Tagged: critical

VU#248692: Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities 0

VU#248692: Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

Vulnerability Note VU#248692 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015 Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform “enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time.” It may be deployed on a network as an appliance.

Oracle Java: 20 new vulnerabilities patched, (Tue, Jul 15th) 0

Oracle Java: 20 new vulnerabilities patched, (Tue, Jul 15th)

Welcome to the n-th iteration of “patch now” for Java on Workstations. Oracle today published their quarterly patch bulletin, and Java SE is once again prominently featured. This Critical Patch Update (CPU) contains 20 new security fixes for Oracle Java SE.  Most of the vulnerabilities are remotely exploitable without authentication, and CVSS scores of 10 and 9.3 indicate that they can be readily exploited, and lead to full compromise

Microsoft June Patch Tuesday Advance Notification, (Fri, Jun 6th) 0

Microsoft June Patch Tuesday Advance Notification, (Fri, Jun 6th)

Microsoft is expecting to release 2 critical and 5 important bulletins on Tuesday [1].  There are no patches scheduled for Windows XP even though CVE-2014-1770 does affect Internet Explorer 8, which is the last version of IE to run on Windows XP. Preliminary Patch Table: (the bulletin numbers and anything else may change in the final release) # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS14-030 Cumulative Internet Explorer Update   Internet Explorer CVE-2014-1770 TBD Vuln

Yochai Benkler on the NSA 0

Yochai Benkler on the NSA

Excellent essay : We have learned that in pursuit of its bureaucratic mission to obtain signals intelligence in a pervasively networked world, the NSA has mounted a systematic campaign against the foundations of American power: constitutional checks and balances, technological leadership, and market entrepreneurship. The NSA scandal is no longer about privacy, or a particular violation of constitutional or legislative obligations. The American body politic is suffering a severe case of auto-immune disease: our defense system is attacking other critical systems of our body.

TA13-169A: Oracle Releases Updates for Javadoc and Other Java SE Vulnerabilities 0

TA13-169A: Oracle Releases Updates for Javadoc and Other Java SE Vulnerabilities

Original release date: June 18, 2013 | Last revised: June 19, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and earlier JavaFX 2.2.21 and earlier Website owners that host Javadoc HTML API documentation Overview Oracle released the June 2013 Critical Patch Update for Oracle Java SE . This patch contains 40 new security fixes across Java SE products and a fix to the Javadoc Tool . API documentation in HTML format generated by the Javadoc tool that contains a right frame may be vulnerable to frame injection when hosted on a web server.