Posts Tagged ‘vulnerabilities’

IBM logo

IBM products Vulnerabilities


Cyber Security Notification: New Vulnerabilities of September 2014

#1 Multiple vulnerabilities in IBM products

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 3

CVSSv2 Rating: (AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7 (more…)

Drupal logo

Drupal vulnerabilities

Cyber Security Notification: New Vulnerabilities of September 2014

Security vulnerabilities related to Drupal – content management system: Descriptions of vulnerabilities related to products of this vendor of September 13, 2014.

1. Vulnerability: Cross-site scripting in Drupal Custom BreadCrumbs

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7 (more…)

Adobe Reader logoCyber Security Notifications: New Vulnerabilities of September 2014

Vulnerabilities: Bypass security restrictions in Adobe Reader and Adobe Acrobat

Danger level: High
Availability fix: No
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: P / A: P / E: U / RL: U / RC: C) = Base: 6.8 / Temporal: 5.8

Vector operation: Remote
Impact: Security Bypass (more…)

VulnerabilityCyber Security Notifications: New Vulnerabilities of September 2014

Security vulnerabilities related to Netbsd : Descriptions of vulnerabilities related to products of this vendor of September 12, 2014.

This post presents and discloses a newly found, local network affecting, NetBSD security vulnerabilities.

#1 Denial of service in NetBSD

Danger: Low
Availability fix: corrective instructions
Number of vulnerabilities: 4
CVSSv2 Rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: W / RC: C) = (more…)

VulnerabilityCyber Security Notifications: New Vulnerabilities of September 2014

New Microsoft vulnerabilities of September 10, 2014

  • Denial of service in the Microsoft Lync Server
  • Privilege escalation in the Microsoft Windows Task Manager
  • Denial of service in Microsoft .NET Framework
  • Multiple vulnerabilities in Microsoft Internet Explorer

(more…)

New Vulnerabilities

New Vulnerabilities

Several newly discovered vulnerabilities:

– In the Linux kernel detected vulnerability that allowed a local attacker to elevate their privileges in the system through the transfer of incorrect parameters through a system call perf_event_open (). The problem occurs only on a platform of ARM;

– In the implementation of the CIFS file system of the Linux kernel vulnerabilities detected, allowing one to write an extra byte in the allocated memory area and trigger a kernel crash when mounting external DFS-section. The problem manifests itself when building the kernel with options CONFIG_CIFS and CONFIG_CIFS_DFS_UPCALL;

– In the staffing component of upload files of the management system TYPO3 web-content found vulnerability that allowed to write a file in an arbitrary directory server in the plant hierarchy TYPO3. Using the vulnerability authenticated user with limited privileges can edit the download php-file in the directory that are allowed to run php-code and run it in the context of the current site. This issue is addressed in issues of TYPO3 6.0.8 and 6.1.3; (more…)

Kaspersky LabExperts of “Kaspersky Lab” analyzed programs containing vulnerabilities that are most often used by hackers to commit attacks on computers.

According to a published report, an average of one user account for 12 vulnerabilities in the software. All in all, it was discovered more than 132 million vulnerable applications. These and other figures and was able to identify trends in the study of data from 11 million computers in the composition of the cloud network Kaspersky Security Network, from January to December 2012.

Last year it was discovered 806 unique vulnerabilities. Only 37 of them were found in at least 10% of the computers for at least one week in the period of analysis. This sensitive software that can attract the attention of criminals. 37 These vulnerabilities have been found in 11 different groups of programs. The most vulnerable are the products Adobe Shockwave / Flash Player, Apple iTunes / QuickTime and Oracle Java. (more…)

novellGaps in cross-platform product found researchers High-Tech Bridge Security and ZDI.

In the decision GroupWise from Novell discovered two critical vulnerabilities allowing malicious people to compromise a vulnerable system. GroupWise – this is a cross-platform product, which includes an email client, organizer, contact information management system, and a system management tasks.

On what is the error in GroupWise led to the existence of vulnerabilities, the manufacturer says. It is known that the gaps have been found by researchers High-Tech Bridge Security Research Lab, and Andrea Micalizzi, who reported their findings organization Zero Day Initiative. (more…)

Java DangerExperts advise all companies to disable Java on the computers of all employees.

Oracle has released an emergency update to its Java software over the weekend, which should have prevented the main drawback of IT-security software. However, experts say that the update does not work. Recall that the update was released after the Department of Homeland Security urged PC users disable Java on their devices because of the vulnerability.

Discovered vulnerability being exploited for identity theft and other crimes. This was reported by representatives of the Department of Homeland Security.

Adam Gowdiak, researcher in the field of information security from Poland, who last year discovered several vulnerabilities in Java, said the upgrade from Oracle does not remove all of the existing gaps.

Currently, some companies in the field of information security, advise companies to remove Java from browsers all employees. (more…)

HackersUnidentified hackers posted on the compromised site exploit to a zero-day vulnerability in IE.

December 21 unknown hackers have carried out a successful attack on the website of the Council on Foreign Relations, United States (http://www.cfr.org) and posted on the site exploits a previously unknown vulnerability in Microsoft Internet Explorer.

First started talking about breaking only on December 27. Representative of the Council on Foreign Relations, David Mikhail said that the organization is aware of a security incident, and is being investigated.

December 28th the company FireEye blog published an analysis of malicious software that has been used by hackers. According to the analysis FireEye, attackers have used Adobe Flash for the preparation of dynamic memory on the system of the victim (heap spray) for the successful operation of a zero-day vulnerability in Microsoft Internet Explorer. The exploit has been designed for users who have a browser is the default put English, Chinese, Japanese, Korean or Russian. (more…)