image
image

 Home News Alerts Trends Statistics Research Services Incident Reporting Training/Events Links Careers Contact About



GENERAL SECURITY TIPS

Keep your computer updated with the latest vendor patches

Use anti-virus software and ensure its signatures are updated regularly

Use a personal or host-based firewall

Exercise caution when opening e-mail attachments or following unsolicited links
________________

THE OPEN SOURCE VULNERABILITY DATABASE

________________

Alerts and Updates:
Adobe
Apple
Borderware
Cisco Systems
GnuPG
Microsoft
Mozilla
OpenOffice
Opera
PGP
Real Networks
Red Hat
Skype
Snort
Sun
VideoLAN
Wireshark

IPS/IDS Signature Updates:
Cisco
Snort

Note: The majority of links on this page are to external websites. ________________

Alerts and Updates
The alert and updates listed on this page are a brief summary of those derived from the Internet, other Computer Emergency Teams, vendors, and the community at large. It is by no means intended to be a comprehensive list... more products may be added on request. It is recommended that you subscribe directly to Vendor security alerts relevant to your systems as well as augment your product security from a number of different security resources.

NZCERT uses the following colour codings to classify these alerts and updates:

Critical
Important
Moderate
Low
Unassigned or classification not available

Note: Where Vendors use the Common Vulnerability Scoring System (CVSS), NZCERT uses this to classify the vulnerability using the above categories. If multiple CVSS scores are provided under the same security alert, this classification is based on the highest CVSS Temporal Score when available. More information on CVSS can be found here.

Archived alerts can be found here.

Adobe
Adobe: Presenter 7 update available to address potential Cross-site Scripting issues08Aug08
Adobe: Patch available for RoboHelp Server Cross-Site Scripting issue08Jul08
Adobe: Security Update available for Adobe Reader and Acrobat 8.1.223Jun08
Adobe: Update to Flex 3 to address potential cross-site scripting vulnerability 17Jun08
Adobe: Potential flash player security issue28May08
Adobe: Security Update available for Adobe Reader and Acrobat 7 and 806May08
Adobe: Potential vulnerability in After Effects CS306May08
Adobe: Potential vulnerability in Photoshop Album Starter Edition 3.221Apr08
Adobe: Update available for ColdFusion 8 CFC method access level issue04Apr08
Adobe: Flash Player update available to address security vulnerabilities04Apr08
Adobe: Privilege escalation issue in Adobe Reader 8.1.2 for Unix11Mar08
Adobe: Update available for potential ColdFusion MX 7 and ColdFusion 8 Cross Site Scripting security issue11Mar08
Adobe: Update available for ColdFusion MX 7 and ColdFusion 8 Cross-Site Scripting issue11Mar08
Adobe: Update available for ColdFusion MX 7 and ColdFusion 8 logs invalid admin interface log-in attempts11Mar08
Adobe: Update available to resolve critical vulnerabilities in Adobe Form Designer 5.0 and Adobe Form Client 5.0 Components11Mar08
Adobe: Update available for potential LiveCycle Workflow 6.2 Cross Site Scripting security issue11Mar08
Adobe: Patch available for RoboHelp Cross-Site Scripting issue12Feb08
Adobe: Update available to address Adobe Connect Enterprise Server security issues12Feb08
Adobe: Update available to address Flash Media Server security issues12Feb08
Adobe: Security update available for Adobe Reader and Acrobat 8.1.1 and earlier08Feb08
Adobe: Update available for Adobe Connect Enterprise Server cross-site scripting issue16Jan08
Adobe: Update to Dreamweaver and Contribute to address potential cross-site scripting vulnerabilities16Jan08
Adobe: Vulnerabilities in some SWF files could allow cross-site scripting23Dec07
Adobe: Flash Player update available to address security vulnerabilities11Dec07

