CIRC's latest security bulletins. http://circ.jc3.doe.gov/index.html Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-170.shtml 16 May 2012 09:00 GMT New Bulletin Sympa Multiple Security Bypass Vulnerabilities http://www.doecirc.energy.gov/bulletins/U-169.shtml 15 May 2012 08:00 GMT New Bulletin EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service http://www.doecirc.energy.gov/bulletins/U-168.shtml 14 May 2012 08:00 GMT New Bulletin OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/U-167.shtml 11 May 2012 09:00 GMT New Bulletin Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-166.shtml 10 May 2012 08:00 GMT New Bulletin Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs http://www.doecirc.energy.gov/bulletins/U-165.shtml 09 May 2012 08:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification for May 2012 http://www.doecirc.energy.gov/bulletins/U-164.shtml 08 May 2012 08:00 GMT New Bulletin PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-163.shtml 07 May 2012 08:00 GMT New Bulletin Drupal Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-162.shtml 04 May 2012 07:00 GMT New Bulletin Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-161.shtml 03 May 2012 08:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-160.shtml 02 May 2012 08:00 GMT New Bulletin Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication http://www.doecirc.energy.gov/bulletins/U-159.shtml 01 May 2012 08:00 GMT New Bulletin HP NonStop Server Java Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/U-158.shtml 30 Apr 2012 08:00 GMT New Bulletin Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities http://www.doecirc.energy.gov/bulletins/U-157.shtml 27 Apr 2012 08:00 GMT New Bulletin Red Hat update for JBoss Enterprise Portal Platform http://www.doecirc.energy.gov/bulletins/U-156.shtml 26 Apr 2012 08:00 GMT New Bulletin WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-155.shtml 25 Apr 2012 08:00 GMT New Bulletin IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/U-154.shtml 24 Apr 2012 08:00 GMT New Bulletin EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/U-153.shtml 23 Apr 2012 04:00 GMT New Bulletin OpenSSL Data Processing Vulnerability http://www.doecirc.energy.gov/bulletins/u-152.shtml 20 Apr 2012 10:00 GMT New Bulletin Bugzilla Cross-Site Request Forgery Vulnerability http://www.doecirc.energy.gov/bulletins/u-151.shtml 19 Apr 2012 11:00 GMT New Bulletin Oracle Critical Patch Update Advisory - April 2012 http://www.doecirc.energy.gov/bulletins/u-150.shtml 18 Apr 2012 12:00 GMT New Bulletin Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-149.shtml 17 Apr 2012 11:00 GMT New Bulletin ActiveScriptRuby GRScript18.dll ActiveX Control http://www.doecirc.energy.gov/bulletins/u-148.shtml 16 Apr 2012 11:00 GMT New Bulletin Red Hat Enterprise MRG Grid Input Validation Flaw http://www.doecirc.energy.gov/bulletins/u-147.shtml 13 Apr 2012 10:00 GMT New Bulletin Adobe Reader/Acrobat Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-146.shtml 12 Apr 2012 12:00 GMT New Bulletin Microsoft Security Bulletin Summary for April 2012 http://www.doecirc.energy.gov/bulletins/u-145.shtml 11 Apr 2012 07:00 GMT New Bulletin Juniper Secure Access Input Validation Flaw Permits Cross-Site Scripting Attacks http://www.doecirc.energy.gov/bulletins/u-144.shtml 10 Apr 2012 11:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-143.shtml 09 Apr 2012 10:00 GMT New Bulletin HP Onboard Administrator Bugs Let Remote Users Gain Access http://www.doecirc.energy.gov/bulletins/u-142.shtml 06 Apr 2012 10:00 GMT New Bulletin Sourcefire Defense Center Bugs http://www.doecirc.energy.gov/bulletins/u-141.shtml 05 Apr 2012 12:00 GMT New Bulletin HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-140.shtml 04 Apr 2012 10:00 GMT New Bulletin IBM Tivoli Directory Server Input Validation Flaw http://www.doecirc.energy.gov/bulletins/u-139.shtml 03 Apr 2012 09:00 GMT New Bulletin Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/u-138.shtml 02 Apr 2012 11:00 GMT New Bulletin HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes http://www.doecirc.energy.gov/bulletins/U-137.shtml 30 Mar 2012 09:00 GMT New Bulletin Adobe Flash Player Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-136.shtml 29 Mar 2012 08:00 GMT New Bulletin HP WBEM Discloses Diagnostic Data to Remote and Local Users http://www.doecirc.energy.gov/bulletins/U-135.shtml 28 Mar 2012 08:00 GMT New Bulletin Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/U-134.shtml 27 Mar 2012 08:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-133.shtml 26 Mar 2012 07:00 GMT New Bulletin Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks http://www.doecirc.energy.gov/bulletins/U-132.shtml 23 Mar 2012 09:00 GMT New Bulletin Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-131.shtml 22 Mar 2012 08:00 GMT New Bulletin JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication http://www.doecirc.energy.gov/bulletins/U-130.shtml 21 Mar 2012 11:00 GMT New Bulletin RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks http://www.doecirc.energy.gov/bulletins/U-129.shtml 20 Mar 2012 08:00 GMT New Bulletin VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/U-128.shtml 19 Mar 2012 04:00 GMT New Bulletin Microsoft Security Bulletin MS12-020 - Critical http://www.doecirc.energy.gov/bulletins/u-127.shtml 17 Mar 2012 01:00 GMT New Bulletin Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/U-126.shtml 16 Mar 2012 08:00 GMT New Bulletin Cisco ASA Multiple Bugs Let Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/u-125.shtml 15 Mar 2012 07:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification for March 2012 http://www.doecirc.energy.gov/bulletins/U-124.shtml 14 Mar 2012 08:00 GMT New Bulletin OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/U-123.shtml 13 Mar 2012 08:00 GMT New Bulletin Google Chrome Two Code Execution Vulnerabilities http://www.doecirc.energy.gov/bulletins/U-122.shtml 12 Mar 2012 08:00 GMT New Bulletin Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information http://www.doecirc.energy.gov/bulletins/u-121.shtml 09 Mar 2012 08:00 GMT New Bulletin RSA SecurID Software Token Converter Unspecified Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/U-120.shtml 08 Mar 2012 09:00 GMT New Bulletin Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/U-119.shtml 07 Mar 2012 11:00 GMT New Bulletin Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information http://www.doecirc.energy.gov/bulletins/U-118.shtml 06 Mar 2012 11:00 GMT New Bulletin Potential security vulnerability has been identified with certain HP printers and HP digital senders. http://www.doecirc.energy.gov/bulletins/u-117.shtml 05 Mar 2012 14:00 GMT New Bulletin IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilites http://www.doecirc.energy.gov/bulletins/U-116.shtml 05 Mar 2012 11:00 GMT New Bulletin Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/u-115.shtml 02 Mar 2012 11:00 GMT New Bulletin IBM Personal Communications WS File Processing Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/u-114.shtml 01 Mar 2012 11:00 GMT New Bulletin OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/u-113.shtml 29 Feb 2012 11:00 GMT New Bulletin PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates http://www.doecirc.energy.gov/bulletins/u-112.shtml 28 Feb 2012 13:00 GMT New Bulletin IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/u-111.shtml 27 Feb 2012 11:00 GMT New Bulletin Samba Bug Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-110.shtml 24 Feb 2012 12:00 GMT New Bulletin Bugzilla Cross-Site Request Forgery Vulnerability http://www.doecirc.energy.gov/bulletins/u-109.shtml 23 Feb 2012 11:00 GMT New Bulletin Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/u-108.shtml 22 Feb 2012 13:00 GMT New Bulletin Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/u-107.shtml 21 Feb 2012 10:00 GMT New Bulletin Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact http://www.doecirc.energy.gov/bulletins/u-106.shtml 17 Feb 2012 13:00 GMT New Bulletin Oracle Java SE Critical Patch Update Advisory http://www.doecirc.energy.gov/bulletins/u-105.shtml 16 Feb 2012 16:00 GMT New Bulletin Adobe Flash Player Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-104.shtml 16 Feb 2012 11:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification for February 2012 http://www.doecirc.energy.gov/bulletins/u-103.shtml 15 Feb 2012 11:00 GMT New Bulletin Cisco IronPort Encryption Appliance Input Validation Flaw Permits Cross-Site Scripting Attacks http://www.doecirc.energy.gov/bulletins/u-102.shtml 14 Feb 2012 12:00 GMT New Bulletin Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability http://www.doecirc.energy.gov/bulletins/u-101.shtml 13 Feb 2012 11:00 GMT New Bulletin Google Chrome Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-100.shtml 10 Feb 2012 11:00 GMT New Bulletin MySQL Unspecified Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/u-099.shtml 09 Feb 2012 11:00 GMT New Bulletin ISC BIND Deleted Domain Name Resolving Vulnerability http://www.doecirc.energy.gov/bulletins/u-098.shtml 08 Feb 2012 11:00 GMT New Bulletin PHP php_register_variable_ex Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/u-097.shtml 07 Feb 2012 13:00 GMT New Bulletin IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/u-096.shtml 06 Feb 2012 11:00 GMT New Bulletin HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-095.shtml 03 Feb 2012 11:00 GMT New Bulletin EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/u-094.shtml 02 Feb 2012 11:00 GMT New Bulletin Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks http://www.doecirc.energy.gov/bulletins/u-093.shtml 01 Feb 2012 10:00 GMT New Bulletin Sudo Format String Bug Lets Local Users Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/u-092.shtml 31 Jan 2012 10:00 GMT New Bulletin cURL Lets Remote Users Decrypt SSL/TLS Traffic http://www.doecirc.energy.gov/bulletins/u-091.shtml 30 Jan 2012 11:00 GMT New Bulletin RSA enVision Discloses Environment Variable Information to Remote Users http://www.doecirc.energy.gov/bulletins/u-090.shtml 27 Jan 2012 10:00 GMT New Bulletin U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands http://www.doecirc.energy.gov/bulletins/u-089.shtml 26 Jan 2012 11:00 GMT New Bulletin Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-088.shtml 25 Jan 2012 10:00 GMT New Bulletin HP-UX update for Java http://www.doecirc.energy.gov/bulletins/u-087.shtml 24 Jan 2012 11:00 GMT New Bulletin Linux Kernel /proc//mem Privilege Escalation Vulnerability http://www.doecirc.energy.gov/bulletins/u-086.shtml 23 Jan 2012 13:00 GMT New Bulletin OpenSSL DTLS Bug Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/u-085.shtml 20 Jan 2012 14:00 GMT New Bulletin Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/u-084.shtml 19 Jan 2012 13:00 GMT New Bulletin Oracle Critical Patch Update Advisory - January 2012 http://www.doecirc.energy.gov/bulletins/u-083.shtml 18 Jan 2012 13:00 GMT New Bulletin PHP Null Pointer Dereference in zend_strndup() Lets Local Users Deny Service http://www.doecirc.energy.gov/bulletins/u-082.shtml 17 Jan 2012 17:00 GMT New Bulletin McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-081.shtml 13 Jan 2012 13:00 GMT New Bulletin Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-080.shtml 12 Jan 2012 14:00 GMT New Bulletin Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-079.shtml 11 Jan 2012 12:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification for January 2012 http://www.doecirc.energy.gov/bulletins/u-078.shtml 10 Jan 2012 12:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-077.shtml 09 Jan 2012 14:00 GMT New Bulletin OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-076.shtml 06 Jan 2012 12:00 GMT New Bulletin Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-075.shtml 05 Jan 2012 12:00 GMT New Bulletin Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users http://www.doecirc.energy.gov/bulletins/u-074.shtml 04 Jan 2012 12:00 GMT New Bulletin Bugzilla Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks http://www.doecirc.energy.gov/bulletins/u-073.shtml 03 Jan 2012 15:00 GMT New Bulletin Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/u-072.shtml 30 Dec 2011 13:00 GMT New Bulletin HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-071.shtml 29 Dec 2011 13:00 GMT New Bulletin Redhat krb5 Critical Security Update http://www.doecirc.energy.gov/bulletins/u-070.shtml 28 Dec 2011 13:00 GMT New Bulletin Telnet code execution vulnerability: FreeBSD and Kerberos http://www.doecirc.energy.gov/bulletins/u-069.shtml 27 Dec 2011 14:00 GMT New Bulletin Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/u-068.shtml 23 Dec 2011 13:00 GMT New Bulletin WebSVN Input Validation Flaw in getLog() Permits Cross-Site Scripting Attacks http://www.doecirc.energy.gov/bulletins/u-067.shtml 22 Dec 2011 12:00 GMT New Bulletin Mozilla Firefox / Thunderbird Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-066.shtml 21 Dec 2011 16:00 GMT New Bulletin Microsoft Windows win32k.sys Memory Corruption Vulnerability http://www.doecirc.energy.gov/bulletins/u-065.shtml 20 Dec 2011 14:00 GMT New Bulletin Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-064.shtml 19 Dec 2011 14:00 GMT New Bulletin RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-063.shtml 16 Dec 2011 12:00 GMT New Bulletin Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/u-062.shtml 15 Dec 2011 12:00 GMT New Bulletin RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls http://www.doecirc.energy.gov/bulletins/u-061.shtml 14 Dec 2011 13:00 GMT New Bulletin Security update: Hotfix available for ColdFusion http://www.doecirc.energy.gov/bulletins/u-060.shtml 13 Dec 2011 23:00 GMT New Bulletin Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/u-059.shtml 13 Dec 2011 12:00 GMT New Bulletin Apache Struts Conversion Error OGNL Expression Injection Vulnerability http://www.doecirc.energy.gov/bulletins/u-058.shtml 12 Dec 2011 13:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification for December 2011 http://www.doecirc.energy.gov/bulletins/u-057.shtml 09 Dec 2011 16:00 GMT New Bulletin Linux Kernel HFS Buffer Overflow Lets Local Users Gain Root Privileges http://www.doecirc.energy.gov/bulletins/u-056.shtml 09 Dec 2011 13:00 GMT New Bulletin Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-055.shtml 08 Dec 2011 13:00 GMT New Bulletin Security Advisory for Adobe Reader and Acrobat http://www.doecirc.energy.gov/bulletins/u-054.shtml 07 Dec 2011 20:00 GMT New Bulletin Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information http://www.doecirc.energy.gov/bulletins/u-053.shtml 07 Dec 2011 12:00 GMT New Bulletin HP Protect Tools Device Access Manager Unspecified Bug Lets Remote Users Deny Service and Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-052.shtml 06 Dec 2011 12:00 GMT New Bulletin Skype Discloses IP Addresses