Tagged: vulnerability

VU#967332: GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow 0

VU#967332: GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Vulnerability Note VU#967332 GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow Original Release date: 28 Jan 2015 | Last revised: 28 Jan 2015 Overview The __nss_hostname_digits_dots() function of the GNU C Library (glibc) allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name “GHOST”. Description According to Qualys, the vulnerability is “a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library ( glibc ).

Apple Releases Security Updates for OS X, Safari, iOS and Apple TV 0

Apple Releases Security Updates for OS X, Safari, iOS and Apple TV

Original release date: January 27, 2015 Apple has released security updates for OS X, Safari, iOS and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: OS X v10.10.2 and Security Update 2015-001 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 and v10.10.1 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.1 iOS 8.1.3 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later Apple TV 7.0.3 for Apple TV 3rd generation and later US-CERT encourages users and administrators to review Apple security updates HT204244 , HT204243 ,  HT204245 and HT204246 , and apply the necessary updates

Security Advisory for Adobe Flash Player 0

Security Advisory for Adobe Flash Player

Original release date: January 26, 2015 Adobe has released Flash Player desktop version 16.0.0.296 to address a critical vulnerability ( CVE-2015-0311 ) in 16.0.0.287 and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.

SB15-026: Vulnerability Summary for the Week of January 19, 2015 0

SB15-026: Vulnerability Summary for the Week of January 19, 2015

Original release date: January 26, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).

FBI Releases "Ransomware on the Rise" 0

FBI Releases "Ransomware on the Rise"

Original release date: January 23, 2015 The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock it. Users and administrators are encouraged to review the FBI article ” Ransomware on the Rise ” for details and refer to Alert TA-295A for information on Crypto Ransomware.

VU#546340: QPR Portal contains multiple vulnerabilities 0

VU#546340: QPR Portal contains multiple vulnerabilities

Vulnerability Note VU#546340 QPR Portal contains multiple vulnerabilities Original Release date: 23 Jan 2015 | Last revised: 23 Jan 2015 Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability.

VU#637068: LabTech contains privilege escalation vulnerability 0

VU#637068: LabTech contains privilege escalation vulnerability

Vulnerability Note VU#637068 LabTech contains privilege escalation vulnerability Original Release date: 23 Jan 2015 | Last revised: 23 Jan 2015 Overview LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges. Description CWE-284 : Improper Access Control LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges.