| |
 |
 |
 |
|
|
|
|
AusCERT Security Bulletins are security bulletins written by AusCERT using information gathered by our own research or by research done by other computer security incident response teams, vendors, and other groups concerned about security.
AusCERT Security Bulletins are released when a single quotable source of information is not available.
AusCERT includes a summary of key information at the front of the document and cross-references it to relevant bulletins. A section at the end of the bulletin lists all references use to create the bulletin.
ASB-2013.0028 - [Win][UNIX/Linux] Ruby: Denial of service - Remote/unauthenticated
- A number of vulnerabilities have been identified in Ruby prior to versions 1.9.3 patchlevel 392 and 2.0.0 patchlevel 0.
(25/02/2013)
ASB-2013.0027 - [UNIX/Linux] Kerberos: Denial of service - Remote/unauthenticated
- A vulnerability has been identified in MIT Kerberos 5 prior to Release 1.11.
(25/02/2013)
ASB-2013.0026 - [Win][Linux][OSX] Google Chrome: Multiple vulnerabilities
- A number of vulnerabilities have been identified in Google Chrome prior to versions 25.0.1364.97 for Windows and Linux, and 25.0.1364.99 for Mac.
(25/02/2013)
ASB-2013.0024.2 - UPDATE [Win][UNIX/Linux][Android] Mozilla Firefox, Thunderbird and SeaMonkey: Multiple vulnerabilities
-
(21/02/2013)
ASB-2013.0025 - ALERT [Win][UNIX/Linux] Oracle Java: Multiple vulnerabilities
- A number of vulnerabilities have been identified in Oracle Java JDK and JRE 7 Update 13 and earlier, JDK and JRE 6 Update 39 and earlier, JDK and JRE 5.0 Update 39 and earlier, and SDK and JRE 1.4.2_41 and earlier.
(20/02/2013)
ASB-2013.0023 - [Win][Linux][HP-UX][Solaris][AIX] Hitachi Tuning Manager and JP1/Performance Management: Cross-site scripting - Existing account
- Multiple vulnerabilities have been identified in Hitachi Tuning Manager and JP1/Performance Management.
(20/02/2013)
ASB-2013.0022 - [Appliance] Check Point VSX Gateway: Unauthorised access - Existing account
- A vulnerability has been identified in Check Point VPN-1 Power VSX prior to version NGX R65 HF120, NGX R67 HFA 10 and NGX R68.
(14/02/2013)
ASB-2013.0021 - [Win] McAfee VirusScan Enterprise and McAfee Host Intrusion Prevention: Increased privileges - Existing account
- A vulnerability has been identified in McAfee Virus Scan Enterprise prior to v8.8p2 HF805660, v8.7p5r2 HF792686 and McAfee Host Intrustion Prevention v8.0p2 HF791162.
(14/02/2013)
ASB-2013.0020 - [Win][UNIX/Linux] PostgreSQL: Denial of service - Existing account
- A vulnerability has been identified in PostgreSQL prior to versions 9.2.3, 9.1.8, 9.0.12, 8.4.16 and 8.3.23.
(11/02/2013)
ASB-2013.0019 - [UNIX/Linux] Puppet: Multiple vulnerabilities
- Multiple vulnerabilities have been identified in Puppet Enterprise prior to version 2.7.1.
(11/02/2013)
ASB-2013.0018 - [Win] IntegraXor SCADA Server: Execute arbitrary code/commands - Remote/unauthenticated
- A vulnerability has been identified in IntegraXor SCADA Server prior to version 4.0 build 4250.0.
(11/02/2013)
ASB-2013.0017 - [Win][UNIX/Linux] Ruby: Cross-site scripting - Remote with user interaction
- A vulnerability has been identified in Ruby prior to versions 1.9.3p385, 2.0.0 rc2 or trunk revision 39102.
(08/02/2013)
ASB-2013.0016 - [Win][UNIX/Linux] GnuTLS: Access privileged data - Remote with user interaction
- A vulnerability has been identified in GnuTLS prior to versions 3.1.7, 3.0.28 and 2.12.23.
(08/02/2013)
ASB-2013.0015 - [RedHat][SUSE] Novell Sentinel: Cross-site scripting - Remote with user interaction
- A vulnerability has been identified in Novell Sentinel prior to version 7.0 SP3 (7.0.3.0).
(07/02/2013)
ASB-2013.0014 - [Win][UNIX/Linux] Joomla!: Access confidential data - Remote/unauthenticated
- A number of vulnerabilities have been identified in Joomla! prior to versions 3.0.3 and 2.5.9.
(06/02/2013)
ASB-2013.0013 - ALERT [Win][UNIX/Linux] Oracle Java : Multiple vulnerabilities
- Oracle has stated that while this patch was originally scheduled for release on February 19th, the release was accelerated due to active exploitation of one of these vulnerabilities.
(04/02/2013)
ASB-2013.0012 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction
- A number of vulnerabilities have been identified in Wireshark prior to versions 1.8.5 and 1.6.13.
(30/01/2013)
ASB-2013.0011 - [Win][Linux][HP-UX][AIX] Hitachi Cosminexus: Modify arbitrary files - Remote/unauthenticated
- A vulnerability has been identified in Hitachi Cosminexus.
(29/01/2013)
ASB-2013.0010 - [Win][UNIX/Linux] WordPress: Multiple vulnerabilities
- A number of security vulnerabilities have been identified in WordPress prior to version 3.5.1.
(25/01/2013)
ASB-2013.0009 - [Win][Linux][OSX] Google Chrome: Multiple vulnerabilities
- A number of vulnerabilities have been identified in Google Chrome prior to version 24.0.1312.56.
(24/01/2013)
ASB-2012.0169.2 - UPDATED ALERT [Win][VMware ESX][RedHat][Solaris][AIX][SUSE] Novell eDirectory: Multiple vulnerabilities
- A number of vulnerabilities have been identified in Novell eDirectory prior to version 8.8 SP7 Patch 2.
(18/01/2013)
ASB-2013.0008 - [Win][UNIX/Linux] Nagios Core : Execute arbitrary code/commands - Remote/unauthenticated
- Multiple vulnerabilities have been fixed in the latest version of Nagios
(17/01/2013)
ASB-2013.0007 - ALERT [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities
- Oracle have released updates for multiple vulnerabilities, including two with a CVSS score of 10.0.
(16/01/2013)
ASB-2013.0006 - ALERT [Win][UNIX/Linux][Mobile] JDK and JRE 7 Update 10 and earlier: Execute arbitrary code/commands - Remote with user interaction
- Oracle have released updates for multiple vulnerabilities, including two with a CVSS score of 10.0
(14/01/2013)
ASB-2013.0005 - [Win][Linux][Mac] Google Chrome: Multiple vulnerabilities
- A number of vulnerabilities have been identified in Google Chrome.
(11/01/2013)
ASB-2013.0004 - [Win][Linux][HP-UX][Solaris][AIX] Sybase Adaptive Server Enterprise: Execute arbitrary code/commands - Unknown/unspecified
- Vulnerabilities have been identified and fixed in Sybase Adaptive Server Enterprise.
(10/01/2013)
ASB-2013.0003 - [Win][UNIX/Linux][Android] Mozilla Firefox, Thunderbird, & SeaMonkey: Multiple vulnerabilities
- Multiple vulnerabilities have been fixed in the latest versions of Mozilla Firefox, Thunderbird and SeaMonkey.
(09/01/2013)
ASB-2013.0002 - [Win][UNIX/Linux] WordPress: Unauthorised access - Remote/unauthenticated
- WordPress 3.4.2 does not invalidate session cookies upon logout from the administrator's interface.
(04/01/2013)
ASB-2013.0001 - [Appliance] Siemens SIMATIC S7-1200 PLC: Denial of service - Remote/unauthenticated
- A remote, unauthenticated denial of service vulnerability has been found in the S7-1200 PLC
(02/01/2013)
ASB-2012.0178 - [Win][OSX] Adobe Shockwave Player version 11.6.8.638 and prior: Execute arbitrary code/commands - Remote with user interaction
- Vulnerabilities have been found in Adobe Shockwave Player.
(21/12/2012)
ASB-2012.0177 - ALERT [Win][UNIX/Linux] TWiki: Multiple vulnerabilities
- A number of vulnerabilities have been identified in TWiki versions 4.0.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x and 5.1.0 through 5.1.2.
(20/12/2012)
ASB-2012.0176 - [Win][VMware ESX][Linux] BlueCoat Reporter: Cross-site request forgery - Remote with user interaction
- A number of vulnerabilities have been identified in BlueCoat Reporter prior to version 9.4.
(14/12/2012)
ASB-2012.0175 - [Win][Linux][OSX] Google Chrome: Multiple vulnerabilities
- A number of vulnerabilities have been identified in Google Chrome prior to version 23.0.1271.97.
(13/12/2012)
ASB-2012.0174 - [UNIX/Linux][Solaris] Webmin: Multiple vulnerabilities
- A number of vulnerabilities have been identified in Webmin, a third-party component of Solaris 10.
(13/12/2012)
ASB-2012.0173 - [Solaris] libgsf: Execute arbitrary code/commands - Remote/unauthenticated
- A vulnerability has been identified in Gnome Structured File library (libgsf), a third-party component of Solaris 10.
(13/12/2012)
Previous 1, 2, 3, ... 21, 22, 23 Next
denotes AusCERT member only content.
|
|
|
|
 |
|
 |
|
|