to Remote Users http://www.doecirc.energy.gov/bulletins/u-051.shtml 05 Dec 2011 15:00 GMT New Bulletin Adobe Flex SDK Input Validation Flaw Permits Cross-Site Scripting Attacks http://www.doecirc.energy.gov/bulletins/u-050.shtml 02 Dec 2011 12:00 GMT New Bulletin IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System http://www.doecirc.energy.gov/bulletins/u-049.shtml 01 Dec 2011 13:00 GMT New Bulletin HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-048.shtml 30 Nov 2011 13:00 GMT New Bulletin Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-047.shtml 29 Nov 2011 13:00 GMT New Bulletin Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers http://www.doecirc.energy.gov/bulletins/u-046.shtml 28 Nov 2011 14:00 GMT New Bulletin Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service http://www.doecirc.energy.gov/bulletins/u-045.shtml 25 Nov 2011 15:00 GMT New Bulletin HP Operations Agent and Performance Agent Lets Local Users Access a Restricted Directory http://www.doecirc.energy.gov/bulletins/u-044.shtml 23 Nov 2011 12:00 GMT New Bulletin Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-043.shtml 22 Nov 2011 12:00 GMT New Bulletin Mac RealPlayer Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-042.shtml 21 Nov 2011 14:00 GMT New Bulletin Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-041.shtml 18 Nov 2011 13:00 GMT New Bulletin HP-UX System Administration Manager Lets Local Users Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/u-040.shtml 17 Nov 2011 12:00 GMT New Bulletin ISC Update: BIND 9 Resolver crashes after logging an error in query.c http://www.doecirc.energy.gov/bulletins/u-039.shtml 16 Nov 2011 19:00 GMT New Bulletin BIND 9 Resolver crashes after logging an error in query.c http://www.doecirc.energy.gov/bulletins/u-038.shtml 16 Nov 2011 13:00 GMT New Bulletin Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-037.shtml 16 Nov 2011 12:00 GMT New Bulletin Apple iOS Bugs Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-036.shtml 15 Nov 2011 12:00 GMT New Bulletin Adobe Flash Player Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-035.shtml 14 Nov 2011 14:00 GMT New Bulletin Fraudulent Digital Certificates Could Allow Spoofing http://www.doecirc.energy.gov/bulletins/u-034.shtml 10 Nov 2011 23:00 GMT New Bulletin Microsoft Security Bulletin Summary for November 2011 http://www.doecirc.energy.gov/bulletins/u-033.shtml 10 Nov 2011 12:00 GMT New Bulletin Microsoft Security Bulletin Windows TCP/IP MS11-083 - Critical http://www.doecirc.energy.gov/bulletins/u-032.shtml 09 Nov 2011 18:00 GMT New Bulletin Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication http://www.doecirc.energy.gov/bulletins/u-031.shtml 09 Nov 2011 13:00 GMT New Bulletin Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/u-030.shtml 09 Nov 2011 13:00 GMT New Bulletin TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets Remote Users Gain Unauthorized Access http://www.doecirc.energy.gov/bulletins/u-029.shtml 08 Nov 2011 13:00 GMT New Bulletin Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability http://www.doecirc.energy.gov/bulletins/u-028.shtml 07 Nov 2011 13:00 GMT New Bulletin RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions http://www.doecirc.energy.gov/bulletins/u-027.shtml 04 Nov 2011 12:00 GMT New Bulletin Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands http://www.doecirc.energy.gov/bulletins/u-026.shtml 03 Nov 2011 12:00 GMT New Bulletin HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-025.shtml 02 Nov 2011 11:00 GMT New Bulletin IBM Lotus Sametime Configuration Servlet Lets Remote Users Obtain Configuration Data http://www.doecirc.energy.gov/bulletins/u-024.shtml 01 Nov 2011 12:00 GMT New Bulletin Debian update for phpldapadmin http://www.doecirc.energy.gov/bulletins/u-023.shtml 31 Oct 2011 14:00 GMT New Bulletin Apple QuickTime Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-022.shtml 28 Oct 2011 12:00 GMT New Bulletin Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files http://www.doecirc.energy.gov/bulletins/u-021.shtml 27 Oct 2011 11:00 GMT New Bulletin McAfee Web Gateway Web Access Cross Site Scripting Vulnerability http://www.doecirc.energy.gov/bulletins/u-020.shtml 26 Oct 2011 15:00 GMT New Bulletin Oracle Critical Patch Update Advisory - October 2011 http://www.doecirc.energy.gov/bulletins/u-019.shtml 25 Oct 2011 12:00 GMT New Bulletin Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-018.shtml 25 Oct 2011 12:00 GMT New Bulletin HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information http://www.doecirc.energy.gov/bulletins/u-017.shtml 24 Oct 2011 16:00 GMT New Bulletin Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/u-016.shtml 21 Oct 2011 12:00 GMT New Bulletin CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands http://www.doecirc.energy.gov/bulletins/u-015.shtml 20 Oct 2011 11:00 GMT New Bulletin Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service http://www.doecirc.energy.gov/bulletins/u-014.shtml 19 Oct 2011 11:00 GMT New Bulletin HP Data Protector Multiple Unspecified Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-013.shtml 18 Oct 2011 13:00 GMT New Bulletin BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages http://www.doecirc.energy.gov/bulletins/u-012.shtml 17 Oct 2011 13:00 GMT New Bulletin Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability http://www.doecirc.energy.gov/bulletins/u-011.shtml 14 Oct 2011 16:00 GMT New Bulletin HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access http://www.doecirc.energy.gov/bulletins/u-010.shtml 13 Oct 2011 12:00 GMT New Bulletin Microsoft Security Bulletin Summary for October 2011 http://www.doecirc.energy.gov/bulletins/u-009.shtml 12 Oct 2011 12:00 GMT New Bulletin Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service http://www.doecirc.energy.gov/bulletins/u-008.shtml 11 Oct 2011 11:00 GMT New Bulletin IBM Rational AppScan Import/Load Function Flaws Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-007.shtml 10 Oct 2011 13:00 GMT New Bulletin Cisco Network Admission Control Manager Directory Traversal Flaw Lets Remote Users Obtain Potentially Sensitive Information http://www.doecirc.energy.gov/bulletins/u-006.shtml 07 Oct 2011 12:00 GMT New Bulletin Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers http://www.doecirc.energy.gov/bulletins/u-005.shtml 06 Oct 2011 13:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/u-004.shtml 05 Oct 2011 12:00 GMT New Bulletin RPM Package Manager security update http://www.doecirc.energy.gov/bulletins/u-003.shtml 04 Oct 2011 17:00 GMT New Bulletin Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities http://www.doecirc.energy.gov/bulletins/u-002.shtml 04 Oct 2011 15:00 GMT New Bulletin Symantec IM Manager Input Validation Flaws http://www.doecirc.energy.gov/bulletins/u-001.shtml 03 Oct 2011 17:00 GMT New Bulletin Symantec IM Manager Code Injection Vulnerability http://circ.jc3.doe.gov/bulletins/t-731.shtml 30 Sep 2011 12:00 GMT New Bulletin Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution http://circ.jc3.doe.gov/bulletins/t-730.shtml 29 Sep 2011 12:00 GMT New Bulletin Mozilla Code Installation Through Holding Down Enter http://circ.jc3.doe.gov/bulletins/t-729.shtml 29 Sep 2011 12:00 GMT New Bulletin Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks http://circ.jc3.doe.gov/bulletins/t-728.shtml 28 Sep 2011 12:00 GMT New Bulletin Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions http://circ.jc3.doe.gov/bulletins/t-727.shtml 27 Sep 2011 12:00 GMT New Bulletin Linux-2.6 privilege escalation/denial of service/information leak http://circ.jc3.doe.gov/bulletins/t-726.shtml 26 Sep 2011 14:00 GMT New Bulletin Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilitiry Code http://circ.jc3.doe.gov/bulletins/t-725.shtml 23 Sep 2011 13:00 GMT New Bulletin Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing http://circ.jc3.doe.gov/bulletins/t-724.shtml 22 Sep 2011 16:00 GMT New Bulletin Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-723.shtml 22 Sep 2011 12:00 GMT New Bulletin IBM WebSphere Commerce Edition Input Validation Holes Permit Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-722.shtml 21 Sep 2011 12:00 GMT New Bulletin Mac OS X Directory Services Lets Local Users View User Password Hashes http://circ.jc3.doe.gov/bulletins/t-721.shtml 20 Sep 2011 12:00 GMT New Bulletin Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-720.shtml 19 Sep 2011 12:00 GMT New Bulletin Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-719.shtml 16 Sep 2011 15:00 GMT New Bulletin Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-718.shtml 15 Sep 2011 12:00 GMT New Bulletin Microsoft Security Bulletin Summary for September 2011 http://circ.jc3.doe.gov/bulletins/t-717.shtml 14 Sep 2011 13:00 GMT New Bulletin Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-716.shtml 14 Sep 2011 13:00 GMT New Bulletin Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-715.shtml 13 Sep 2011 16:00 GMT New Bulletin Wireshark OpenSafety and CSN.1 Dissector Bugs http://circ.jc3.doe.gov/bulletins/t-714.shtml 12 Sep 2011 12:00 GMT New Bulletin Blue Coat Reporter Directory Traversal Flaw http://circ.jc3.doe.gov/bulletins/t-713.shtml 09 Sep 2011 14:00 GMT New Bulletin Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update http://circ.jc3.doe.gov/bulletins/t-712.shtml 08 Sep 2011 14:00 GMT New Bulletin Fraudulent Google Digital Certificates Could Allow Man-in-the-Middle Attacks http://circ.jc3.doe.gov/bulletins/t-711.shtml 07 Sep 2011 13:00 GMT New Bulletin Apache HTTP Server Overlapping Ranges Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-710.shtml 06 Sep 2011 13:00 GMT New Bulletin Mac OS X Keychain Certificate Settings Can Be Bypassed By Remote Users http://circ.jc3.doe.gov/bulletins/t-709.shtml 02 Sep 2011 16:00 GMT New Bulletin Pidgin Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-708.shtml 01 Sep 2011 15:00 GMT New Bulletin Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information http://circ.jc3.doe.gov/bulletins/t-707.shtml 31 Aug 2011 15:00 GMT New Bulletin Microsoft Fraudulent Digital Certificate Issued by DigiNotar http://circ.jc3.doe.gov/bulletins/t-706.shtml 30 Aug 2011 18:00 GMT New Bulletin Linux Kernel Weakness in Sequence Number Generation Facilitates Packet Injection Attacks http://circ.jc3.doe.gov/bulletins/t-705.shtml 30 Aug 2011 16:00 GMT New Bulletin RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password http://circ.jc3.doe.gov/bulletins/t-704.shtml 29 Aug 2011 16:00 GMT New Bulletin Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents http://circ.jc3.doe.gov/bulletins/t-703.shtml 26 Aug 2011 14:00 GMT New Bulletin Apache web servers that allows a DOS attack http://circ.jc3.doe.gov/bulletins/t-702.shtml 25 Aug 2011 21:00 GMT New Bulletin Citrix Access Gateway Enterprise Edition Input Validation Flaw in Logon Portal Permits Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-701.shtml 25 Aug 2011 16:00 GMT New Bulletin Red Hat: kernel security, bug fix, and enhancement update http://circ.jc3.doe.gov/bulletins/t-700.shtml 24 Aug 2011 13:00 GMT New Bulletin EMC AutoStart Buffer Overflows Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-699.shtml 23 Aug 2011 12:00 GMT New Bulletin Adobe ColdFusion Input Validation Flaw in 'probe.cfm' Permits Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-698.shtml 22 Aug 2011 14:00 GMT New Bulletin Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-697.shtml 19 Aug 2011 19:00 GMT New Bulletin RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw http://circ.jc3.doe.gov/bulletins/t-696.shtml 18 Aug 2011 13:00 GMT New Bulletin Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-695.shtml 17 Aug 2011 15:00 GMT New Bulletin IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-694.shtml 16 Aug 2011 16:00 GMT New Bulletin Symantec Endpoint Protection Manager Input Validation Hole Permits Cross-Site Scripting and Cross-Site Request Forgery Attacks http://circ.jc3.doe.gov/bulletins/t-693.shtml 15 Aug 2011 16:00 GMT New Bulletin VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords http://circ.jc3.doe.gov/bulletins/t-692.shtml 12 Aug 2011 15:00 GMT New Bulletin Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-691.shtml 11 Aug 2011 12:00 GMT New Bulletin Check Point Endpoint Security On-Demand Client Lets Remote Users Execute Arbitrary Code Bulletin Released for August 2011 http://circ.jc3.doe.gov/bulletins/t-690.shtml 10 Aug 2011 13:00 GMT New Bulletin Microsoft Security Bulletin Released for August 2011 http://circ.jc3.doe.gov/bulletins/t-689.shtml 10 Aug 2011 13:00 GMT New Bulletin McAfee Security Bulletin - McAfee SaaS Endpoint Protection update fixes multiple ActiveX issues http://circ.jc3.doe.gov/bulletins/t-688.shtml 09 Aug 2011 12:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification for August 2011 http://circ.jc3.doe.gov/bulletins/t-687.shtml 08 Aug 2011 19:00 GMT New Bulletin IBM Tivoli Integrated Portal Java Double Literal Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-686.shtml 08 Aug 2011 12:00 GMT New Bulletin Cisco Warranty CD May Load Malware From a Remote Site http://circ.jc3.doe.gov/bulletins/t-685.shtml 05 Aug 2011 15:00 GMT New Bulletin Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-684.shtml 04 Aug 2011 17:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-683.shtml 03 Aug 2011 15:00 GMT New Bulletin Double free vulnerability in MapServer http://circ.jc3.doe.gov/bulletins/t-682.shtml 02 Aug 2011 16:00 GMT New Bulletin IBM Lotus Symphony Multiple Unspecified Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-681.shtml 01 Aug 2011 15:00 GMT New Bulletin Samba SWAT 'user' Field Cross Site Scripting Vulnerability http://circ.jc3.doe.gov/bulletins/t-680.shtml 01 Aug 2011 14:00 GMT New Bulletin VMware Security Advisory - VMSA-2011-0010 http://circ.jc3.doe.gov/bulletins/t-679.shtml 29 Jul 2011 14:00 GMT New Bulletin Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-678.shtml 28 Jul 2011 15:00 GMT New Bulletin F5 BIG-IP BIND Negative Caching RRSIG RRsets Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-677.shtml 27 Jul 2011 13:00 GMT New Bulletin Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or Modify SSL/TLS Sessions http://circ.jc3.doe.gov/bulletins/t-676.shtml 26 Jul 2011 13:00 GMT New Bulletin Apple Laptop Battery Interface Lets Local Users Deny Service http://circ.jc3.doe.gov/bulletins/t-675.shtml 25 Jul 2011 16:00 GMT New Bulletin Drupal Secure Password Hashes Module Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-674.shtml 22 Jul 2011 13:00 GMT New Bulletin Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-673.shtml 21 Jul 2011 13:00 GMT New Bulletin Oracle Critical Patch Update Advisory - July 2011 http://circ.jc3.doe.gov/bulletins/t-672.shtml 20 Jul 2011 13:00 GMT New Bulletin Red Hat system-config-firewall Lets Local Users Gain Root Privileges http://circ.jc3.doe.gov/bulletins/t-671.shtml 