| Sep 09, 2010 |
Cisco Releases Updates for Wireless LAN Controller Cisco has released updates to address multiple vulnerabilities in the Cisco Wireless LAN Controller (WLC). Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition, modify the device configuration, or bypass access control lists. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100908-wlc and apply any necessary updates to help mitigate the risks. |
| Sep 08, 2010 |
Apple Releases Safari 5.0.2 and 4.1.2 Apple has released Safari 5.0.2 and 4.1.2 to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4333 and apply any necessary updates to help mitigate the risks. |
| Sep 08, 2010 |
Mozilla Releases Firefox 3.6.9 The Mozilla Foundation has released Firefox 3.6.9 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, leverage cross-site scripting attacks, or cause a denial-of-service condition. The Mozilla Foundation has also released Firefox 3.5.12 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey. US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories released on September 7, 2010 and apply any necessary updates to help mitigate the risks. |
| Sep 03, 2010 |
Google Releases Chrome 6.0.472.53 Google has released Chrome 6.0.472.53 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct spoofing attacks. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks. |
| Sep 03, 2010 |
Apple Releases iTunes 10 Apple has released iTunes 10 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4328 and apply any necessary updates to help mitigate the risks. |
| Sep 01, 2010 |
VMware Releases Updates for ESX Service Console Packages VMware has released security updates for multiple third party packages for the ESX Service Console. These updates address vulnerabilities in the perl, krb5, samba, tar, and cpio packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions. US-CERT encourages users and administrators to review VMware security advisory VMSA-2010-0013 and apply any necessary updates to help mitigate the risks. |
| Aug 31, 2010 |
RealNetworks Releases Update to Address Vulnerabilities in RealPlayer RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the RealNetworks, Inc. security advisory for these vulnerabilities and apply any necessary updates to help mitigate the risks. |
| Aug 31, 2010 |
Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol Cisco has released a security advisory to address a vulnerability in the Cisco IOS XR Software Border Gateway Protocol feature. Exploitation of this vulnerability may result in the continuous resetting of BGP peering sessions, which may cause a denial-of-service condition for affected networks. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100827-bgp and apply any necessary updates to help mitigate the risks. |
| Aug 25, 2010 |
Cisco Releases Advisories for Unified Communications Manager and Unified Presence Cisco has released security advisories to address multiple vulnerabilities affecting Unified Communications Manager and Unified Presence. These vulnerabilities affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition, which could cause an interruption of voice services. Cisco Unified Communications Manager users and administrators are encouraged to review Cisco security advisory cisco-sa-20100825-cucm and apply any necessary updates to help mitigate the risks. Cisco Unified Presence users and administrators are encouraged to review Cisco security advisory cisco-sa-20100825-cup and apply any necessary updates to help mitigate the risks. |
| Aug 25, 2010 |
Insecure Loading of Dynamic Link Libraries in Windows Applications US-CERT is aware of a class of vulnerabilities related to how some Windows applications may load external dynamic link libraries (DLLs). When an application loads a DLL without specifying a fully qualified path name, Windows will attempt to locate the DLL by searching a defined set of directories. If an application does not securely load DLL files, an attacker may be able to cause the affected application to load an arbitrary library. By convincing a user to open a file from a location that is under an attacker's control, such as a USB drive or network share, a remote attacker may be able to exploit this vulnerability. Exploitation of this vulnerability may result in the execution of arbitrary code. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#707943. US-CERT encourages users and administrators to review the vulnerability note and consider implementing the following workarounds until fixes are released by affected vendors
|