Apple
Apple: Xcode tools 3.1 released for Mac OS X 10.5.x11Jul08
Apple: iPhone 2.0 and iPod touch 2.0 released for iPhone 1.0 - 1.1.4, iPod touch 1.1 - 1.1.411Jul08
Apple: Apple TV 2.1 released for Mac OS X 10.4.11, Mac OS X 10.5 - 10.5.310Jul08
Apple: Security Update 2008-004 / Mac OS X 10.5.4 released for Mac OS X 10.4.11, Mac OS X 10.5 - 10.5.3 30Jun08
Apple: Safari 3.1.2 released for Mac OS X 10.4.1130Jun08
Apple: Safari 3.1.2 for Windows released for Windows Vista, XP SP219Jun08
Apple: Quicktime 7.5 released for Mac OS X v10.3.9, v10.4.9 or later, v10.5 or later, Windows Vista, XP SP209Jun08
Apple: Security Update 2008-003 / Mac OS X v10.5.3 released for Mac OS X 10.4.11, Mac OS X 10.5 - 10.5.228May08
Apple: Safari 3.1.1 released for Mac OS X v10.4.11, v10.4.11, v10.5.2, v10.5.2, and Windows XP or Vista16Apr08
Apple: QuickTime 7.4.5 released for Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP202Apr08
Apple: Digital Camera RAW Compatibility Update 2.0 for Aperture 2 or iPhoto 7.1.2 with iLife Support 8.220Mar08
Apple: AirPort Extreme Base Station Firmware 7.3.1 released19Mar08
Apple: Security Update 2008-002 released for Mac OS X 10.4.11, Mac OS X 10.5.218Mar08
Apple: Safari 3.1 released for Mac OS X 10.4.11, Mac OS X 10.5.2, Windows XP or Vista18Mar08
Apple: Mac OS X 10.5.2 Security Update released 11Feb08
Apple: QuickTime 7.4.1 released to address security vulnerabilities for Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, Windows Vista / XP SP206Feb08
Apple: iPhoto 7.1.2 released to address security vulnerababilities05Feb08
Apple: QuickTime 7.4 released to address security vulnerabilities for Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, Windows Vista / XP SP215Jan08
Apple: iPhone v1.1.3 and iPod touch v1.1.3 released to address security vulnerabilities for iPhone v1.0 or later, iPod touch v1.1 or later 15Jan08
Apple: Security Update 2007-009 v1.1 released to address security vulnerabilities for Mac OS X 10.4.11 and 10.5.121Dec07
Apple: Safari 3 Beta Update 3.0.4 Security Update for 1.1 Windows Vista/XP21Dec07
Apple: Safari 3 Beta Update 3.0.4 Security Update for Windows Vista/XP17Dec07
Apple: Security Update 2007-009 released to address security vulnerabilities for Mac OS X 10.4.11 and 10.5.117Dec07

Borderware

Cisco Systems
Cisco: Vulnerability in Cisco WebEx Meeting Manager ActiveX Control 14Aug08
Cisco: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks 08Jul08
Cisco: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities25Jun08
Cisco: Cisco Intrusion Prevention System Jumbo Frame Denial of Service18Jun08
Cisco: SNMP Version 3 Authentication Vulnerabilities 10Jun08
Cisco: Multiple Vulnerabilities in Cisco PIX and Cisco ASA04Jun08
Cisco: CiscoWorks Common Services Arbitrary Code Execution Vulnerability28May08
Cisco: Cisco IOS Secure Shell Denial of Service Vulnerabilities21May08
Cisco: Cisco Service Control Engine Denial of Service Vulnerabilities21May08
Cisco: Cisco Voice Portal Privilege Escalation Vulnerability21May08
Cisco: Cisco Unified Communications Manager Denial of Service Vulnerabilities14May08
Cisco: Cisco Unified Presence Denial of Service Vulnerabilities14May08
Cisco: Cisco Content Switching Module Memory Leak Vulnerability14May08
Cisco: Cisco Network Admission Control Shared Secret Vulnerability16Apr08
Cisco: Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability03Apr08
Cisco: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak26Mar08
Cisco: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 72026Mar08
Cisco: Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers26Mar08
Cisco: Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS26Mar08
Cisco: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability26Mar08
Cisco: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities 14Mar08
Cisco: CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability13Mar08
Cisco: Unified IP Phone Overflow and Denial of Service Vulnerabilities 13Feb08
Cisco: SQL injection in Cisco Unified Communications Manager13Feb08
Cisco: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability 30Jan08
Cisco: Default Passwords in the Application Velocity System23Jan08
Cisco: Cisco PIX and ASA Time-to-Live Vulnerability23Jan08
Cisco: Cisco Unified Communications Manager CTL Provider Heap Overflow16Jan08
Cisco: Application Inspection Vulnerability in Cisco Firewall Services Module19Dec07

GnuPG

Microsoft
Microsoft: Cumulative Security Update of ActiveX Kill Bits13Aug08
Microsoft: Security Bulletin for Aug 2008 (6 updates critical)12Aug08
Microsoft: Security Update for Microsoft Outlook 200208Aug08
Microsoft: Increased Threat for DNS Spoofing Vulnerability25Jul08
Microsoft: Windows Server Update Services (WSUS) Blocked from Deploying Security Updates16Jul08
Microsoft: Security Bulletin for July 2008 08Jul08
Microsoft: Vulnerability in Microsoft Word Could Allow Remote Code Execution08Jul08
Microsoft: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution07Jul08
Microsoft: Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform02Jul08
Microsoft: Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates30Jun08
Microsoft: Rise in SQL Injection Attacks Exploiting Unverified User Data Input25Jun08
Microsoft: Microsoft Security Bulletin MS07-042 Re-Released24Jun08
Microsoft: Blended Threat from Combined Attack Using Apple Safari on the Windows Platform20Jun08
Microsoft: System Center Configuration Manager 2007 Blocked from Deploying Security Updates/a>17Jun08
Microsoft: Security Bulletin for June 2008 (3 updates critical) 10Jun08
Microsoft: Blended Threat from Combined Attack Using Apple Safari on the Windows Platform30May08
Microsoft: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution13May08
Microsoft: Security Bulletin for May 2008 (3 updates critical) 13May08
Microsoft: Providing Security for Web Applications and Infrastructure: Best Practices for Managing Security Risks12May08
Microsoft: Windows XP Service Pack 3 released06May08
Microsoft: Vulnerability in Windows Could Allow Elevation of Privilege17Apr08
Microsoft: Update to Improve Kernel Patch Protection17Apr08
Microsoft: Security Bulletin for Apr 2008 (5 updates critical) 08Apr08
Microsoft: Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution 21Mar08
Microsoft: Security Bulletin for Mar 2008 (4 updates critical) 12Mar08
Microsoft: Security Bulletin for Feb 2008 (6 updates critical) 12Feb08
Microsoft: Whitepaper Released on IEEE 802.1X for Wired Networks and Internet Protocol Security with Microsoft Windows06Feb08
Microsoft: Vulnerability in Microsoft Excel Could Allow Remote Code Execution16Jan08
Microsoft: Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure09Jan08
Microsoft: Update to Improve Windows Sidebar Protection08Jan08
Microsoft: Security Bulletin for Jan 2008 (1 update critical) 08Jan08
Microsoft: Security Bulletin for Dec 2007 (3 updates critical) 11Dec07
Microsoft: Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure03Dec07