19 Jul 2011 13:00 GMT New Bulletin Skype Input Validation Flaw in 'mobile phone' Profile Entry Permits Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-670.shtml 18 Jul 2011 13:00 GMT New Bulletin Linux Kernel GFS2 Allocation Error Lets Local Users Deny Service http://circ.jc3.doe.gov/bulletins/t-669.shtml 15 Jul 2011 13:00 GMT New Bulletin Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service http://circ.jc3.doe.gov/bulletins/t-668.shtml 14 Jul 2011 18:00 GMT New Bulletin Red Hat Enterprise Linux kernel security and bug fix update http://circ.jc3.doe.gov/bulletins/t-667.shtml 13 Jul 2011 13:00 GMT New Bulletin Microsoft Security Bulletin MS11-054 - Important http://circ.jc3.doe.gov/bulletins/t-666.shtml 12 Jul 2011 20:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification for July 2011 http://circ.jc3.doe.gov/bulletins/t-665.shtml 11 Jul 2011 20:00 GMT New Bulletin Apache Santuario Buffer Overflow Lets Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-664.shtml 08 Jul 2011 17:00 GMT New Bulletin Cisco Content Services Gateway ICMP Processing Flaw Lets Remote Users Deny http://circ.jc3.doe.gov/bulletins/t-663.shtml 07 Jul 2011 12:00 GMT New Bulletin ISC BIND Packet Processing Flaw Lets Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-662.shtml 06 Jul 2011 20:00 GMT New Bulletin ColdFusion Security Hotfix | APSB11-14, ColdFusion Important Update http://circ.jc3.doe.gov/bulletins/t-661.shtml 05 Jul 2011 21:00 GMT New Bulletin OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-660.shtml 05 Jul 2011 16:00 GMT New Bulletin Update support for RSA Authentication Manager http://circ.jc3.doe.gov/bulletins/t-659.shtml 01 Jul 2011 14:00 GMT New Bulletin T-658: Java for Mac OS X 10.6 Update 5, Java for Mac OS X 10.5 Update 10 http://circ.jc3.doe.gov/bulletins/t-658.shtml 30 Jun 2011 14:00 GMT New Bulletin Drupal Prepopulate - Multiple vulnerabilities http://circ.jc3.doe.gov/bulletins/t-657.shtml 29 Jun 2011 13:00 GMT New Bulletin Microsoft Office Visio DXF File Handling Arbitrary Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-656.shtml 28 Jun 2011 13:00 GMT New Bulletin Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability http://circ.jc3.doe.gov/bulletins/t-655.shtml 27 Jun 2011 14:00 GMT New Bulletin Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary http://circ.jc3.doe.gov/bulletins/t-654.shtml 24 Jun 2011 14:00 GMT New Bulletin Linux Kernel sigqueueinfo() Process Lets Local Users Send Spoofed Signals http://circ.jc3.doe.gov/bulletins/t-653.shtml 23 Jun 2011 12:00 GMT New Bulletin Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-652.shtml 22 Jun 2011 15:00 GMT New Bulletin Blue Coat ProxySG Discloses Potentially Sensitive Information in Core Files http://circ.jc3.doe.gov/bulletins/t-651.shtml 21 Jun 2011 13:00 GMT New Bulletin Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-650.shtml 20 Jun 2011 13:00 GMT New Bulletin Red Hat Network Satellite Server Request Validation Flaw Permits Cross-Site Request Forgery Attacks http://circ.jc3.doe.gov/bulletins/t-649.shtml 17 Jun 2011 14:00 GMT New Bulletin Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory http://circ.jc3.doe.gov/bulletins/t-648.shtml 16 Jun 2011 12:00 GMT New Bulletin PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System http://circ.jc3.doe.gov/bulletins/t-647.shtml 15 Jun 2011 14:00 GMT New Bulletin Debian fex authentication bypass http://circ.jc3.doe.gov/bulletins/t-646.shtml 14 Jun 2011 14:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification http://circ.jc3.doe.gov/bulletins/t-645.shtml 13 Jun 2011 14:00 GMT New Bulletin Prenotification Security Advisory - Adobe Acrobat, Adobe Reader Updates http://circ.jc3.doe.gov/bulletins/t-644.shtml 10 Jun 2011 15:00 GMT New Bulletin HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-643.shtml 09 Jun 2011 15:00 GMT New Bulletin RSA SecurID update to Customers http://circ.jc3.doe.gov/bulletins/t-642.shtml 09 Jun 2011 14:00 GMT New Bulletin Oracle Java SE Critical Patch Update Advisory - June 2011 http://circ.jc3.doe.gov/bulletins/t-641.shtml 08 Jun 2011 14:00 GMT New Bulletin RSA Access Manager Server CVE-2011-0322 Update http://circ.jc3.doe.gov/bulletins/t-640.shtml 07 Jun 2011 18:00 GMT New Bulletin Debian update for libxml2 http://circ.jc3.doe.gov/bulletins/t-639.shtml 07 Jun 2011 13:00 GMT New Bulletin Security update available for Adobe Flash Player http://circ.jc3.doe.gov/bulletins/t-638.shtml 06 Jun 2011 18:00 GMT New Bulletin VMSA-2011-0009 VMware hosted product updates, ESX patches and VI, and Client update resolve multiple http://circ.jc3.doe.gov/bulletins/t-637.shtml 06 Jun 2011 15:00 GMT New Bulletin Wireshark Multiple Flaws Let Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-636.shtml 03 Jun 2011 14:00 GMT New Bulletin Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privilege http://circ.jc3.doe.gov/bulletins/t-635.shtml 02 Jun 2011 14:00 GMT New Bulletin Apple Mac OS X MacDefender Fake Antivirus Malicious Software http://circ.jc3.doe.gov/bulletins/t-634.shtml 01 Jun 2011 13:00 GMT New Bulletin BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-633.shtml 31 May 2011 13:00 GMT New Bulletin Google Chrome OS before R12 0.12.433.38 Beta Update http://circ.jc3.doe.gov/bulletins/t-632.shtml 27 May 2011 14:00 GMT New Bulletin Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability http://circ.jc3.doe.gov/bulletins/t-631.shtml 26 May 2011 15:00 GMT New Bulletin Security update available for Adobe Flash Player http://circ.jc3.doe.gov/bulletins/t-630.shtml 25 May 2011 14:00 GMT New Bulletin Avaya WinPDM Multiple Buffer Overflow Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-629.shtml 24 May 2011 13:00 GMT New Bulletin Debian APR Library Security Update http://circ.jc3.doe.gov/bulletins/t-628.shtml 23 May 2011 12:00 GMT New Bulletin Adobe Flash Player Memory Corruption http://circ.jc3.doe.gov/bulletins/t-627.shtml 20 May 2011 14:00 GMT New Bulletin Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-626.shtml 19 May 2011 15:00 GMT New Bulletin Opera Frameset Handling Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-625.shtml 18 May 2011 13:00 GMT New Bulletin Novell eDirectory LDAP-SSL Memory Allocation Error Lets Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-624.shtml 17 May 2011 13:00 GMT New Bulletin HP Business Availability Center Input Validation Hole Permits Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-623.shtml 16 May 2011 14:00 GMT New Bulletin Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-622.shtml 13 May 2011 15:00 GMT New Bulletin Citrix XenServer Lets Local Administrative Users on the Guest OS Deny Service http://circ.jc3.doe.gov/bulletins/t-621.shtml 12 May 2011 14:00 GMT New Bulletin Microsoft Security Bulletin Advance Notification for May 2011 http://circ.jc3.doe.gov/bulletins/t-620.shtml 10 May 2011 16:00 GMT New Bulletin Skype for Mac Message Processing Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-619.shtml 10 May 2011 13:00 GMT New Bulletin Debian update for exim4: Mail Transport Agent http://circ.jc3.doe.gov/bulletins/t-618.shtml 09 May 2011 14:00 GMT New Bulletin BIND RPZ Processing Flaw Lets Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-617.shtml 06 May 2011 14:00 GMT New Bulletin T-616: PHP Stream Component Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-616.shtml 05 May 2011 18:00 GMT New Bulletin IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-615.shtml 04 May 2011 18:00 GMT New Bulletin Cisco Unified Communications Manager Database Security Vulnerability http://circ.jc3.doe.gov/bulletins/t-614.shtml 03 May 2011 17:00 GMT New Bulletin T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-613.shtml 02 May 2011 17:00 GMT New Bulletin False Positive Detection Generic File in DAT 6329 http://circ.jc3.doe.gov/bulletins/t-612.shtml 29 Apr 2011 18:00 GMT New Bulletin Cisco IOS OCSP Revoked Certificate Security Issue http://circ.jc3.doe.gov/bulletins/t-611.shtml 27 Apr 2011 17:00 GMT New Bulletin Red Hat kdenetwork security update http://circ.jc3.doe.gov/bulletins/t-610.shtml 26 Apr 2011 16:00 GMT New Bulletin Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-609.shtml 25 Apr 2011 15:00 GMT New Bulletin HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-608.shtml 22 Apr 2011 14:00 GMT New Bulletin Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-607.shtml 21 Apr 2011 18:00 GMT New Bulletin Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data http://circ.jc3.doe.gov/bulletins/t-606.shtml 20 Apr 2011 19:00 GMT New Bulletin Oracle Critical Patch Update Advisory - April 2011 http://circ.jc3.doe.gov/bulletins/t-605.shtml 19 Apr 2011 21:00 GMT New Bulletin Google Chrome updated version of the Adobe Flash player http://circ.jc3.doe.gov/bulletins/t-604.shtml 15 Apr 2011 16:00 GMT New Bulletin Mac OS X Includes Some Invalid Comodo Certificates http://circ.jc3.doe.gov/bulletins/t-603.shtml 15 Apr 2011 13:00 GMT New Bulletin BlackBerry Enterprise Server Input Validation Flaw in BlackBerry Web Desktop Manager Permits Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-602.shtml 14 Apr 2011 13:00 GMT New Bulletin Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-601.shtml 13 Apr 2011 20:00 GMT New Bulletin Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat http://circ.jc3.doe.gov/bulletins/t-600.shtml 12 Apr 2011 13:00 GMT New Bulletin Microsoft April 2011 Security Bulletin Release http://circ.jc3.doe.gov/bulletins/t-599.shtml 11 Apr 2011 16:00 GMT New Bulletin Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users http://circ.jc3.doe.gov/bulletins/t-598.shtml 08 Apr 2011 20:00 GMT New Bulletin T-597: WordPress Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-597.shtml 07 Apr 2011 22:00 GMT New Bulletin T-597 http://circ.jc3.doe.gov/bulletins/t-597: WordPress Multiple Security Vulnerabilities 07 Apr 2011 22:00 GMT New Bulletin 0-Day Windows Network Interception Configuration Vulnerability http://circ.jc3.doe.gov/bulletins/t-596.shtml 06 Apr 2011 14:00 GMT New Bulletin OpenSUSE aaabase-filename-privilege-escalation http://circ.jc3.doe.gov/bulletins/t-595.shtml 05 Apr 2011 16:00 GMT New Bulletin IBM solidDB Password Hash Authentication Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-594.shtml 04 Apr 2011 20:00 GMT New Bulletin Microsoft Internet Explorer unspecified code execution http://circ.jc3.doe.gov/bulletins/t-593.shtml 01 Apr 2011 14:00 GMT New Bulletin Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability http://circ.jc3.doe.gov/bulletins/t-592.shtml 31 Mar 2011 20:00 GMT New Bulletin VMware vmrun Utility Lets Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-591.shtml 30 Mar 2011 14:00 GMT New Bulletin HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-590.shtml 29 Mar 2011 16:00 GMT New Bulletin Citrix XenApp and Citrix Presentation Server Bug http://circ.jc3.doe.gov/bulletins/t-589.shtml 28 Mar 2011 16:00 GMT New Bulletin HP Virtual SAN Appliance Stack Overflow http://circ.jc3.doe.gov/bulletins/t-588.shtml 25 Mar 2011 19:00 GMT New Bulletin Firefox Blocking Fraudulent Certificates http://circ.jc3.doe.gov/bulletins/t-587.shtml 24 Mar 2011 14:00 GMT New Bulletin Microsoft Advisory about fraudulent SSL Certificates http://circ.jc3.doe.gov/bulletins/t-586.shtml 23 Mar 2011 19:00 GMT New Bulletin Mac OS X v10.6.7 Security Update 2011-001 http://circ.jc3.doe.gov/bulletins/t-585.shtml 22 Mar 2011 14:00 GMT New Bulletin Microsoft March 2011 Security Bulletin Release http://circ.jc3.doe.gov/bulletins/t-584.shtml 21 Mar 2011 20:00 GMT New Bulletin Linux Kernel OSF Partition Table Buffer Overflow Lets Local Users Obtain Information http://circ.jc3.doe.gov/bulletins/t-583.shtml 18 Mar 2011 17:00 GMT New Bulletin RSA systems has resulted in certain information being extracted from RSA systems that relates to RSA.s SecurID http://circ.jc3.doe.gov/bulletins/t-582.shtml 18 Mar 2011 03:00 GMT New Bulletin Novell Access Manager Java Double Literal Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-581.shtml 17 Mar 2011 15:00 GMT New Bulletin Apache Tomcat May Ignore @ServletSecurity Annotation Protections http://circ.jc3.doe.gov/bulletins/t-580.shtml 16 Mar 2011 13:00 GMT New Bulletin BlackBerry Device Software Bug in WebKit Lets Remote Users Execute Code http://circ.jc3.doe.gov/bulletins/t-579.shtml 15 Mar 2011 21:00 GMT New Bulletin Vulnerability in MHTML Could Allow Information Disclosure http://circ.jc3.doe.gov/bulletins/t-578.shtml 15 Mar 2011 15:00 GMT New Bulletin Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat http://circ.jc3.doe.gov/bulletins/t-577.shtml 14 Mar 2011 21:00 GMT New Bulletin Oracle Solaris Adobe Flash Player Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-576.shtml 14 Mar 2011 16:00 GMT New Bulletin OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password http://circ.jc3.doe.gov/bulletins/t-575.shtml 11 Mar 2011 16:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-574.shtml 10 Mar 2011 15:00 GMT New Bulletin Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-573.shtml 09 Mar 2011 16:00 GMT New Bulletin VMware ESX/ESXi SLPD denial of service vulnerabilitys http://circ.jc3.doe.gov/bulletins/t-572.shtml 08 Mar 2011 15:00 GMT New Bulletin Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Services http://circ.jc3.doe.gov/bulletins/t-571.shtml 07 Mar 2011 16:00 GMT New Bulletin HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass http://circ.jc3.doe.gov/bulletins/t-570.shtml 04 Mar 2011 18:00 GMT New Bulletin Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-569.shtml 03 Mar 2011 15:00 GMT New Bulletin Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks and Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-568.shtml 02 Mar 2011 15:00 GMT New Bulletin Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-567.shtml 01 Mar 2011 18:00 GMT New Bulletin Citrix Secure Gateway Unspecified Vulnerability http://circ.jc3.doe.gov/bulletins/t-566.shtml 28 Feb 2011 16:00 GMT New Bulletin Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege Vulnerability http://circ.jc3.doe.gov/bulletins/t-565.shtml 25 Feb 2011 16:00 GMT New Bulletin Vulnerabilities in Citrix Licensing administration components http://circ.jc3.doe.gov/bulletins/t-564.shtml 24 Feb 2011 15:00 GMT New Bulletin Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service http://circ.jc3.doe.gov/bulletins/t-563.shtml 23 Feb 2011 14:00 GMT New Bulletin Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow http://circ.jc3.doe.gov/bulletins/t-562.shtml 22 Feb 2011 15:00 GMT New Bulletin IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-561.shtml 21 Feb 2011 15:00 GMT New Bulletin Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-560.shtml 18 Feb 2011 15:00 GMT New Bulletin Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution http://circ.jc3.doe.gov/bulletins/t-559.shtml 17 Feb 2011 14:00 GMT New Bulletin Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011 