Manipulated TIFF Files May Lead to Heap Overflows and Arbitrary Code Execution 24Sep07
Sun: Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack 18Sep07
Sun: Security Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M)) 05Sep07
Sun: A Security Vulnerability in Sun Cluster Software may Lead to Data Corruption and "send_mondo" Panics 31Aug07
Sun: Security Vulnerability With the Special File System (SPECFS) strfreectty() Function May Allow a Local Unprivileged User to Panic a System Document 31Aug07
Sun: Security Vulnerabilities in the ata(7D) Disk Driver May Lead to a Denial of Service Condition 21Aug07
Sun: Two Security Vulnerabilities in Solaris 8 Role Based Access Control (rbac(5)) may Allow Unauthorized Remote Access 16Aug07
Sun: Vulnerability in the Java Runtime Environment Font Parsing Code may Allow an Untrusted Applet to Elevate Privileges 15Aug07
Sun: A Security Vulnerability in Processing XSLT Style Sheets Affects Sun Java System Portal Server Software 7.0 03Aug07
Sun: Vulnerability in Redirect Functionality Affects Sun Java System Web Server 02Aug07
Sun: Solaris 10 Systems May Panic or Hang When Running Certain DTrace D Programs 30Jul07
Sun: Security Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning Attack25Jul07
Sun: A Security Vulnerability in lbxproxy(1) may Allow Unauthorized Read Access to Files 25Jul07
Sun: Security Vulnerability in libX11 for Solaris 25Jul07
Sun: JSP Source Code Exposure Issue on Windows Platform Affects Sun Java System Application Server 24Jul07
Sun: Security Vulnerability in Mozilla 1.7 May Allow Arbitrary JavaScript Commands to be Run24Jul07
Sun: Security Vulnerability With RSA Signatures Affects Solaris WAN Boot 24Jul07
Sun: A Security Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions 18Jul07
Sun: Security Vulnerability in the Kerberos Administration Daemon (kadmind(1M)) May Lead to Arbitrary Code Execution18Jul07
Sun: Security Vulnerability in Processing GIF Images in the Java Runtime Environment May Allow an Untrusted Applet to Elevate Privileges 16Jul07
Sun: Security Vulnerabilities in the Network Security Services (NSS) May Affect SSL Clients and SSL Servers 13Jul07
Sun: Security Vulnerability in the Kerberos Administration Daemon (kadmind(1M)) May Lead to Arbitrary Code Execution 12Jul07
Sun: Security Vulnerability in libX11 for Solaris 11Jul07
Sun: Security Vulnerability in the Logging Output of Sun Java System Access Manager10Jul07
Sun: Java Runtime Environment Does Not Securely Process XSLT Stylesheets Contained in XML Signatures10Jul07
Sun: Security Vulnerabilities in the Java Runtime Environment Image Parsing Code May Allow a Untrusted Applet to Elevate Privileges10Jul07
Sun: Security Vulnerability in the rcp(1) Command May Allow Execution of Unintended Commands10Jul07
Sun: Security Vulnerability in Processing XSLT Stylesheets Affects Sun Java System Application Server and Web Server10Jul07
Sun: Security Vulnerability in Java Web Start URL Parsing Code May Allow Untrusted Applications to Elevate Privileges10Jul07
Sun: Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition10Jul07
Sun: Cross-site Scripting Vulnerability (XSS) Affecting Pages Generated with JavaDoc Tool 03Jul07
Sun: A Security Vulnerability in the Implementation of the RPCSEC_GSS API Affects the Kerberos Administration Daemon (kadmind(1M)) 02Jul07

VideoLAN
VideoLAN: VLC media player 0.8.6d released to address security vulnerability 30Nov07

Wireshark
Wireshark: Wireshark 0.99.7 released to address security vulnerabilities23Nov07
Wireshark: Wireshark 0.99.6 released to address security vulnerabilities05Jul07