Mozilla
Mozilla: Firefox 3.01, 2.0.0.16, Thunderbird 2.0.0.16 and SeaMonkey 1.1.11 released to address CSS reference counter vulnerability15Jun08
Mozilla: Firefox 2.0.0.15 released to address multiple security vulnerabilities17Jun08
Mozilla: Firefox 2.0.0.14, Thunderbird 2.0.0.14 and SeaMonkey 1.1.10 released to address crash in JavaScript garbage collector17Apr08
Mozilla: Firefox 2.0.0.14, Thunderbird 2.0.0.14 and SeaMonkey 1.1.10 released to address crash in JavaScript garbage collector17Apr08
Mozilla: Firefox 2.0.0.14, Thunderbird 2.0.0.14 and SeaMonkey 1.1.10 released to address crash in JavaScript garbage collector17Apr08
Mozilla: XUL popup spoofing variant (cross-tab popups)25Mar08
Mozilla: Java socket connection to any local port via LiveConnect25Mar08
Mozilla: Privacy issue with SSL Client Authentication25Mar08
Mozilla: HTTP Referrer spoofing with malformed URLs25Mar08
Mozilla: Crashes with evidence of memory corruption 25Mar08
Mozilla: JavaScript privilege escalation and arbitrary code execution25Mar08
Mozilla: Multiple XSS vulnerabilities from character encoding25Mar08
Mozilla: Firefox 2.0.0.13, Thunderbird 2.0.0.14 and SeaMonkey 1.1.9 released to address security vulnerabilities25Mar08
Mozilla: Heap buffer overflow in external MIME bodies fixed in Firefox 2.0.0.12 and SeaMonkey 1.1.826Feb08
Mozilla: Possible information disclosure in BMP decoder fixed in Firefox 2.0.0.12, Thunderbird 2.0.0.12, and SeaMonkey 1.1.819Feb08
Mozilla: Seamonkey 1.1.8 released to addressed security vulnerabilities07Feb08
Mozilla: Firefox 2.0.0.12 released to addressed security vulnerabilities07Feb08
Mozilla: Thunderbird 1.5.0.14 upgrade available for 1.5.0.13 install package users19Dec07

OpenOffice
OpenOffice: OpenOffive v2.4.1 released to address vulnerability where different kinds of manipulated files may lead to heap overflows and arbitrary code execution25Jun08
OpenOffice: Manipulated Quattro Pro files can lead to heap overflows and arbitrary code execution17Apr08
OpenOffice: Manipulated EMF files can lead to heap overflows and arbitrary code execution17Apr08
OpenOffice: Manipulated OLE files can lead to heap overflows and arbitrary code execution17Apr08
OpenOffice: Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)07Dec07

Opera Software
Opera: Opera 9.52 released to address multiple vulnerabilities24Aug08
Opera: Opera 9.51 released to address vulnerability with canvas functions03Jul08
Opera: Opera 9.50 released to address vulnerability where pages held in frames are able to change the location of pages in unrelated frames on the parent page25Jun08
Opera: Certain characters can obscure the page address in Opera 9.25 and prior25Jun08
Opera: Opera 9.27 released to address resized canvas patterns vulnerability03Apr08
Opera: Opera 9.27 released to address newsfeed prompt vulnerability03Apr08
Opera: Opera 9.26 released to address cross site scripting vulnerability21Feb08
Opera: Opera 9.26 released to address image properties vulnerability21Feb08
Opera: Opera 9.26 released to address simulated test input vulnerability21Feb08
Opera: Malformed bitmaps can reveal old data from random places in memory in versions prior to 9.2521Feb08
Opera: Opera 9.25 released to address cross domain scripting vulnerability19Dec07