http://circ.jc3.doe.gov/bulletins/t-558.shtml 16 Feb 2011 21:00 GMT New Bulletin Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-557.shtml 15 Feb 2011 17:00 GMT New Bulletin BMC PATROL Agent Service Daemon stack-based buffer overflow http://circ.jc3.doe.gov/bulletins/t-556.shtml 14 Feb 2011 16:00 GMT New Bulletin Adobe Acrobat and Reader Image Parsing Arbitrary Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-555.shtml 11 Feb 2011 16:00 GMT New Bulletin Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code http://circ.jc3.doe.gov/bulletins/t-554.shtml 10 Feb 2011 16:00 GMT New Bulletin Microsoft February 2011 Security Bulletin Release http://circ.jc3.doe.gov/bulletins/t-553.shtml 09 Feb 2011 15:00 GMT New Bulletin Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi http://circ.jc3.doe.gov/bulletins/t-552.shtml 08 Feb 2011 15:00 GMT New Bulletin Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-551.shtml 07 Feb 2011 14:00 GMT New Bulletin Apache Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-550.shtml 04 Feb 2011 19:00 GMT New Bulletin Adobe ColdFusion 9.0.1 CHF1 and earlier http://circ.jc3.doe.gov/bulletins/t-549.shtml 03 Feb 2011 16:00 GMT New Bulletin Novell ZENworks Handheld Management (ZHM) ZfHIPCnd.exe buffer overflow http://circ.jc3.doe.gov/bulletins/t-548.shtml 02 Feb 2011 22:00 GMT New Bulletin Microsoft Windows Human Interface Device (HID) Vulnerability http://circ.jc3.doe.gov/bulletins/t-547.shtml 01 Feb 2011 16:00 GMT New Bulletin Microsoft MHTML Input Validation Hole May Permit Cross-Site Scripting Attacks Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-546.shtml 31 Jan 2011 15:00 GMT New Bulletin RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-545.shtml 28 Jan 2011 15:00 GMT New Bulletin Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-544.shtml 27 Jan 2011 16:00 GMT New Bulletin Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-543.shtml 26 Jan 2011 17:00 GMT New Bulletin SAP Crystal Reports Server Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-542.shtml 25 Jan 2011 15:00 GMT New Bulletin Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-541.shtml 24 Jan 2011 18:00 GMT New Bulletin Sybase EAServer Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-540.shtml 24 Jan 2011 17:00 GMT New Bulletin Adobe Acrobat, Reader, and Flash Player Arbitrary Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-539.shtml 21 Jan 2011 18:00 GMT New Bulletin HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-538.shtml 20 Jan 2011 17:00 GMT New Bulletin Oracle Critical Patch Update Advisory - January 2011 http://circ.jc3.doe.gov/bulletins/t-537.shtml 19 Jan 2011 16:00 GMT New Bulletin Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls http://circ.jc3.doe.gov/bulletins/t-536.shtml 18 Jan 2011 16:00 GMT New Bulletin Oracle Critical Patch Update Pre-Release Announcement - January 2011 http://circ.jc3.doe.gov/bulletins/t-535.shtml 14 Jan 2011 18:00 GMT New Bulletin Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server http://circ.jc3.doe.gov/bulletins/t-534.shtml 13 Jan 2011 15:00 GMT New Bulletin Microsoft January 2011 Security Bulletin Release http://circ.jc3.doe.gov/bulletins/t-533.shtml 12 Jan 2011 17:00 GMT New Bulletin Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-532.shtml 11 Jan 2011 14:00 GMT New Bulletin The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 http://circ.jc3.doe.gov/bulletins/t-531.shtml 10 Jan 2011 21:00 GMT New Bulletin VMware ESX 4.0, Patch ESX400-201101401-SG: Updates VMkernel,CIM,Scripts, VMware Tools, hostd, and VMX http://circ.jc3.doe.gov/bulletins/t-530.shtml 07 Jan 2011 18:00 GMT New Bulletin Apple Mac OS PackageKit Distribution Script Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-529.shtml 06 Jan 2011 20:00 GMT New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-528.shtml 05 Jan 2011 14:00 GMT New Bulletin OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-527.shtml 04 Jan 2011 19:00 GMT New Bulletin Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-526.shtml 03 Jan 2011 16:00 GMT New Bulletin Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-525.shtml 30 Dec 2010 15:00 GMT New Bulletin Adobe Photoshop Insecure Library Loading Vulnerability http://circ.jc3.doe.gov/bulletins/t-524.shtml 29 Dec 2010 16:00 GMT New Bulletin Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-523.shtml 28 Dec 2010 15:00 GMT New Bulletin Microsoft WMI Administrative Tools Object Viewer ActiveX Control Arbitrary Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-522.shtml 27 Dec 2010 18:00 GMT New Bulletin Microsoft Internet Explorer Recursive CSS Import Memory Corruption Error Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-521.shtml 23 Dec 2010 15:00 GMT New Bulletin VMware ESXi Update Installer SFCB Authentication Lets Remote Users Gain Access http://circ.jc3.doe.gov/bulletins/T-520.shtml 22 Dec 2010 22:00 GMT New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-519.shtml 21 Dec 2010 15:00 GMT New Bulletin Apple QuickTime FlashPix Image (CVE-2010-3801) Memory Corruption Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-518.shtml 20 Dec 2010 21:00 GMT New Bulletin Microsoft Windows CVE-2010-3941 'Win32k.sys' Double Free Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-517.shtml 17 Dec 2010 16:00 GMT New Bulletin Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Update http://circ.jc3.doe.gov/bulletins/t-516.shtml 16 Dec 2010 14:00 GMT New Bulletin Microsoft Office RTF File Stack Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-515.shtml 15 Dec 2010 18:00 GMT New Bulletin Microsoft December 2010 Security Bulletin Release http://circ.jc3.doe.gov/bulletins/t-514.shtml 14 Dec 2010 15:00 GMT New Bulletin RealPlayer Buffer Overflows and Memory Corruption http://circ.jc3.doe.gov/bulletins/t-513.shtml 13 Dec 2010 15:00 GMT New Bulletin Mozilla Firefox Input Validation Flaw Lets Remote Users Bypass Cross-Site Scripting Protections http://circ.jc3.doe.gov/bulletins/t-512.shtml 10 Dec 2010 18:00 GMT New Bulletin Citrix Web Interface Cross-Site Scripting Vulnerability http://circ.jc3.doe.gov/bulletins/t-511.shtml 09 Dec 2010 16:00 GMT New Bulletin Apple Releases QuickTime 7.6.9 Security Update http://circ.jc3.doe.gov/bulletins/t-510.shtml 08 Dec 2010 15:00 GMT New Bulletin Red Hat Enterprise Virtualization Manager Race Condition Lets Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-509.shtml 07 Dec 2010 15:00 GMT New Bulletin Google Chrome Multiple Flaws http://circ.jc3.doe.gov/bulletins/t-508.shtml 06 Dec 2010 20:00 GMT New Bulletin VMware Server Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-507.shtml 03 Dec 2010 22:00 GMT New Bulletin Microsoft Windows win32k.sys Driver GreEnableEUDC() Vulnerability http://circ.jc3.doe.gov/bulletins/t-506.shtml 02 Dec 2010 18:00 GMT New Bulletin OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-505.shtml 01 Dec 2010 15:00 GMT New Bulletin Apache Tomcat Manager application XSS vulnerability http://circ.jc3.doe.gov/bulletins/t-504.shtml 30 Nov 2010 16:00 GMT New Bulletin Novell ZENworks Handheld Management Buffer Overflow in 'ZfHIPCND.exe' Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-503.shtml 29 Nov 2010 21:00 GMT New Bulletin Internet Explorer CSS Tag Parsing Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-502.shtml 26 Nov 2010 16:00 GMT New Bulletin Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-501.shtml 26 Nov 2010 16:00 GMT New Bulletin Adobe Reader Heap Corruption vulnerability http://circ.jc3.doe.gov/bulletins/t-500.shtml 24 Nov 2010 18:00 GMT New Bulletin Cisco Unified Intelligent Contact Management Buffer Overflows in 'Agent.exe' Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-499.shtml 23 Nov 2010 14:00 GMT New Bulletin Joomla! Sponsor Wall Component catid SQL Injection Vulnerability http://circ.jc3.doe.gov/bulletins/t-498.shtml 22 Nov 2010 15:00 GMT New Bulletin T-497: Microsoft Data Access Objects (DAO) 'dao360.dll' DLL Loading Arbitrary Code Execution http://circ.jc3.doe.gov/bulletins/t-497.shtml 19 Nov 2010 16:00 GMT New Bulletin Microsoft Office RTF File Stack Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-496.shtml 18 Nov 2010 17:00 GMT New Bulletin HP LaserJet Printer Printer Job Language (PJL) Interface Directory Traversal Flaw Lets Remote Users View Arbitrary Files http://circ.jc3.doe.gov/bulletins/t-495.shtml 17 Nov 2010 16:00 GMT New Bulletin Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User http://circ.jc3.doe.gov/bulletins/t-494.shtml 16 Nov 2010 17:00 GMT New Bulletin PHP mb_strcut() May Disclose Potentially Sensitive Information http://circ.jc3.doe.gov/bulletins/t-493.shtml 15 Nov 2010 16:00 GMT New Bulletin Flash Media Server Flaws Let Remote Users Deny Service or Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-492.shtml 12 Nov 2010 14:00 GMT New Bulletin Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-491.shtml 11 Nov 2010 15:00 GMT New Bulletin Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-490.shtml 10 Nov 2010 17:00 GMT New Bulletin Red Hat Certificate System Bugs Let Remote Users Obtain One-Time PINs and Generate Certificates http://circ.jc3.doe.gov/bulletins/t-489.shtml 09 Nov 2010 16:00 GMT New Bulletin PHP Null Pointer Dereference in ZipArchive:getArchiveComment() May Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-488.shtml 08 Nov 2010 16:00 GMT New Bulletin Adobe Reader Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-487.shtml 05 Nov 2010 22:00 GMT New Bulletin Adobe Flash Player Flaws Lets Remote Users Execute Arbitrary Code Code http://circ.jc3.doe.gov/bulletins/t-486.shtml 05 Nov 2010 22:00 GMT New Bulletin PAM Lets Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-485.shtml 05 Nov 2010 17:00 GMT New Bulletin Linux Kernel Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-484.shtml 04 Nov 2010 17:00 GMT New Bulletin Vulnerability in Internet Explorer Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-483.shtml 03 Nov 2010 23:00 GMT New Bulletin Java for Mac OS X 10.5 Update 8 http://circ.jc3.doe.gov/bulletins/t-482.shtml 03 Nov 2010 14:00 GMT New Bulletin Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-481.shtml 02 Nov 2010 18:00 GMT New Bulletin Cumulative Security Update for Internet Explorer http://circ.jc3.doe.gov/bulletins/t-480.shtml 01 Nov 2010 15:00 GMT New Bulletin Adobe Shockwave Player Has Multiple Flaws That Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-479.shtml 29 Oct 2010 14:00 GMT New Bulletin Oracle Critical Patch Update Advisory - October 2010 http://circ.jc3.doe.gov/bulletins/t-478.shtml 29 Oct 2010 14:00 GMT New Bulletin Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat http://circ.jc3.doe.gov/bulletins/t-477.shtml 28 Oct 2010 22:00 GMT New Bulletin Critical vulnerability in Firefox 3.5 and Firefox 3.6 http://circ.jc3.doe.gov/bulletins/t-476.shtml 28 Oct 2010 14:00 GMT New Bulletin Adobe Shockwave Player rcsL Chunk EAX Register Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-475.shtml 27 Oct 2010 16:00 GMT New Bulletin Blue Coat ProxyAV Permits Cross-Site Request Forgery Attacks http://circ.jc3.doe.gov/bulletins/t-474.shtml 26 Oct 2010 12:00 GMT New Bulletin Microsoft Internet Explorer 'window.onerror' Callback Lets Remote Users Obtain Information From Other Domains http://circ.jc3.doe.gov/bulletins/t-473.shtml 25 Oct 2010 12:00 GMT New Bulletin Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges. http://circ.jc3.doe.gov/bulletins/t-472.shtml 22 Oct 2010 12:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-471.shtml 22 Oct 2010 12:00 GMT New Bulletin Microsoft Office Excel Ghost Record Parsing Arbitrary Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-470.shtml 21 Oct 2010 12:00 GMT New Bulletin Linux RDS Protocol Local Privilege Escalation http://circ.jc3.doe.gov/bulletins/t-469.shtml 20 Oct 2010 12:00 GMT New Bulletin Blue Coat ProxySG Lets Remote Users Bypass JavaScript Filtering. http://circ.jc3.doe.gov/bulletins/t-468.shtml 19 Oct 2010 12:00 GMT New Bulletin RealPlayer Bugs Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-467.shtml 19 Oct 2010 12:00 GMT New Bulletin HP ProCurve Products Unspecified Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-466.shtml 18 Oct 2010 14:00 GMT New Bulletin Linux Kernel i915 Driver Access Control Flaw Lets Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-465.shtml 18 Oct 2010 14:00 GMT New Bulletin BlackBerry Enterprise Server Buffer Overflow in Attachment Service Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-464.shtml 15 Oct 2010 13:00 GMT New Bulletin Microsoft Security Bulletin MS10-076 Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-463.shtml 15 Oct 2010 13:00 GMT New Bulletin Microsoft Security Advisory (973811) Extended Protection for Authentication. http://circ.jc3.doe.gov/bulletins/t-462.shtml 15 Oct 2010 13:00 GMT New Bulletin Microsoft Security Bulletin MS10-071. Critical vulnerabilities in Internet Explorer. http://circ.jc3.doe.gov/bulletins/t-461.shtml 14 Oct 2010 14:00 GMT New Bulletin Oracle WebLogic Node Manager Remote Configuration Capability Lets Remote Users Execute Arbitrary Commands. http://circ.jc3.doe.gov/bulletins/t-460.shtml 14 Oct 2010 14:00 GMT New Bulletin Oracle Siebel Bugs Let Remote Authenticated Users Partially Access and Modify Data and Cause Partial Denial of Service Conditions http://circ.jc3.doe.gov/bulletins/t-459.shtml 13 Oct 2010 12:00 GMT New Bulletin Windows LPC Processing Flaw Lets Local Users Deny Service http://circ.jc3.doe.gov/bulletins/t-458.shtml 12 Oct 2010 14:00 GMT New Bulletin Red Hat Enterprise MRG Messaging SSL and Persistent Message Processing Flaws Let Remote and Remote Authenticated Users Deny Service http://circ.jc3.doe.gov/bulletins/t-457.shtml 08 Oct 2010 15:00 GMT New Bulletin RSA Authentication Client Access Control Flaw Lets Local Users Extract Certain Key Material http://circ.jc3.doe.gov/bulletins/t-456.shtml 07 Oct 2010 17:00 GMT New Bulletin Security updates available for Adobe Reader and Acrobat http://circ.jc3.doe.gov/bulletins/t-455.shtml 06 Oct 2010 15:00 GMT New Bulletin A vulnerability in the Internet Group Management Protocol (IGMP) version 3 http://circ.jc3.doe.gov/bulletins/t-454.shtml 05 Oct 2010 13:00 GMT New Bulletin Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service http://circ.jc3.doe.gov/bulletins/t-453.shtml 04 Oct 2010 16:00 GMT New Bulletin Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability http://circ.jc3.doe.gov/bulletins/t-452.shtml 01 Oct 2010 16:00 GMT New Bulletin Microsoft Internet Information Server (IIS) Web Server Stack Overflow http://circ.jc3.doe.gov/bulletins/t-451.shtml 01 Oct 2010 16:00 GMT New Bulletin IBM Tivoli Storage Manager Fastback Lets Remote Users Deny Service and Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-450.shtml 30 Sep 2010 16:00 GMT New Bulletin Apache Tomcat is prone to multiple remote vulnerabilities http://circ.jc3.doe.gov/bulletins/t-449.shtml 29 Sep 2010 14:00 GMT New Bulletin Vulnerability in ASP.NET Could Allow Information Disclosure http://circ.jc3.doe.gov/bulletins/t-448.shtml 28 Sep 2010 14:00 GMT New Bulletin Red Hat Directory Server for HP-UX Lets Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-447.shtml 27 Sep 2010 13:00 GMT New Bulletin Microsoft Security Bulletin Summary for September 2010 http://circ.jc3.doe.gov/bulletins/t-446.shtml 24 Sep 2010 16:00 GMT New Bulletin RSA Authentication Agent for Web Directory Traversal Vulnerability http://circ.jc3.doe.gov/bulletins/t-445.shtml 23 Sep 2010 13:00 GMT New Bulletin Linux Kernel IA32 Emulation Regression Lets Local Users Gain Root Privileges http://circ.jc3.doe.gov/bulletins/t-444.shtml 22 Sep 2010 18:00 GMT New Bulletin Microsoft Office Outlook Heap Overflow Arbitrary Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-443.shtml 21 Sep 2010 14:00 GMT New Bulletin Linux kernel 64-bit Compatibility Mode Stack Pointer Underflow http://circ.jc3.doe.gov/bulletins/t-442.shtml 20 Sep 2010 15:00 GMT New Bulletin HP System Management Homepage Input Validation Flaw http://circ.jc3.doe.gov/bulletins/t-441.shtml 17 Sep 2010 14:00 GMT New Bulletin Apple Quick Time DLL Loading and ActiveX Control Bugs http://circ.jc3.doe.gov/bulletins/t-440.shtml 16 Sep 2010 15:00 GMT New Bulletin Adobe Flash Player Zero-Day Vulnerability http://circ.jc3.doe.gov/bulletins/t-439.shtml 15 Sep 2010 22:00 GMT New Bulletin Microsoft Outlook Web Access Authentication Flaw http://circ.jc3.doe.gov/bulletins/t-438.shtml 15 Sep 2010 20:00 GMT New Bulletin 3Com OfficeConnect Gigabit VPN Firewall Input Validation Hole Permits Cross-Site Scripting Attacks http://circ.jc3.doe.gov/bulletins/t-437.shtml 15 Sep 2010 16:00 GMT New Bulletin BlackBerry Desktop Software May Load DLLs Unsafely and Remotely Execute http://circ.jc3.doe.gov/bulletins/t-436.shtml 13 Sep 2010 20:00 GMT New Bulletin Apache Traffic Server Insufficient Randomization http://circ.jc3.doe.gov/bulletins/t-435.shtml 10 Sep 2010 18:00 GMT New Bulletin Security update available for Shockwave Player http://circ.jc3.doe.gov/bulletins/t-434.shtml 09 Sep 2010 20:00 GMT New Bulletin Security Advisory for Adobe Reader and Acrobat http://circ.jc3.doe.gov/bulletins/t-433.shtml 08 Sep 2010 21:00 GMT New Bulletin Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-432.shtml 07 Sep 2010 21:00 GMT New Bulletin Linux Kernel Null Pointer Dereference in irda_bind() May Let Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-431.shtml 03 Sep 2010 15:00 GMT New Bulletin Apple QuickTime Flaw in QTPlugin.ocx ActiveX Control Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-430.shtml 02 Sep 2010 20:00 GMT New Bulletin WaspTime MS-SQL Database instance with blank password for sa account http://circ.jc3.doe.gov/bulletins/t-429.shtml 01 Sep 2010 13:00 GMT New Bulletin Vulnerability in Help and Support Center http://circ.jc3.doe.gov/bulletins/t-428.shtml 31 Aug 2010 17:00 GMT New Bulletin VMWare WebAccess Vulnerability http://circ.jc3.doe.gov/bulletins/t-427.shtml 31 Aug 2010 17:00 GMT New Bulletin Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-426.shtml 27 Aug 2010 14:00 GMT New Bulletin Desktop Java running in web browsers http://circ.jc3.doe.gov/bulletins/t-425.shtml 26 Aug 2010 15:00 GMT New Bulletin Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service http://circ.jc3.doe.gov/bulletins/t-424.shtml 25 Aug 2010 12:00 GMT New Bulletin Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-423.shtml 24 Aug 2010 23:00 GMT New Bulletin Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-422.shtml 23 Aug 2010 14:00 GMT New Bulletin Multiple CACTI Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-421.shtml 20 Aug 2010 15:00 GMT New Bulletin Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-420.shtml 20 Aug 2010 00:00 GMT New Bulletin PHP 'ibase_gen_id()' Function off-by-one Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-419.shtml 18 Aug 2010 23:00 GMT New Bulletin Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-418.shtml 17 Aug 2010 11:00 GMT New Bulletin Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-417.shtml 16 Aug 2010 22:00 GMT New Bulletin Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-417.shtml 16 Aug 2010 21:00 GMT New Bulletin Sun Solaris Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-416.shtml 13 Aug 2010 21:00 GMT New Bulletin SQL Injection Vulnerability in Cisco Wireless Control System http://circ.jc3.doe.gov/bulletins/t-415.shtml 12 Aug 2010 13:00 GMT New Bulletin Security update available for Adobe Flash Player and Adobe AIR http://circ.jc3.doe.gov/bulletins/t-414.shtml 11 Aug 2010 12:00 GMT New Bulletin Microsoft August 2010 Security Bulletin Release http://circ.jc3.doe.gov/bulletins/t-413.shtml 10 Aug 2010 22:00 GMT New Bulletin WebKit CSS Counters Remote Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-412.shtml 09 Aug 2010 22:00 GMT New Bulletin PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-411.shtml 06 Aug 2010 23:00 GMT New Bulletin Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-410.shtml 05 Aug 2010 20:00 GMT New Bulletin Citrix Online Plug-In and ICA Client Heap Overflow Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-409.shtml 04 Aug 2010 18:00 GMT New Bulletin phpCAS CAS Proxy Mode Cross-Site Scripting Vulnerability http://circ.jc3.doe.gov/bulletins/t-408.shtml 03 Aug 2010 23:00 GMT New Bulletin W3M NULL Character CA SSL Certificate Validation Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-407.shtml 02 Aug 2010 23:00 GMT New Bulletin Pidgin 'X-Status' Message Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-406.shtml 30 Jul 2010 13:00 GMT New Bulletin WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-405.shtml 29 Jul 2010 18:00 GMT New Bulletin Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-404.shtml 28 Jul 2010 14:00 GMT New Bulletin Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-403.shtml 27 Jul 2010 17:00 GMT New Bulletin Microsoft Outlook TNEF Stream With MAPI Attachment Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-402.shtml 26 Jul 2010 18:00 GMT New Bulletin Multiple Mozilla Product Vulnerabilites http://circ.jc3.doe.gov/bulletins/t-401.shtml 23 Jul 2010 15:00 GMT New Bulletin HP OpenView Network Node Manager CVE-2010-2704 Multiple Code Execution Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-400.shtml 22 Jul 2010 13:00 GMT New Bulletin OpenLDAP 'modrdn' Request Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-399.shtml 20 Jul 2010 20:00 GMT New Bulletin Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-398.shtml 19 Jul 2010 18:00 GMT New Bulletin ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-397.shtml 16 Jul 2010 12:00 GMT New Bulletin PostgreSQL Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-396.shtml 15 Jul 2010 22:00 GMT New Bulletin Oracle Secure Backup Scheduler Service Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-395.shtml 14 Jul 2010 16:00 GMT New Bulletin Python-cjson Unicode Character Encoding Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-394.shtml 12 Jul 2010 17:00 GMT New Bulletin iSCSI Enterprise Target Multiple Implementations iSNS Message Stack Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-393.shtml 08 Jul 2010 19:00 GMT New Bulletin Cisco Security Advisory: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability http://circ.jc3.doe.gov/bulletins/t-392.shtml 07 Jul 2010 18:00 GMT New Bulletin libpng Memory Corruption and Memory Leak Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-391.shtml 01 Jul 2010 23:00 GMT New Bulletin Security updates available for Adobe Reader and Acrobat http://circ.jc3.doe.gov/bulletins/t-390.shtml 29 Jun 2010 21:00 GMT New Bulletin LibTIFF 'TIFFroundup()' Remote Integer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-389.shtml 25 Jun 2010 23:00 GMT New Bulletin ISC DHCP Server find_length() Zero-Length Client Identifier Remote Denial Of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-388.shtml 24 Jun 2010 21:00 GMT New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-26/27/28/29/30/32 Remote Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-387.shtml 23 Jun 2010 18:00 GMT New Bulletin Apple Safari Authentication Data URI Spoofing Vulnerability http://circ.jc3.doe.gov/bulletins/t-386.shtml 22 Jun 2010 22:00 GMT New Bulletin Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-385.shtml 18 Jun 2010 20:00 GMT New Bulletin Sudo 'secure path' Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-384.shtml 17 Jun 2010 21:00 GMT New Bulletin Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-383.shtml 16 Jun 2010 18:00 GMT New Bulletin Perl Safe Module 'reval()' and 'rdo()' CVE-2010-1447 Restriction-Bypass Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-382.shtml 14 Jun 2010 18:00 GMT New Bulletin Adobe Flash Player (CVE-2009-3793) Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-381.shtml 11 Jun 2010 23:00 GMT New Bulletin Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-380.shtml 10 Jun 2010 14:00 GMT New Bulletin Microsoft June 2010 Security Bulletin Release http://circ.jc3.doe.gov/bulletins/t-379.shtml 08 Jun 2010 22:00 GMT New Bulletin Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-378.shtml 07 Jun 2010 22:00 GMT New Bulletin Oracle MySQL DROP TABLE MyISAM Symbolic Link Local Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-377.shtml 04 Jun 2010 22:00 GMT New Bulletin OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-376.shtml 02 Jun 2010 20:00 GMT New Bulletin Cisco Network Building Mediator HTTP Communication Remote Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-375.shtml 01 Jun 2010 17:00 GMT New Bulletin ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability http://circ.jc3.doe.gov/bulletins/t-374.shtml 28 May 2010 20:00 GMT New Bulletin Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-373.shtml 26 May 2010 23:00 GMT New Bulletin Cisco IronPort Desktop Flag Plug-in for Outlook Send Secure Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-372.shtml 25 May 2010 18:00 GMT New Bulletin Xpdf Multiple Integer Overflow Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-371.shtml 24 May 2010 18:00 GMT New Bulletin PostgreSQL Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-370.shtml 21 May 2010 23:00 GMT New Bulletin Oracle Sun Ray Server Software CVE-2010-0888 Remote Device Services Vulnerability http://circ.jc3.doe.gov/bulletins/t-369.shtml 20 May 2010 18:00 GMT New Bulletin Microsoft Visual Basic for Applications Text Parsing Stack Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-368.shtml 18 May 2010 17:00 GMT New Bulletin VMware View URL Processing Cross-site Scripting Vulnerability http://circ.jc3.doe.gov/bulletins/t-367.shtml 17 May 2010 16:00 GMT New Bulletin Microsoft PowerPoint Viewer TextBytesAtom Record Stack Overflow Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-366.shtml 14 May 2010 19:00 GMT New Bulletin Apache mod_auth_shadow Race Condition Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-365.shtml 13 May 2010 23:00 GMT New Bulletin Multiple Adobe Shockwave Player Remote Code Execution Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-364.shtml 12 May 2010 13:00 GMT New Bulletin Microsoft Security Bulletin Summary for May 2010 http://circ.jc3.doe.gov/bulletins/t-363.shtml 11 May 2010 18:00 GMT New Bulletin Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-362.shtml 10 May 2010 16:00 GMT New Bulletin Microsoft Paint JPEG Image Processing Integer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-361.shtml 06 May 2010 16:00 GMT New Bulletin Linux Kernel 'sctp_rcv_ootb()' Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-360.shtml 04 May 2010 14:00 GMT New Bulletin ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability http://circ.jc3.doe.gov/bulletins/t-359.shtml 30 Apr 2010 18:00 GMT New Bulletin MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-358.shtml 28 Apr 2010 17:00 GMT New Bulletin Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-357.shtml 27 Apr 2010 19:00 GMT New Bulletin Oracle Database Change Data Capture Remote SQL Injection Vulnerability http://circ.jc3.doe.gov/bulletins/t-356.shtml 26 Apr 2010 23:00 GMT New Bulletin Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-355.shtml 23 Apr 2010 21:00 GMT New Bulletin Microsoft Security Bulletin MS10-025 - Critical http://circ.jc3.doe.gov/bulletins/t-354.shtml 22 Apr 2010 20:00 GMT New Bulletin McAfee DAT 5958 Update Causes Issues http://circ.jc3.doe.gov/bulletins/t-353.shtml 21 Apr 2010 19:00 GMT New Bulletin iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-352.shtml 20 Apr 2010 20:00 GMT New Bulletin Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability http://circ.jc3.doe.gov/bulletins/t-351.shtml 19 Apr 2010 17:00 GMT New Bulletin T-350: Adobe Acrobat and Reader Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-350.shtml 16 Apr 2010 22:00 GMT New Bulletin [USN-928-1] Sudo vulnerability http://circ.jc3.doe.gov/bulletins/t-349.shtml 15 Apr 2010 21:00 GMT New Bulletin Java Deployment Toolkit Performs Insufficient Validation of Parameters http://circ.jc3.doe.gov/bulletins/t-348.shtml 14 Apr 2010 20:00 GMT New Bulletin VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-347.shtml 13 Apr 2010 15:00 GMT New Bulletin MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-346.shtml 12 Apr 2010 19:00 GMT New Bulletin VMware Hosted Products VMSA-2010-0007 Multiple Remote Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-345.shtml 09 Apr 2010 17:00 GMT New Bulletin Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-344.shtml 08 Apr 2010 21:00 GMT New Bulletin Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability http://circ.jc3.doe.gov/bulletins/t-343.shtml 07 Apr 2010 19:00 GMT New Bulletin Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-342.shtml 06 Apr 2010 19:00 GMT New Bulletin Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-341.shtml 05 Apr 2010 18:00 GMT New Bulletin Jabber Studio JabberD Remote Denial Of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-340.shtml 02 Apr 2010 15:00 GMT New Bulletin Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-339.shtml 02 Apr 2010 14:00 GMT New Bulletin Apple iPhone Malformed VML Data Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-338.shtml 31 Mar 2010 19:00 GMT New Bulletin Cisco IOS SIP Message Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-337.shtml 30 Mar 2010 19:00 GMT New Bulletin phpCAS Cross-Site Scripting Vulnerability http://circ.jc3.doe.gov/bulletins/t-336.shtml 29 Mar 2010 19:00 GMT New Bulletin Linux Kernel 64bit Personality Handling Local Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-335.shtml 26 Mar 2010 16:00 GMT New Bulletin OpenSSL Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-334.shtml 25 Mar 2010 16:00 GMT New Bulletin Mozilla Firefox Heap Overflow in WOFF Decoder Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-333.shtml 24 Mar 2010 17:00 GMT New Bulletin Libpng 