IPS / IDS Signature Updates

Cisco Systems
Cisco: IPS Update Bulletin 17 Dec 2007 (S312) (requires CCO login) 17Dec07
Cisco: IPS Update Bulletin 11 Dec 2007 (S311) (requires CCO login) 11Dec07
Cisco: IPS Update Bulletin 05 Dec 2007 (S310) (requires CCO login) 05Dec07
Cisco: IPS Update Bulletin 20 Nov 2007 (S309) (requires CCO login) 20Nov07
Cisco: IPS Update Bulletin 09 Nov 2007 (S308) (requires CCO login) 09Nov07
Cisco: IPS Update Bulletin 17 Oct 2007 (S307) (requires CCO login) 17Oct07
Cisco: IPS Update Bulletin 10 Oct 2007 (S306) (requires CCO login) 10Oct07
Cisco: IPS Update Bulletin 09 Oct 2007 (S305) (requires CCO login) 09Oct07
Cisco: IPS Update Bulletin 04 Oct 2007 (S304) (requires CCO login) 04Oct07
Cisco: IPS Update Bulletin 02 Oct 2007 (S303) (requires CCO login) 02Oct07
Cisco: IPS Update Bulletin 18 Sep 2007 (S302) (requires CCO login) 18Sep07
Cisco: IPS Update Bulletin 11 Sep 2007 (S301) (requires CCO login) 11Sep07
Cisco: IPS Update Bulletin 05 Sep 2007 (S300) (requires CCO login) 05Sep07
Cisco: IPS Update Bulletin 28 Aug 2007 (S299) (requires CCO login) 29Aug07
Cisco: IPS Update Bulletin 24 Aug 2007 (S298) (requires CCO login) 24Aug07
Cisco: IPS Update Bulletin 14 Aug 2007 (S297) (requires CCO login) 14Aug07
Cisco: IPS Update Bulletin 09 Aug 2007 (S296) (requires CCO login) 09Aug07
Cisco: IPS Update Bulletin 08 Aug 2007 (S295) (requires CCO login) 08Aug07
Cisco: IPS Update Bulletin 02 Aug 2007 (S294) (requires CCO login) 02Aug07
Cisco: IPS Update Bulletin 10 Jul 2007 (S293) (requires CCO login) 10Jul07

Snort
Snort: VRT Rules misc updates including a Samba buffer overflow and Microsoft Windows Media Format Runtime 18Dec07
Snort: VRT Rules misc updates including recent Microsoft Security Bulletins 12Dec07
Snort: VRT Rules misc updates for spyware and Trojan Horse threats 04Dec07
Snort: VRT Rules misc updates including Apple QuickTime RTSP buffer overflow 28Nov07
Snort: VRT Rules for vulnerability in Microsoft Windows XP and Microsoft Windows Server 2003 with IE 7 installed 13Nov07
Snort: VRT Rules for misc updates including spyware-put and backdoor rule sets 06Nov07
Snort: VRT Rules for misc updates including Microsoft Security Bulletin MS07-057 26Oct07
Snort: VRT Rules for misc updates including MCA BrightStor and Microsoft Security Bulletin MS07-057 23Oct07
Snort: VRT Rules for misc updates including Microsoft MS-058 and Kaspersky Online Scanner Heap Overflow 16Oct07
Snort: VRT Rules for misc updates including Microsoft security updates for Oct 2007 09Oct07
Snort: VRT Rules for misc updates including Computer Associates BrightStor ARCserve buffer overflow 02Oct07
Snort: VRT Rules for Firefox, ClamAV and the Apache HTTP Server 25Sep07
Snort: VRT Rules for Voice over IP (VoIP) rules and Content-Replace rules 17Sep07
Snort: VRT Rules for miscellaneous updates including Microsoft Agent, Microsoft Visual Studio and Microsoft MSN Messenger 11Sep07
Snort: VRT Rules for miscellaneous updates including Apple mDNSresponder Buffer Overflow 04Sep07
Snort: VRT Rules for miscellaneous updates including Trend Micro ServerProtect Buffer Overflows 28Aug07
Snort: VRT Rules for miscellaneous updates including Apple iPhone Safari, MS XML Core Services, MS OLE and MS Excel 21Aug07
Snort: VRT Rules for miscellaneous updates including Internet Explorer, Windows Media Player, XML Core Services, OLE, and Excel and the Graphics Rendering Engine 14Aug07
Snort: VRT Rules for miscellaneous updates incl Ipswitch IMail Server and Borland InterBase 07Aug07
Snort: VRT Rules for misc updates incl Microsoft Security Bulletin MS07-036 01Aug07
Snort: VRT Rules for misc updates incl MS Excel, CA Brightstor Arcserv Backup and MIT Kerebos 24Jun07
Snort: VRT Rules for misc updates incl Microsoft Windows Active Directory and Excel 12Jun07
Snort: VRT Rules for misc updates incl Microsoft IIS, .NET an Windows Firewall 10Jun07
Snort: VRT Rules for misc updates incl Ingres Database and MIT Kerberos Administration Daemon Buffer Overflow 03Jul07




 Home News Alerts Trends Statistics Research Services Incident Reporting Training/Events Links Careers Contact About
image
image
 ©Copyright 2006-2008 NZCERT All Rights Reserved
For more information feel free to contact us
image