PGP Corporation

Real Networks
Real Networks: RealPlayer updates released to Address Security Vulnerabilities25Jul08
Real Networks: RealPlayer 11.0.2 released to address security vulnerability with ActiveX control08Apr08
Real Networks: Security Vulnerability in RealPlayer25Oct07

Red Hat
Red Hat: v.4 and v.5 openssh security update22Aug08
Red Hat: v.4 and v.5 libxml2 security update21Aug08
Red Hat: v.5 yum-rhn-plugin security update14Aug08
Red Hat: v.4 and v.5 postfix security update14Aug08
Red Hat: v.5 hplip security update12Aug08
Red Hat: v.5 dnsmasq security update11Aug08
Red Hat: v.5 kernel security and bug fix update04Aug08
Red Hat: v.5 nfs-utils security update31Jul08
Red Hat: v.4 and v.5 libxslt security update31Jul08
Red Hat: v.5 java-1.5.0-ibm security update31Jul08
Red Hat: v.5 rdesktop security update24Jul08
Red Hat: v.4 and v.5 acroread security update21Jul08
Red Hat: v.4Updated kernel packages for Red Hat Enterprise Linux 4.721Jul08
Red Hat: v.4 vsftpd security and bug fix update21Jul08
Red Hat: v.4 nss_ldap security and bug fix update21Jul08
Red Hat: v.4 rdesktop security and bug fix update21Jul08
Red Hat: v.4 mysql security, bug fix, and enhancement update21Jul08
Red Hat: v.4 coreutils security update21Jul08
Red Hat: v.4 kernel security and bug fix update21Jul08
Red Hat: v.4 thunderbird security update21Jul08
Red Hat: v.5 php security update16Jul08
Red Hat: v.4 php security and bug fix update16Jul08
Red Hat: v.5 firefox security update16Jul08
Red Hat: v.4 firefox security update16Jul08
Red Hat: v.4 seamonkey security update16Jul08
Red Hat: v.4 and v.5 ruby security update14Jul08
Red Hat: v.4 and v.5 java-1.4.2-ibm security update14Jul08
Red Hat: v.5 java-1.6.0-sun security update14Jul08
Red Hat: v.4 and v.5 java-1.5.0-sun security update14Jul08
Red Hat: v.4 and v.5 bluez-libs and bluez-utils security update security update14Jul08
Red Hat: v.4 and v.5 bind security update10Jul08
Red Hat: v.4 and v.5 openldap security update09Jul08
Red Hat: v.4 and v.5 pidgin security and bug fix update09Jul08
Red Hat: v.4 and v.5 bind security update08Jul08
Red Hat: v.5 firefox security update02Jul08
Red Hat: v.4 firefox security update02Jul08
Red Hat: v.4 seamonkey security update02Jul08
Red Hat: v.5 kernel security and bug fix update25Jun08
Red Hat: v.4 kernel security and bug fix update25Jun08
Red Hat: v.4 and v.5 freetype security update25Jun08
Red Hat: v.4 and v.5 sblim security update/td>24Jun08
Red Hat: v.4 and v.5 openoffice.org security update12Jun08
Red Hat: v.4 openoffice.org security update12Jun08
Red Hat: v.5 xorg-x11-server security update11Jun08
Red Hat: v.4 xorg-x11-server security update11Jun08
Red Hat: v.4 and v.5 perl security update11Jun08
Red Hat: v.4 and v.5 net-snmp security update10Jun08
Red Hat: v.4 and v.5 cups security update05Jun08
Red Hat: v.5 evolution security update05Jun08
Red Hat: v.4 evolution28 security update04Jun08
Red Hat: v.4 evolution security update04Jun08
Red Hat: v.5 samba security and bug fix update28May08
Red Hat: v.4 samba security update28May08
Red Hat: v.5 setroubleshoot security and bug fix update21May08
Red Hat: v.5 gnome-screensaver security update21May08
Red Hat: v.4 and v.5 libxslt security update21May08
Red Hat: v.5 vsftpd security and bug fix update21May08
Red Hat: v.5 dovecot security and bug fix update21May08
Red Hat: v.5 bind security, bug fix, and enhancement update21May08
Red Hat: v.5 mysql security and bug fix update21May08
Red Hat: v.5 compiz security update21May08
Red Hat: v.4 gnutls security update21May08
Red Hat: v.5 nss_ldap security and bug fix update21May08
Red Hat: v.5 kernel security and bug fix update20May08
Red Hat: v.5 kernel security and bug fix update20May08
Red Hat: v.5 java-1.6.0-ibm security update14May08
Red Hat: v.4 and v.5 libvorbis security update14May08
Red Hat: v.5 xen security and bug fix update12May08
Red Hat: v.4 gpdf security update07May08
Red Hat: v.5 kernel security and bug fix update07May08
Red Hat: v.4 kernel security and bug fix update07May08
Red Hat: v.4 thunderbird security update30Apr08
Red Hat: v.5 java-1.4.2-bea security update28Apr08
Red Hat: v.5 java-1.5.0-bea security update28Apr08
Red Hat: v.5 java-1.6.0-bea security update28Apr08
Red Hat: v.5 poppler security update17Apr08
Red Hat: v.4 openoffice.org security update17Apr08
Red Hat: v.4 openoffice.org security update17Apr08
Red Hat: v.4 kdegraphics security update17Apr08
Red Hat: v.4 xpdf security update17Apr08
Red Hat: v.4 and v.5 ImageMagick security update16Apr08
Red Hat: v.4 seamonkey security update16Apr08
Red Hat: v.4 and v.5 Firefox security update16Apr08
Red Hat: v.4 and v.5 Speex security update16Apr08
Red Hat: v.4 and v5 squid security update08Apr08
Red Hat: v.4 and v.5 flash-plugin security update04Apr08
Red Hat: v.4 thunderbird security update03Apr08
Red Hat: v.5 gnome-screensaver security update04Apr08
Red Hat: v.5 java-1.5.0-ibm security update03Apr08
Red Hat: v.4 thunderbird security update03Apr08
Red Hat: v.5 cups security update02Apr08
Red Hat: v.4 cups security update01Apr08
Red Hat: v.4 Seamonkey security update27Mar08
Red Hat: v.4 and v.5 firefox security update26Mar08
Red Hat: v.5 krb5 security and bugfix update18Mar08
Red Hat: v.4 kernel security and bug fix update14Mar08
Red Hat: v.5 tomcat security update11Mar08
Red Hat: v.4 and v.5 java-1.4.2-bea security update11Mar08
Red Hat: v.4 and v.5 java-1.5.0-sun security update06Mar08
Red Hat: v.5 kernel security and bug fix update05Mar08
Red Hat: v.4 and v.5 java-1.5.0-bea security update05Mar08
Red Hat: v.4 and v.5 evolution security update05Mar08
Red Hat: v.4 netpbm security update28Feb08
Red Hat: v.5 gd security update28Feb08
Red Hat: v.5 dbus security update28Feb08
Red Hat: v.4 thunderbird security update27Feb08
Red Hat: v.4 and v.5 ghostscript security update27Feb08
Red Hat: v.4 cups security update25Feb08
Red Hat: v.4 and v.5 acroread security update22Feb08
Red Hat: v.4 tk security update22Feb08
Red Hat: v.4 and v.5 openldap security update21Feb08
Red Hat: v.5 tk security update21Feb08
Red Hat: v.5 cups security update21Feb08
Red Hat: v.4 and v.5 java-1.4.2-ibm security update14Feb08
Red Hat: v.5 kernel update12Feb08
Red Hat: v.4 and v.5 java-1.5.0-sun security update12Feb08
Red Hat: v.4 thunderbird security update07Feb08
Red Hat: v.4 seamonkey security update07Feb08
Red Hat: v.4 and v.5 firefox security update07Feb08
Red Hat: v.4 kernel security and bug fix update31Jan08
Red Hat: v.5 icu security update25Jan08
Red Hat: v.5 kernel security and bug fix update23Jan08
Red Hat: v.4 and v.5 wireshark security update21Jan08
Red Hat: v.4 xorg-x11 security update18Jan08
Red Hat: v.5 xorg-x11-server security update18Jan08
Red Hat: v.5 libXfont security update17Jan08
Red Hat: v.5 httpd security update15Jan08
Red Hat: v.4 httpd security update15Jan08
Red Hat: v.4 and v.5 libxml2 security update11Jan08
Red Hat: v.4 and v.5 postgresql security update11Jan08
Red Hat: v.4 and v.5 tog-pegasus security update07Jan08
Red Hat: v.4 and v.5 e2fsprogs security update07Jan08