'png_decompress_chunk()' Function Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-332.shtml 23 Mar 2010 20:00 GMT New Bulletin GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-331.shtml 22 Mar 2010 20:00 GMT New Bulletin IBM Lotus Notes 'names.nsf' Open Redirection Vulnerability http://circ.jc3.doe.gov/bulletins/t-330.shtml 19 Mar 2010 19:00 GMT New Bulletin Red Hat update for java-1.4.2-ibm http://circ.jc3.doe.gov/bulletins/t-329.shtml 18 Mar 2010 20:00 GMT New Bulletin HP Broadcom Integrated NIC Firmware Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-328.shtml 17 Mar 2010 18:00 GMT New Bulletin GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-327.shtml 16 Mar 2010 21:00 GMT New Bulletin Oracle 11gR2 Multiple Remote Privilege Escalation Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-326.shtml 15 Mar 2010 21:00 GMT New Bulletin Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication http://circ.jc3.doe.gov/bulletins/t-325.shtml 11 Mar 2010 19:00 GMT New Bulletin Samba 'CAP_DAC_OVERRIDE' File Permissions Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-324.shtml 10 Mar 2010 20:00 GMT New Bulletin Microsoft Security Advisory (981374) http://circ.jc3.doe.gov/bulletins/t-323.shtml 09 Mar 2010 21:00 GMT New Bulletin March Patch Tuesday Notes http://circ.jc3.doe.gov/bulletins/t-322.shtml 09 Mar 2010 19:00 GMT New Bulletin Energizer DUO USB battery charger software allows unauthorized remote system access http://circ.jc3.doe.gov/bulletins/t-321.shtml 08 Mar 2010 19:00 GMT New Bulletin Apache 2.2.14 mod_isapi Dangling Pointer http://circ.jc3.doe.gov/bulletins/t-320.shtml 08 Mar 2010 16:00 GMT New Bulletin Apache Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-319.shtml 05 Mar 2010 20:00 GMT New Bulletin Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-318.shtml 05 Mar 2010 13:00 GMT New Bulletin Vulnerability in VBScript Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-317.shtml 03 Mar 2010 16:00 GMT New Bulletin Microsoft Windows Client/Server Run-time Subsystem Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-316.shtml 02 Mar 2010 21:00 GMT New Bulletin PHP 5.2.13 Security Update http://circ.jc3.doe.gov/bulletins/t-315.shtml 01 Mar 2010 13:00 GMT New Bulletin Microsoft Windows ICMPv6 Router Advertisement Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-314.shtml 26 Feb 2010 14:00 GMT New Bulletin Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-313.shtml 25 Feb 2010 15:00 GMT New Bulletin Adobe Download Manager Unspecified Arbitrary File Download Vulnerability http://circ.jc3.doe.gov/bulletins/t-312.shtml 24 Feb 2010 14:00 GMT New Bulletin Microsoft Windows SMB Client Race Condition Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-311.shtml 23 Feb 2010 20:00 GMT New Bulletin Mozilla Firefox Multiple Remote Memory Corruption Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-310.shtml 22 Feb 2010 14:00 GMT New Bulletin Mozilla Firefox Unspecified Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-309.shtml 19 Feb 2010 15:00 GMT New Bulletin T-308: Security update available for Adobe Flash Player and Adobe AIR http://circ.jc3.doe.gov/bulletins/t-308.shtml 17 Feb 2010 22:30 GMT New Bulletin T-307: New Adobe Updates for Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-307.shtml 17 Feb 2010 17:55 GMT New Bulletin T-306: krb5-1.7 KDC denial of service http://circ.jc3.doe.gov/bulletins/t-306.shtml 17 Feb 2010 15:05 GMT New Bulletin T-305: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability http://circ.jc3.doe.gov/bulletins/t-305.shtml 11 February 18:05 GMT New Bulletin T-304: HP OpenView Network Node Manager Java Runtime Environment and Java Developer Kit Remote Execution of Arbitrary Code Vulnerability http://circ.jc3.doe.gov/bulletins/t-304.shtml 11 February 2010 14:40 GMT New Bulletin T-303: Apple Safari 4.0.4 Denial of Service http://circ.jc3.doe.gov/bulletins/t-303.shtml 05 February 2010 14:55 GMT New Bulletin T-302: Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-302.shtml 04 Feb 2010 14:55 GMT New Bulletin T-301: Citrix XenServer Authentication Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-301.shtml 03 Feb 2010 20:15 GMT New Bulletin T-300: lighttpd Slow Request Handling Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-300.shtml 02 Feb 2010 19:30 GMT New Bulletin T-299: Multiple Sun Java Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-299.shtml 01 February 2010 16:00 GMT New Bulletin T-298: Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-298.shtml 29 Jan 2010 16:00 GMT New Bulletin T-297: Multiple Vendor HTML Form Protocol Vulnerability http://circ.jc3.doe.gov/bulletins/t-297.shtml 28 Jan 2010 15:40 GMT New Bulletin T-296: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace http://circ.jc3.doe.gov/bulletins/t-296.shtml 27 Jan 2010 20:00 GMT New Bulletin T-295: Joomla! JBDiary Component Multiple SQL Injection Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-295.shtml 27 January, 2010 14:40 GMT New Bulletin T-294: Microsoft Internet Explorer URI Validation Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-294.shtml 26 January 13:21 GMT New Bulletin T-293: Windows Kernel #GP Trap Handler Flaw Lets Local Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-293.shtml 25 Jan 14:00 GMT New Bulletin T-292: Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-292.shtml 19 Jan 17:45 GMT New Bulletin T-291: Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-291.shtml 15 Jan 15:20 GMT New Bulletin T-290: Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-290.shtml 14 Jan 12:00 GMT New Bulletin T-289: HP StorageWorks Products Remote Management Interface Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-289.shtml 12 Jan 15:30 GMT New Bulletin T-288: New phpldapadmin packages fix remote file inclusion http://circ.jc3.doe.gov/bulletins/t-288.shtml 07 Jan 15:40 GMT New Bulletin T-287: NetworkManager Security Bypass and Information Disclosure Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-287.shtml 05 Jan 2010 14:38 GMT New Bulletin T-286: Microsoft IIS Malformed Local Filename Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-286.shtml 28 Dec 2009 20:35 GMT New Bulletin T-285: Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-285.shtml 23 Dec 2009 17:08 GMT New Bulletin T-284: Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-284.shtml 22 Dec 2009 21:49 GMT New Bulletin T-283: Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability http://circ.jc3.doe.gov/bulletins/t-283.shtml 18 Dec 2009 15:14 GMT New Bulletin T-282: Cisco ASA 8.x VPN SSL module Clientless URL-list control bypass vulnerability. http://circ.jc3.doe.gov/bulletins/t-282.shtml 17 Dec 2009 16:49 GMT New Bulletin T-281: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-281.shtml 16 Dec 2009 15:26 GMT New Bulletin New Adobe Reader,Acrobat Vulnerability Under Attack http://circ.jc3.doe.gov/bulletins/t-280.shtml 15 Dec 2009 19:41 GMTNew Bulletin Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability http://circ.jc3.doe.gov/bulletins/t-279.shtml 11 Dec 2009 15:50 GMT New Bulletin ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability http://circ.jc3.doe.gov/bulletins/T-278.shtml 11 Dec 2009 20:00 GMT New Bulletin Microsoft Security Bulletin Summary for December 2009 http://circ.jc3.doe.gov/bulletins/t-277.shtml 10 Dec 2009 17:30 GMT New Bulletin HP OpenView Network Node Manager 'ovdbrun.exe' Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-276.shtml 19 Nov 2009 14:00 GMT New Bulletin Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-275.shtml 19 Nov 2009 14:00 GMT New Bulletin HP OpenView Network Node Manager Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-274.shtml 18 Nov 2009 17:00 GMT New Bulletin Sun xVM VirtualBox Guest Additions Kernel Memory Consumption Flaw Lets Local Users Deny Service http://circ.jc3.doe.gov/bulletins/t-273.shtml 17 Nov 2009 17:00 GMT New Bulletin Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-272.shtml 16 Nov 2009 16:00 GMT New Bulletin McAfee IntruShield Network Security Manager Permits Session Hijacking Attacks http://circ.jc3.doe.gov/bulletins/t-271.shtml 13 Nov 2009 17:00 GMT New Bulletin Citrix Online Plug-ins Lets Remote Users Spoof SSL Endpoints http://circ.jc3.doe.gov/bulletins/t-270.shtml 12 Nov 2009 16:00 GMT New Bulletin Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability http://circ.jc3.doe.gov/bulletins/t-269.shtml 10 Nov 2009 15:00 GMT New Bulletin HP Power Manager Management Web Server Login Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-268.shtml 9 Nov 2009 15:00 GMT New Bulletin Buffer and Integer Overflow Vulnerabilities in the Java Runtime Environment http://circ.jc3.doe.gov/bulletins/t-267.shtml 6 Nov 2009 17:00 GMT New Bulletin Sun Solaris SCTP 'sctp(7P)' and SDP 'sdp(7D)' Sockets Local Denial Of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-266.shtml 5 Nov 2009 20:00 GMT New Bulletin BlackBerry Desktop Manager ActiveX Control Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-265.shtml 4 Nov 2009 15:00 GMT New Bulletin VMware Products Directory Traversal Vulnerability http://circ.jc3.doe.gov/bulletins/t-264.shtml 3 Nov 2009 15:00 GMT New Bulletin KDE Multiple Input Validation Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-263.shtml 2 Nov 2009 14:00 GMT New Bulletin Drupal Workflow Module Multiple HTML Injection Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-262.shtml 30 Oct 2009 13:00 GMT New Bulletin Solaris Trusted Extensions Weakness May Let Users Gain Elevated Privileges http://circ.jc3.doe.gov/bulletins/t-261.shtml 29 Oct 2009 15:00 GMT New Bulletin Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-260.shtml 28 Oct 2009 14:00 GMT New Bulletin Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-259.shtml 27 Oct 2009 13:00 GMT New Bulletin Multiple Security Vulnerabilities in Adobe Reader and Acrobat http://circ.jc3.doe.gov/bulletins/t-258.shtml 26 Oct 2009 13:00 GMT New Bulletin MapServer Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-257.shtml 23 Oct 2009 15:00 GMT New Bulletin Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-256.shtml 22 Oct 2009 13:00 GMT New Bulletin Oracle Critical Patch Update Advisory http://circ.jc3.doe.gov/bulletins/t-255.shtml 21 Oct 2009 14:00 GMT New Bulletin Cisco IOS Software Authentication Proxy Vulnerability http://circ.jc3.doe.gov/bulletins/t-254.shtml 20 Oct 2009 14:00 GMT New Bulletin Cisco Unified Presence Denial of Service Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-253.shtml 19 Oct 2009 13:00 GMT New Bulletin Xpdf Multiple Integer Overflow Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-252.shtml 16 Oct 2009 14:00 GMT New Bulletin Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-251.shtml 15 Oct 2009 15:00 GMT New Bulletin Microsoft Patch Tuesday Reminder http://circ.jc3.doe.gov/bulletins/t-250.shtml 14 Oct 2009 13:00 GMT New Bulletin Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-249.shtml 13 Oct 2009 16:00 GMT New Bulletin Adobe Acrobat Reader Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-248.shtml 9 Oct 2009 15:00 GMT New Bulletin Multiple HP JetDirect Printers Multiple Cross Site Scripting Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-247.shtml 8 Oct 2009 14:00 GMT New Bulletin IBM AIX 'nfs_portmon' Authentication Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-246.shtml 6 Oct 2009 14:00 GMT New Bulletin VMware Fusion vmx86 Kernel Extension Bugs Let Local Host OS Users Gain Elevated Privileges and Deny Service on the Host http://circ.jc3.doe.gov/bulletins/t-245.shtml 5 Oct 2009 13:00 GMT New Bulletin Solaris IP(7P) Module and STREAMS Framework Denial of Service Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-244.shtml 2 Oct 2009 15:00 GMT New Bulletin Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-243.shtml 1 Oct 2009 14:00 GMT New Bulletin Adobe Photoshop Elements Active File Monitor Service Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-242.shtml 30 Sep 2009 15:00 GMT New Bulletin Blackberry OS NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certficiates http://circ.jc3.doe.gov/bulletins/t-241.shtml 29 Sep 2009 13:00 GMT New Bulletin OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-240.shtml 28 Sep 2009 14:00 GMT New Bulletin Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-239.shtml 25 Sep 2009 14:00 GMT New Bulletin Cisco Unified Communications Manager SIP Message Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-238.shtml 24 Sep 2009 14:00 GMT New Bulletin Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-237.shtml 23 Sep 2009 15:00 GMT New Bulletin OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-236.shtml 22 Sep 2009 15:00 GMT New Bulletin IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability http://circ.jc3.doe.gov/bulletins/t-235.shtml 21 Sep 2009 15:00 GMT New Bulletin Linux Kernel 'perf_counter_open()' Local Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-234.shtml 18 Sep 2009 15:00 GMT New Bulletin Wireshark 1.2.1 Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-233.shtml 17 Sep 2009 13:00 GMT New Bulletin VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-232.shtml 16 Sep 2009 15:00 GMT New Bulletin HP StorageWorks Remote Management Interface Vulnerability http://circ.jc3.doe.gov/bulletins/t-231.shtml 15 Sep 2009 14:00 GMT New Bulletin Solaris Heap Overflow Vulnerability in w(1) Utility http://circ.jc3.doe.gov/bulletins/t-230.shtml 14 Sep 2009 14:00 GMT New Bulletin Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-229.shtml 11 Sep 2009 16:00 GMT New Bulletin Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-228.shtml 10 Sep 2009 14:00 GMT New Bulletin Microsoft Patch Tuesday Reminder http://circ.jc3.doe.gov/bulletins/t-227.shtml 9 Sep 2009 15:00 GMT New Bulletin Debian devscripts 'uscan' Input Validation Vulnerability http://circ.jc3.doe.gov/bulletins/t-226.shtml 8 Sep 2009 14:00 GMT New Bulletin Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-225.shtml 4 Sep 2009 14:00 GMT New Bulletin OpenOffice Word Document Table Parsing Multiple Heap Based Buffer Overflow Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-224.shtml 3 Sep 2009 13:00 GMT New Bulletin Autonomy KeyView Module Excel Document Processing Buffer Overflow http://circ.jc3.doe.gov/bulletins/t-223.shtml 2 Sep 2009 14:00 GMT New Bulletin Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-222.shtml 1 Sep 2009 14:00 GMT New Bulletin Multiple Browser HTTP Resource in HTTPS Context Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-221.shtml 31 Aug 2009 15:00 GMT New Bulletin Sun Java System Access Manager Debug Files Local Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-220.shtml 28 Aug 2009 13:00 GMT New Bulletin Sun Virtual Desktop Infrastructure (VDI) Secure LDAP Vulnerability http://circ.jc3.doe.gov/bulletins/t-219.shtml 27 Aug 2009 14:00 GMT New Bulletin Cisco Lightweight Access Point Over-the-Air Provisioning Manipulation Vulnerability