Snort

Skype
Skype: Skype File URI Security Bypass Code Execution Vulnerability04Jun08
Skype: Skype Cross Zone Scripting Vulnerability Security Vulnerability05Feb08
Skype: Skypefind Cross Zone Scripting Vulnerability Security Vulnerability31Jan08
Skype: Skype Cross Zone Scripting Vulnerability Security Vulnerability23Jan08

Sun
Sun: Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code and Overwrite Arbitrary Files08Aug08
Sun: Security Vulnerability in Solaris Trusted Extensions Labeled Networking may lead to remote unauthorized access to the Global Zone (zones(5)) of the System07Aug08
Sun: A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code07Aug08
Sun: Security Vulnerabilities in the Solaris Priority Inherited pthread mutex API May Result in a Denial of Service (DoS) Condition05Aug08
Sun: Security Vulnerability in Solaris snoop(1M) when Displaying SMB Traffic05Aug08
Sun: A Security Vulnerability in 'VBoxDrv.sys' driver of Sun xVM VirtualBox 1.6 may lead to Arbitrary Code Execution or Denial of Service (DoS)05Aug08
Sun: Security Vulnerability in Firmware for Netra T5220 Systems May Allow a Denial of Service (DoS)05Aug08
Sun: Security Vulnerability in Firmware for Netra T5220 Systems May Allow a Denial of Service (DoS)05Aug08
Sun: A Security Vulnerability in the namefs Kernel module may result in Arbitrary Code Execution or a Denial of Service (DoS)01Aug08
Sun: Security Vulnerabilities in Thunderbird for Solaris May Result in Privilege Escalation or Cross-Site Scripting (XSS)01Aug08
Sun: A Security Vulnerability in picld(1M) May Allow a Denial of Service to System Monitoring and System Services30Jul08
Sun: Security Vulnerability in Sun Java System Web Server 7.0 plugin for Sun N1 Service Provisioning System (SPS)30Jul08
Sun: Update to Sun Alert 239392 - Security Vulnerability in the DNS Protocol may lead to DNS Cache Poisoning28Jul08
Sun: Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed17Jul08
Sun: Security Vulnerability in the DNS Protocol may lead to DNS Cache Poisoning17Jul08
Sun: Security Vulnerability in the System Management Agent (SMA) SNMP daemon (snmpd(1M))17Jul08
Sun: Security Vulnerabilities in Thunderbird for Solaris May Result in Privilege Escalation or Cross-Site Scripting (XSS) 10Jul08
Sun: Security Vulnerability in the DNS Protocol may lead to DNS Cache Poisoning08Jul08
Sun: Multiple Security Vulnerabilities in Java Web Start may allow Privileges to be Elevated08Jul08
Sun: Security Vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted Application or Applet to Elevate Privileges08Jul08
Sun: A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges08Jul08
Sun: Security Vulnerability in JDK/JRE Secure Static Versioning08Jul08
Sun: Security Vulnerability in Java Management Extensions (JMX)08Jul08
Sun: Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data08Jul08
Sun: Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed08Jul08
Sun: Security Vulnerabilities in the Java Runtime Environment Scripting Language Support08Jul08
Sun: Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 1030Jun08
Sun: Sun Java System Access Manager Does Not Securely Process XSLT Stylesheets contained in XML Signatures contained in XML Signatures26Jun08
Sun: A Security Vulnerability in the Solaris snmpXdmid(1M) may lead to a Denial of Service (DoS) condition26Jun08
Sun: Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code25Jun08
Sun: On Solaris, Kerberos KDC Databases may Become Corrupted20Jun08
Sun: Multiple security vulnerabilities in the Solaris X Server Extensions may lead to a Denial of Service (DoS) condition or allow Execution of Arbitrary Code19Jun08
Sun: Multiple Security Vulnerabilities in the FreeType2 library for Printer Font Binary (PFB) or TrueType Font (TTF) format font files may lead to a Denial of Service (DoS) or allow Execution of Arbitrary Code18Jun08
Sun: Denial of Service (DoS) Vulnerability in the Solaris e1000g(7D) Gigabit Ethernet Driver13Jun08
Sun: SNMPv3 Authentication Bypass Vulnerability in snmpd(1M)12Jun08
Sun: A Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary Code12Jun08
Sun: A Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary Code12Jun08
Sun: Vulnerability in the Solaris 10 Event Port Implementation May Lead to a System Panic, Resulting in a Denial of Service (DoS)11Jun08
Sun: A Vulnerability in Access Manager 7.1 may Allow Unauthorized Access to Resources11Jun08
Sun: A Security Vulnerability in StarOffice/StarSuite 8 may allow file manipulation and Arbitrary Code execution11Jun08
Sun: Kernel Security Vulnerability on Solaris Systems Using the Sun UltraSPARC T2 and UltraSPARC T2+ Processors May Allow Denial of Service (DoS)11Jun08
Sun: Multiple Security Vulnerabilities in Solaris 10 Firefox may Allow Execution of Arbitrary Code and Access to Unauthorized Data09Jun08
Sun: Multiple Security Vulnerabilities in Solaris 10 Firefox may Allow Execution of Arbitrary Code and Access to Unauthorized Data09Jun08
Sun: Security Vulnerability in Service Tag Registry May Allow Denial of Service06Jun08
Sun: Security Vulnerability in inet_network() Library Routine May Allow Denial of Service (DoS) to Applications04Jun08
Sun: Multiple Security Vulnerabilities in Sun Java ASP Server may lead to execution of Arbitrary Code or Unauthorized Access to Data03Jun08
Sun: A Security Vulnerability in rpc.ypupdated(1M) may allow execution of Arbitrary Code when run in Insecure Mode02Jun08
Sun: Multiple Security Vulnerabilities in Flash Player for Solaris02Jun08
Sun: A Security Vulnerability in the Sun Cluster Global File System30May08
Sun: A Security Vulnerability in samba(7) Domain logons may allow execution of Arbitrary code with Root privileges30May08
Sun: A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code30May08
Sun: Two Security Vulnerabilities in samba(7) WINS Server Daemon (nmbd) May Allow Execution of Arbitrary Code or Lead to a Denial of Service (DoS) Condition30May08
Sun: Cross-Site Scripting Vulnerability in the Sun Java System Web Server Advanced Search Mechanism23May08
Sun: A Security Vulnerability in the Solaris 10 STREAMS Administrative Driver ("sad") May Allow a Denial of Service (System panic)20May08
Sun: Security Vulnerabilities in Solaris Print Service May Lead to Denial of Service (DoS) or Execution of Arbitrary Code09May08
Sun: Security Vulnerability in Sun Java Web Console07May08
Sun: Cross-Site Scripting Vulnerability in Sun Java System Web Server Search Module06May08
Sun: Security Vulnerabilities in the Tcl GUI Toolkit Library may lead to arbitrary code execution or Denial of Service (DoS)06May08
Sun: A Security Vulnerability in Sun Ray Kiosk Mode 4.0 May Allow Escalation of Privileges06May08
Sun: JSP Source Code Disclosure Vulnerability Affects Sun Java System Application Server and Web Server06May08
Sun: Security Vulnerability in the TCP Implementation of Solaris Systems May Allow a Denial of Service When Accepting New Connections While Undergoing a TCP "SYN Flood" Attack06May08
Sun: Security Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 Sessions05May08
Sun: Cross Site Scripting (XSS) Vulnerabilities in the Apache 1.3 and 2.0 "mod_imap" and "mod_status" Modules05May08
Sun: Security Vulnerability in Solaris 10 Trusted Extensions Labeled Networking Related to Data Transfer Between Labeled Zones02May08
Sun: A Security Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Panic and Denial of Service (DoS)02May08
Sun: A Security Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Denial of Network Services Due to Network Flooding02May08
Sun: Security Vulnerability for OLE Files in StarOffice 7 and 8, StarSuite 7 and 825Apr08
Sun: Multiple Security Vulnerabilities May Affect MySQL 4.0.x Bundled With Solaris 1021Apr08
Sun: A Security Vulnerability in The N1 Grid Engine 6.1 Qmaster Daemon May Lead to a Denial of Service (DoS)09Apr08
Sun: Security Vulnerabilities in the GNU Zebra and Quagga BGP Routing Daemon May Allow for Denial of Service08Apr08
Sun: Security Vulnerability in Solaris 10 Trusted Extensions Labeled Networking Related to Data Transfer Between Labeled Zones07Apr08
Sun: Security Vulnerability in inetd(1M) Daemon When Debug Logging is Enabled03Apr08
Sun: A Security Vulnerability in Solaris 10 libexif May Allow Code Execution or a Denial of Service (DoS) Condition18Mar08
Sun: Security Vulnerability in the Solaris 10 Java Desktop System (JDS) XscreenSaver(1) Application May Allow Unauthorized Access to Data12Mar08
Sun: A Security Vulnerability Relating to Inter-Process Communication (IPC) May Lead to a Denial of Service (DoS)11Mar08
Sun: Security Vulnerability in Sun Java Web Console 10Mar08
Sun: Multiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)05Mar08
Sun: Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges04Mar08
Sun: Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges Through Java APIs04Mar08
Sun: Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine04Mar08
Sun: Vulnerabilties in the Java Runtime Environment image Parsing Library04Mar08
Sun: Security Vulnerability in the Java Runtime Environment With the Processing of XSLT Transformations04Mar08
Sun: Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges04Mar08
Sun: A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges04Mar08
Sun: Cross Site Scripting (XSS) Vulnerabilities in the Apache 1.3 and 2.0 "mod_imap" and "mod_status" Modules28Feb08
Sun: Security Vulnerability in the ipsecah(7P) Kernel Module May Lead to System Panic28Feb08
Sun: Completing the SCSI Command When There is a Data Underrun Error Condition May Result in Data Loss/Corruption28Feb08
Sun: Cross-site Scripting (XSS) Vulnerability in the Sun Java System Access Manager Administration Console27Feb08
Sun: Cross Site Scripting (XSS) Vulnerability in Sun Java Server Faces (JSF) Input Handling Routines May Lead to Elevation of Privileges27Feb08
Sun: Security Vulnerability in the Solaris 10 DTrace Dynamic Tracing Framework May Allow Unauthorized Kernel Level Tracing18Feb08
Sun: Two Security Vulnerabilities Exist Within the cpc(3CPC) Sub-System of the Solaris Kernel14Feb08
Sun: Security Vulnerability in Solaris 8 Directory Functions12Feb08
Sun: Security Vulnerability in Solaris 10 Perl 5.811Feb08
Sun: Multiple Security Vulnerabilities in Solaris 10 Firefox and Thunderbird12Feb08
Sun: Security Vulnerability May Allow Firewall Compromise or Creation of Denial of Service (DoS) Condition08Feb08
Sun: Security Vulnerability in the vuidmice(7M) STREAMS Modules May Lead to a System Panic06Feb08
Sun: Two Vulnerabilities in the Java Runtime Environment May Independently Allow an Untrusted Application or Applet to Elevate Privileges05Feb08
Sun: Security Vulnerability in Simplified Chinese, Traditional Chinese, Korean, and Thai Language Input Methods01Feb08
Sun: A Vulnerability in the Java Runtime Environment XML Parsing Code May Allow URL Resources to be Accessed30Jan08
Sun: Security Vulnerabilities in ImageMagick May Lead to Arbitrary Code Execution or Denial of Service (DoS) 30Jan08
Sun: Security Vulnerability in the Solaris X Server May Lead to Unauthorized Disclosure of Information on Access Restricted Files and Directories18Jan08
Sun: Multiple Security Vulnerabilities in the Solaris X Server Extensions May Lead to a Denial of Service (DoS) Condition or Allow Execution of Arbitrary Code18Jan08
Sun: A Security Vulnerability in the Solaris X Window System (X(5)) PCF Font Handler May Lead to Execution of Arbitrary Code or a Denial of Service (DoS) Condition18Jan08
Sun: Security Vulnerability in the Solaris X Server May Lead to Unauthorized Disclosure of Information on Access Restricted Files and Directories17Jan08
Sun: Multiple Security Vulnerabilities in the Solaris X Server Extensions May Lead to a Denial of Service (DoS) Condition or Allow Execution of Arbitrary Code17Jan08
Sun: Security Vulnerability in the libxml2 Library may Lead to a Denial of Service (DoS)14Jan08
Sun: Security Vulnerability in Solaris 10 Related to the dotoprocs() Routine11Jan08
Sun: A Security Vulnerability in libdevinfo(3LIB) May Allow Unauthorized Access to Files on the System11Jan08
Sun: Multiple Security Vulnerabilities in PostgreSQL Shipped with Solaris 10 May Allow Elevation of Privileges or Denial of Service (DoS)10Jan08
Sun: Multiple Security Vulnerabilities in the Sun Java System Identity Manager May Allow HTML Injection, Cross-Site Scripting Exploits or Unauthorized Redirection09Jan08
Sun: Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data08Jan08
Sun: Security Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap Overflow06Jan08
Sun: Certain Solaris 10 Kernel Patches May Cause an Assertion Failure in ZFS Resulting in a System Panic02Jan08

VideoLAN
VideoLAN: VLC media player 0.8.6i released to address security vulnerabilities 12Jul08
VideoLAN: VLC media player 0.8.6h released to address security vulnerabilities 06Jun08
VideoLAN: VLC media player 0.8.6f released to address security vulnerabilities 02Apr08
VideoLAN: VLC media player 0.8.6e released to address security vulnerabilities 27Feb08
VideoLAN: VLC media player 0.8.6d released to address security vulnerability 30Nov07

Wireshark
Wireshark: Wireshark 1.0 released to address security vulnerabilities28Mar08
Wireshark: Wireshark 0.99.8 released to address security vulnerabilities28Feb07
Wireshark: Wireshark 0.99.7 released to address security vulnerabilities23Nov07

IPS / IDS Signature Updates

Cisco Systems
Cisco: IPS Update Bulletin 14 Aug 2008 (S352) (requires CCO login) 14Aug08
Cisco: IPS Update Bulletin 12 Aug 2008 (S351) (requires CCO login) 12Aug08
Cisco: IPS Update Bulletin 06 Aug 2008 (S350) (requires CCO login) 06Aug08
Cisco: IPS Update Bulletin 30 Jul 2008 (S349) (requires CCO login) 30Jul08
Cisco: IPS Update Bulletin 29 Jul 2008 (S348) (requires CCO login) 29Jul08
Cisco: IPS Update Bulletin 28 Jul 2008 (S347) (requires CCO login) 28Jul08
Cisco: IPS Update Bulletin 17 Jul 2008 (S346) (requires CCO login) 17Jul08
Cisco: IPS Update Bulletin 16 Jul 2008 (S345) (requires CCO login) 16Jul08
Cisco: IPS Update Bulletin 09 Jul 2008 (S344) (requires CCO login) 09Jul08
Cisco: IPS Update Bulletin 09 Jul 2008 (S343) (requires CCO login) 09Jul08
Cisco: IPS Update Bulletin 20 Jun 2008 (S339) (requires CCO login) 20Jun08
Cisco: IPS Update Bulletin 10 Jun 2008 (S338) (requires CCO login) 10Jun08
Cisco: IPS Update Bulletin 29 May 2008 (S336) (requires CCO login) 29May08
Cisco: IPS Update Bulletin 28 May 2008 (S335) (requires CCO login) 28May08
Cisco: IPS Update Bulletin 14 May 2008 (S333) (requires CCO login) 14May08
Cisco: IPS Update Bulletin 13 May 2008 (S332) (requires CCO login) 13May08
Cisco: IPS Update Bulletin 22 Apr 2008 (S330) (requires CCO login) 22Apr08
Cisco: IPS Update Bulletin 17 Apr 2008 (S329) (requires CCO login) 17Apr08
Cisco: IPS Update Bulletin 08 Apr 2008 (S328) (requires CCO login) 08Apr08
Cisco: IPS Update Bulletin 03 Apr 2008 (S327) (requires CCO login) 03Apr08
Cisco: IPS Update Bulletin 02 Apr 2008 (S326) (requires CCO login) 02Apr08
Cisco: IPS Update Bulletin 27 Mar 2008 (S325) (requires CCO login) 27Mar08