http://circ.jc3.doe.gov/bulletins/t-218.shtml 26 Aug 2009 14:00 GMT New Bulletin Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-217.shtml 25 Aug 2009 15:00 GMT New Bulletin Multiple Vulnerabilities With Adobe Flash Player, Adobe Reader and Acrobat http://circ.jc3.doe.gov/bulletins/t-216.shtml 24 Aug 2009 14:00 GMT New Bulletin Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability http://circ.jc3.doe.gov/bulletins/t-215.shtml 21 Aug 2009 14:00 GMT New Bulletin Solaris Kernel Filesystem and Virtual Memory Subsystems Vulnerability http://circ.jc3.doe.gov/bulletins/t-214.shtml 20 Aug 2009 13:00 GMT New Bulletin Cisco IOS XR Software Border Gateway Protocol Vulnerability http://circ.jc3.doe.gov/bulletins/t-213.shtml 19 Aug 2009 14:00 GMT New Bulletin Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability http://circ.jc3.doe.gov/bulletins/t-212.shtml 18 Aug 2009 13:00 GMT New Bulletin Memcached Multiple Heap Based Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-211.shtml 17 Aug 2009 13:00 GMT New Bulletin Mozilla Firefox 3.5.1/3.0.12 Multiple Memory Corruption Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-210.shtml 14 Aug 2009 12:00 GMT New Bulletin NTP 'ntpq' Stack Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-209.shtml 13 Aug 2009 12:00 GMT New Bulletin Apple has released Safari 4.0.3 for Windows and Mac OS X to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or spoof a website. http://circ.jc3.doe.gov/bulletins/t-208.shtml 12 Aug 2009 New Bulletin http://circ.jc3.doe.gov/bulletins/t-207.shtml 12 Aug 2009 00:00 GMT New Bulletin Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-206.shtml 10 Aug 2009 15:00 GMT New Bulletin Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-205.shtml 7 Aug 2009 12:00 GMT New Bulletin Apple Mac OS X 2009-003 Multiple Security Vulnerabilities. Apple Mac OS X Code Execution and Security Bypass Vulnerabilities. http://circ.jc3.doe.gov/bulletins/t-204.shtml 06 August 2009 New Bulletin Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability. Sun Java Runtime Environment (JRE) is prone to a privilege-escalation vulnerability. http://circ.jc3.doe.gov/bulletins/t-203.shtml 05 August 2009 New Bulletin Mozilla Firefox Error Page Address Bar URL Spoofing Vulnerability http://circ.jc3.doe.gov/bulletins/t-202.shtml 4 Aug 2009 12:00 GMT New Bulletin Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-201.shtml 3 Aug 2009 12:00 GMT New Bulletin Absolute Software Computrace LoJack for Laptops Security Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-200.shtml 31 July 2009 New Bulletin Mozilla Firefox NULL Character CA SSL Certificate Validation Security Bypass Vulnerability. Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. http://circ.jc3.doe.gov/bulletins/t-199.shtml 31 July 2009 New Bulletin Squid Multiple Remote Denial of Service Vulnerabilities. Squid proxy server contains multiple remote denial of service vulnerabilities. http://circ.jc3.doe.gov/bulletins/t-198.shtml 30 July 09 New Bulletin ISC BIND Denial of Service Vulnerability. ISC BIND has a vulnerability that could allow remote unauthenticated users to cause a denial of service. http://circ.jc3.doe.gov/bulletins/t-197.shtml 29 July 09 New Bulletin Critical Cumulative Security Update for Internet Explorer http://circ.jc3.doe.gov/bulletins/t-196.shtml 29 Jul 2009 13:00 GMT New Bulletin Remote Jail Breakout Vulnerability via Symlink Traversal in NcFTPd http://circ.jc3.doe.gov/bulletins/t-195.shtml 28 Jul 2009 12:00 GMT New Bulletin Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. http://circ.jc3.doe.gov/bulletins/t-194.shtml 27 July 2009 New Bulletin Sun Solaris Auditing Extended File Attributes (fsattr(5)) Local Denial Of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-193.shtml 24 Jul 2009 16:00 GMT New Bulletin Microsoft Office Web Components ActiveX Control 'msDataSourceObject' is vulnerable to Code Execution http://circ.jc3.doe.gov/bulletins/t-192.shtml 24 Jul 2009 13:00 GMT New Bulletin Vulnerability in Adobe Acrobat, Reader, and Flash Player http://circ.jc3.doe.gov/bulletins/t-191.shtml 23 Jul 2009 13:00 GMT New Bulletin Buffer Overflow in NASA Common Data Format (CDF) Library http://circ.jc3.doe.gov/bulletins/t-190.shtml 22 Jul 2009 12:00 GMT New Bulletin Directory Traversal Vulnerability in the Administration Interface in Cisco Customer Response Solutions http://circ.jc3.doe.gov/bulletins/t-189.shtml 21 Jul 2009 13:00 GMT New Bulletin Linked XSS Vulnerability found in Oracle BEA Weblogic Server http://circ.jc3.doe.gov/bulletins/t-188.shtml 20 Jul 2009 20:00 GMT New Bulletin Security Vulnerability in Solaris NFSv4 Kernel Module May Panic an NFSv4 Client System http://circ.jc3.doe.gov/bulletins/t-187.shtml 17 Jul 2009 18:00 GMT New Bulletin Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-186.shtml 17 Jul 2009 13:00 GMT New Bulletin Two Remote Code Execution Vulnerabilities in Firefox. Firefox has vulnerabilities in the Unicode Data and Tracemonkey components. Successful exploit of either could result in the attacker running code in the context of the logged in user. http://circ.jc3.doe.gov/bulletins/t-185.shtml 16 July 2009 New Bulletin Microsoft Monthly Updates. Microsoft has released updates that address vulnerabilities in, Microsoft Windows, Windows Server, DirectShow, Virtual PC and Server, Office Publisher, and ISA Server. http://circ.jc3.doe.gov/bulletins/t-184.shtml 15 July 2009 New Bulletin Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-183.shtml 14 Jul 2009 12:00 GMT New Bulletin Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability. Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. http://circ.jc3.doe.gov/bulletins/t-182.shtml 13 June 2009 New Bulletin Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Vulnerability http://circ.jc3.doe.gov/bulletins/t-181.shtml 10 Jul 2009 12:00 GMT New Bulletin Citrix XenCenterWeb Multiple Input Validation Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-180.shtml 09 July 2009 New Bulletin Ubuntu Linux TIFF Image Library Vulnerability http://circ.jc3.doe.gov/bulletins/t-179.shtml 8 Jul 2009 13:00 GMT New Bulletin Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption Vulnerability http://circ.jc3.doe.gov/bulletins/t-178.shtml 7 Jul 2009 13:00 GMT New Bulletin FCKeditor input sanitization errors http://circ.jc3.doe.gov/bulletins/t-177.shtml 6 Jul 2009 12:00 GMT New Bulletin Sun Kernel udp(7p) Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-176.shtml 6 Jul 2009 12:00 GMT New Bulletin Pidgin OSCAR Protocol Web Message Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-175.shtml 02 July 2009 New Bulletin MIT Kerberos fails to handle an error condition which allows for memory corruption. http://circ.jc3.doe.gov/bulletins/t-174.shtml 01 July 2009 New Bulletin phpMyAdmin 'db' Parameter Cross Site Scripting Vulnerability http://circ.jc3.doe.gov/bulletins/t-173.shtml 30 June 2009 New Bulletin Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability. The Linux kernel is vulnerable to a denial of service attack. http://circ.jc3.doe.gov/bulletins/t-172.shtml 29 June 2009 New Bulletin Samba Format String And Security Bypass Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-171.shtml 26 June 2009 New Bulletin Cisco Physical Access Gateway Malformed Packet Remote Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-170.shtml 25 June 2009 New Bulletin Adobe Shockwave Player Unspecified Security Vulnerability http://circ.jc3.doe.gov/bulletins/t-169.shtml 24 June 2009 New Bulletin IrfanView 'TIFF' File Handling Remote Integer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-168.shtml 23 June 2009 New Bulletin OpenSSL Multiple Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-167.shtml 22 June 2009 New Bulletin FreeBSD Direct Pipe Writes Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-166.shtml 19 June 2009 New Bulletin Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability. http://circ.jc3.doe.gov/bulletins/t-165.shtml 18 June 2009 New Bulletin Sun Java Runtime Environment Aqua Look and Feel Privilege Escalation Vulnerability. Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability. http://circ.jc3.doe.gov/bulletins/t-164.shtml 18 June 2009 New Bulletin Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability. Linux Kernel is vulnerable to security bypass via "NFS MAY_EXEC". http://circ.jc3.doe.gov/bulletins/t-163.shtml 17 June 2009 New Bulletin Drupal Views Module Multiple Security Bypass and HTML Injection Vulnerabilities. Drupal Views Module lets attackers bypass security and inject HTML and scripts into pages. http://circ.jc3.doe.gov/bulletins/t-162.shtml 16 June 2009 New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities. The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. http://circ.jc3.doe.gov/bulletins/t-161.shtml 15 June 2009 New Bulletin Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability. Remote exploitation of a stack buffer overflow vulnerability in Windows 2000 print spooler. http://circ.jc3.doe.gov/bulletins/t-160.shtml 12 June 2009 New Bulletin Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities. Adobe Reader and Acrobat are prone to multiple remote vulnerabilities. http://circ.jc3.doe.gov/bulletins/t-159.shtml 11 June 2009 New Bulletin HP OpenView Network Node Manager SNMP and MIB Unspecified Remote Code Execution Vulnerability. HP OpenView Network Node Manager (NNM) is prone to a remote code-execution vulnerability. http://circ.jc3.doe.gov/bulletins/t-158.shtml 10 June 2009 New Bulletin Apple Safari Prior to 4.0 Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-157.shtml 09 June 2009 New Bulletin GNOME Evolution S/MIME Email Signature Verification Vulnerability. GNOME Evolution contains a vulnerability that allows an attacker to change a signed S/MIME message without detection. http://circ.jc3.doe.gov/bulletins/t-156.shtml 08 June 2009 New Bulletin OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability. OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference condition. http://circ.jc3.doe.gov/bulletins/t-155.shtml 05 June 2009 New Bulletin Sun Solaris Kerberos Credential Management Security Bypass Vulnerability. Solaris Kerberos is prone to a security-bypass vulnerability that affects the Kerberos credential cache management. http://circ.jc3.doe.gov/bulletins/t-154.shtml 05 June 2009 New Bulletin Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness http://circ.jc3.doe.gov/bulletins/t-153.shtml 04 June 2009 New Bulletin Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-152.shtml 04 June 2009 New Bulletin Microsoft Windows Desktop Wall Paper System Parameter Local Denial Of Service Vulnerability. Microsoft Windows Desktop Wall Paper System contains a local denial of service vulnerability. http://circ.jc3.doe.gov/bulletins/t-151.shtml 03 June 2009 New Bulletin VMware Hosted products and ESX and ESXi security issues http://circ.jc3.doe.gov/bulletins/t-150.shtml 02 June 2009 New Bulletin Apache 'Options' and 'AllowOverride' Security Directives Vulnerability http://circ.jc3.doe.gov/bulletins/t-149.shtml 01 June 2009 New Bulletin Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-148.shtml 29 May 2009 New Bulletin OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability http://circ.jc3.doe.gov/bulletins/t-147.shtml 29 May 2009 New Bulletin BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities. BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities. http://circ.jc3.doe.gov/bulletins/t-146.shtml 28 May 2009 New Bulletin Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability http://circ.jc3.doe.gov/bulletins/t-145.shtml 28 May 2009 New Bulletin FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability. FreeBSD 'telnetd' Daemon allows remote code execution. http://circ.jc3.doe.gov/bulletins/t-144.shtml 27 May 2009 New Bulletin Pidgin Multiple Buffer Overflow Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-143.shtml 26 May 2009 New Bulletin Basic Analysis and Security Engine Cross-Site Scripting Vulnerability http://circ.jc3.doe.gov/bulletins/t-142.shtml 26 May 2009 New Bulletin Novell GroupWise Buffer Overflow and Cross Site Scripting Vulnerabilities Multiple vulnerabilities have been identified in Novell GroupWise, which could be exploited by remote attackers to bypass security restrictions, conduct phishing attacks, cause a denial of service or compromise a vulnerable system. http://circ.jc3.doe.gov/bulletins/t-141 22 May 2009 New Bulletin CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability http://circ.jc3.doe.gov/bulletins/t-140.shtml 21 May 2009 New Bulletin Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-139.shtml 20 May 2009 New Bulletin NTP 'ntpd' Autokey and ntpq Stack Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-138.shtml 19 May 2009 New Bulletin Microsoft IIS 6.0 WebDAV Remote Authentication Bypass http://circ.jc3.doe.gov/bulletins/t-137.shtml 18 May 2009 New Bulletin Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability. Apple Mac OS X is prone to an integer-overflow vulnerability when handling PICT image files. http://circ.jc3.doe.gov/bulletins/t-136.shtml 15 May 2009 New Bulletin Apple Mac OS X Help Viewer HTML Document Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-135.shtml 14 May 2009 New Bulletin Microsoft PowerPoint Notes Container Heap Memory Corruption Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-134.shtml 13 May 2009 New Bulletin Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability. Little CMS is prone to a remote denial-of-service vulnerability. http://circ.jc3.doe.gov/bulletins/t-133.shtml 12 May 2009 New Bulletin Multiple Trend Micro Products RAR/ZIP Files Scan Evasion Vulnerability. Multiple Trend Micro products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://circ.jc3.doe.gov/bulletins/t-132.shtml 12 May 2009 New Bulletin Multiple AVG Products RAR/ZIP Files Scan Evasion Vulnerability. Multiple AVG products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://circ.jc3.doe.gov/bulletins/t-131.shtml 12 May 2009 New Bulletin F-PROT Products CAB File Scan Evasion Vulnerability. Multiple F-Prot products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://circ.jc3.doe.gov/bulletins/t-130.shtml 12 May 2009 New Bulletin HP OpenView Network Node Manager 'ovalarmsrv.exe' Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-129.shtml 8 May 2009 New Bulletin Adobe Flash Media Server Unspecified RPC Call Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-128.shtml 08 May 2009 New Bulletin Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability. Multiple F-Secure products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://circ.jc3.doe.gov/bulletins/t-127.shtml 07 May 2009 New Bulletin Release Date: 2009-05-05 Last Updated: 2009-05-05 Potential Security Impact: Multiple remote vulnerabilities in Nagios Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Insight Control suite for Linux (ICE-LX) running Nagios. The vulnerabilities could be remotely exploited via cross-site request forgery (CSRF) and remote authentication bypass. http://circ.jc3.doe.gov/bulletins/t-126.shtml 06 May 2009 New Bulletin The Linux kernel is prone to a local privilege-escalation vulnerability via ptrace_attach(). Currently we are not aware of any working exploits. A fix is available in the GIT repository. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d84f4f992cbd76e8f39c488cf0c5d123843923b1 http://circ.jc3.doe.gov/bulletins/t-125.shtml 05 May 2009 Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability http://circ.jc3.doe.gov/bulletins/t-124.shtml 04 May 2009 New Bulletin A remote attacker can exploit a buffer overflow to gain apache privileges, or cause a denial of service. CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX contains multiple vulnerabilities in the Apache HTTP Server version as shipped with ARCserve Backup. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities. Refer to the References section for a list of resolved issues by CVE identifier. http://circ.jc3.doe.gov/bulletins/t-123.shtml 01 May 2009 New Bulletin http://circ.jc3.doe.gov/bulletins/t-122.shtml 30 Apr 09 This is a root compromise, privilege escalation exploit. A local attacker can exploit this issue to execute arbitrary code with superuser privileges. http://circ.jc3.doe.gov/bulletins/t-121.shtml 29 April 2009 New Bulletin Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-120.shtml 28 APR 2009 New Bulletin Symantec Brightmail Gateway Appliance Cross-site Scripting and Elevation of Privilege. Symantec Brightmail Gateway is prone to a remote privilege-escalation vulnerability. Remote authorized attackers who have access to the targeted host's local network can exploit this issue to gain elevated access. Successful exploits may compromise the affected computer and may aid in other attacks. http://circ.jc3.doe.gov/bulletins/t-119.shtml 28 April 2009 New Bulletin GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities. The GNOME glib library is prone to multiple integer-overflow vulnerabilities related to encoding and decoding Base64 data. http://circ.jc3.doe.gov/bulletins/t-118.shtml 27 April 2009 New Bulletin Sun Java System Delegated Administrator HTTP Response Splitting Vulnerability http://circ.jc3.doe.gov/bulletins/t-117.shtml 24 APR 2009 New Bulletin Symantec Norton Ghost 'EasySetupInt.dll' ActiveX Multiple Remote Denial of Service Vulnerabilities. This vulnerability can cause Denial of service via network. http://circ.jc3.doe.gov/bulletins/t-xxx.shtml 24 Apr 09 Multiple vulnerabilities in Firefox, Thunderbird and Seamonkey: Multiple newly disclosed vulnerabilities in Firefox, Thunderbird and Seamonkey could result in disclosure of information, crashing the application or the running of inserted javascript. One vulnerability results in memory corruption and could conceivably be used to run arbitrary code. http://circ.jc3.doe.gov/bulletins/t-115.shtml 23 Apr 09 New Bulletin Xpdf JBIG2 Processing Multiple Security Vulnerabilities. Failed exploit attempts will likely cause denial-of-service conditions. Currently we are not aware of any working exploits. Updates are available. Please see the references for more information. http://circ.jc3.doe.gov/bulletins/t-114.shtml 22 April 2009 udev Netlink Message Validation Local Privilege Escalation Vulnerability. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. http://circ.jc3.doe.gov/bulletins/t-113.shtml 21 April 2009 New Bulletin CUPS Integer Overflow in Processing TIFF Images Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-112.shtml 17 Apr 2009 New Bulletin Oracle April 2009 Critical Patch Update Multiple Vulnerabilities. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities. http://circ.jc3.doe.gov/bulletins/t-111.shtml 16 Apr 2009 16:00 GMT New Bulletin OpenBSD PF Remote Denial Of Service Vulnerability Exploiting this issue allows remote attackers to cause a kernel panic on affected computers, denying further service to legitimate users. OpenBSD 002_pf.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/002_pf.patch OpenBSD OpenBSD 4.4 OpenBSD 002_pf.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/002_pf.patch OpenBSD OpenBSD 4.5 OpenBSD 002_pf.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/002_pf.patch http://circ.jc3.doe.gov/bulletins/t-110.shtml 16 Apr 09 New Bulletin Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances. http://circ.jc3.doe.gov/bulletins/t-109.shtml 15 Mar 2009 New Bulletin Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). http://circ.jc3.doe.gov/bulletins/t-108.shtml 15 Mar 2009 New Bulletin Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. http://circ.jc3.doe.gov/bulletins/t-107.shtml 15 Mar 2009 New Bulletin Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) This security update resolves a privately reported and a publicly disclosed vulnerability. http://circ.jc3.doe.gov/bulletins/t-106.shtml 15 Mar 2009 New Bulletin Cumulative Security Update for Internet Explorer (963027) This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. http://circ.jc3.doe.gov/bulletins/t-105.shtml 15 Mar 2009 New Bulletin Vulnerabilities in Windows HTTP services could allow remote code execution http://circ.jc3.doe.gov/bulletins/t-104.shtml 15 Apr 2009 New Bulletin Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution. This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. http://circ.jc3.doe.gov/bulletins/t-103.shtml 15 Apr 09 New Bulletin Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-102.shtml 15 Apr 2009 New Bulletin Vmware Flaw in Multiple Products Allows Compromise of Host System. A local user can exploit a flaw in the virtual machine display function to execute arbitrary code on the target host system. http://circ.jc3.doe.gov/bulletins/t-101.shtml 14 April 2009 New Bulletin Tor Security Bypass And Privilege Escalation Weaknesses. Tor is prone to multiple weaknesses that may allow attackers to exploit other vulnerabilities that facilitate privilege-escalation and security-bypass attacks. http://circ.jc3.doe.gov/bulletins/t-100.shtml 13 April 2009 New Bulletin Linux Kernel CIFS Remote Buffer Overflow Vulnerability. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. http://circ.jc3.doe.gov/bulletins/t-099.shtml 10 April 2009 New Bulletin Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances. Cisco has announced multiple vulnerabilities in its ASA Adaptive Security Appliance and PIX Security Appliance. Most result in DoS, to allow an attacker to bypass VPN authentication or bypass ACL rules. http://circ.jc3.doe.gov/bulletins/t-098.shtml 09 April 2009 New Bulletin Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability ZDI-09-016: April 6th, 2009 CVE ID. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. A valid IPC$ connection must be established in order to exploit this vulnerability. http://circ.jc3.doe.gov/bulletins/t-097.shtml 06 April 2009 New Bulletin Clam AV 0.94 and below Rar Evasion Vulnerability. ClamAV AntiVirus is prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://circ.jc3.doe.gov/bulletins/t-096.shtml 07 April 2009 New Bulletin Microsoft Office PowerPoint code execution vulnerability. Unspecified vulnerability in MS Powerpoint could allow a remote attacker to execute arbitrary code on the system. http://circ.jc3.doe.gov/bulletins/t-095.shtml 06 April 2009 New Bulletin Wireshark could allow a remote attacker to execute arbitrary code on the system, caused by a format string vulnerability in the PN-DCP dissector. http://circ.jc3.doe.gov/bulletins/t-094.shtml 02 Apr 2009 New Bulletin Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities. Security Vulnerabilities in the Java Runtime Environment (JRE) LDAP Implementation may Allow a Denial of Service (DoS) and Malicious Code to be Executed Vulnerability affects LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier. http://circ.jc3.doe.gov/bulletins/t-093.shtml 01 Apr 2009 New Bulletin Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. http://circ.jc3.doe.gov/bulletins/t-092.shtml 31 March 2009 New Bulletin Conficker Worm Targets Microsoft Windows Systems. Public reports indicate a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067. http://circ.jc3.doe.gov/bulletins/t-091.shtml 30 Mar 2009 New Bulletin Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability. Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain HTTP requests. http://circ.jc3.doe.gov/bulletins/t-090.shtml 27 Mar 2009 New Bulletin pam-krb5 Local Privilege Escalation Vulnerability. pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. http://circ.jc3.doe.gov/bulletins/t-089.shtml 26 Mar 2009 New Bulletin HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability HP-UX is prone to a local privilege-escalation vulnerability affecting VERITAS File System (VRTSvxfs) and VERITAS Oracle Disk Manager (VRTSodm). http://circ.jc3.doe.gov/bulletins/t-088.shtml 25 Mar 2009 New Bulletin http://circ.jc3.doe.gov/bulletins/t-087.shtml 24 March 2009 New Bulletin Linux Kernel 'readlink' Local Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-086.shtml 23 March 2009 New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-085.shtml 20 March 2009 New Bulletin Tasklist Drupal Module Unspecified SQL Injection Vulnerability http://circ.jc3.doe.gov/bulletins/t-084.shtml 19 March 2009 New Bulletin Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-083.shtml 18 March 2009 New Bulletin Opera Web Browser HTML Parsing Heap-Based Remote Code Execution Vulnerability http://circ.jc3.doe.gov/bulletins/t-082.shtml 17 March 2009 New Bulletin The 'libpng' library is prone to multiple memory-corruption vulnerabilities because it fails to properly initialize data structures. http://circ.jc3.doe.gov/bulletins/t-081.shtml 16 Mar 2009 New Bulletin Hewlett-Packard WMI Mapper for HP Systems Insight Manager Unauthorized Access Vulnerabilities http://circ.jc3.doe.gov/bulletins/t-080.shtml 13 March 2009 New Bulletin Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability http://circ.jc3.doe.gov/bulletins/t-079.shtml 12 March 2009 New Bulletin Vulnerabilities in Windows Kernel Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-078.shtml 11 March 2009 New Bulletin A security vulnerability exists in the IBM Tivoli Storage Manager (TSM) HSM for Windows client. http://circ.jc3.doe.gov/bulletins/t-077.shtml 10 March 2009 New Bulletin OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability http://circ.jc3.doe.gov/bulletins/t-076.shtml 09 March 2009 New Bulletin VMware Server and Workstation are prone to an unauthorized-access vulnerability and multiple privilege-escalation and denial-of-service vulnerabilitie http://circ.jc3.doe.gov/bulletins/t-075.shtml 06 March 2009 New Bulletin XML Data Theft Via RDFXML DataSource and Cross-Domain Redirect http://circ.jc3.doe.gov/bulletins/t-074.shtml 05 March 2009 New Bulletin Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. http://circ.jc3.doe.gov/bulletins/t-073.shtml 04 March 2009 New Bulletin Adobe Flash Player Invalid Object Reference Bug Lets Remote Users Execute Arbitrary Code http://circ.jc3.doe.gov/bulletins/t-072.shtml 03 March 2009 New Bulletin A remotely exploitable vulnerability has been discovered in the iMonitor component of Novell eDirectory. http://circ.jc3.doe.gov/bulletins/t-071.shtml 02 Mar 2009 New Bulletin Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability http://circ.jc3.doe.gov/bulletins/t-070.shtml 27 Feb 2009 New Bulletin Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). http://circ.jc3.doe.gov/bulletins/t-069.shtml 26 Feb 2009 New Bulletin Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. http://circ.jc3.doe.gov/bulletins/t-068.shtml 25 Feb 2009 New Bulletin Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-067.shtml 24 Feb 2009 New Bulletin Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability http://circ.jc3.doe.gov/bulletins/t-066.shtml 23 Feb 2009 New Bulletin Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. http://circ.jc3.doe.gov/bulletins/t-065.shtml 20 Feb 2009 New Bulletin RIM BlackBerry Application Web Loader is prone to multiple stack-based buffer overflows. http://circ.jc3.doe.gov/bulletins/t-064.shtml 19 Feb 2009 New Bulletin Apple Mac OS X is prone to a buffer-overflow vulnerability that occurs in the SMB component. http://circ.jc3.doe.gov/bulletins/t-063.shtml 18 Feb 2009 New Bulletin Unspecified vulnerablility in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service. http://circ.jc3.doe.gov/bulletins/t-062.shtml 17 Feb 2009 New Bulletin pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability. pam-krb5 is prone to a local privilege-escalation vulnerability because of a failure to properly handle setuid processes. http://circ.jc3.doe.gov/bulletins/t-061.shtml 13 Feb 2009 New Bulletin Cumulative Security Update for Internet Explorer 7. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. http://circ.jc3.doe.gov/bulletins/t-060.shtml 12 Feb 2009 New Bulletin Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution http://circ.jc3.doe.gov/bulletins/t-059.shtml 11 Feb 2009 New Bulletin Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system. http://circ.jc3.doe.gov/bulletins/t-058.shtml 10 Feb 2009 New Bulletin A potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized access to files. http://circ.jc3.doe.gov/bulletins/t-057 09 Feb 2009 New Bulletin RealNetworks RealPlayer IVR File Parsing Multiple Vulnerabilities. RealPlayer 11 is affected; other versions may also be vulnerable. http://circ.jc3.doe.gov/bulletins/t-056 06 Feb 2009 New Bulletin Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. http://circ.jc3.doe.gov/bulletins/t-055.shtml 05 Feb 2009 New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities bypass same-origin restrictions. http://circ.jc3.doe.gov/bulletins/t-054.shtml 04 Feb 2009 New Bulletin Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server allows unauthorized disclosure of information, unauthorized modification, or a disruption of service. http://circ.jc3.doe.gov/bulletins/t-053.shtml 03 Feb 2009 New Bulletin A vulnerability in Sun Solaris could be exploited by attackers to conduct spoofing attacks. http://circ.jc3.doe.gov/bulletins/t-052.shtml.shtml 02 Feb 2009 New Bulletin A weakness in Sun Java System Access Manager can be exploited by remote unprivileged users to identify valid user accounts. http://circ.jc3.doe.gov/bulletins/t-051.shtml 30 Jan 2009 New Bulletin A vulnerability in Sun Solaris could cause a denial of service. http://circ.jc3.doe.gov/bulletins/t-050.shtml 29 Jan 2009 New Bulletin A vulnerability in Sun Solaris could be exploited by a remote attacker to cause a denial of service condition. http://circ.jc3.doe.gov/bulletins/t-049.shtml 28 Jan 2009 New Bulletin Vulnerabilities in various CA products could allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file. http://circ.jc3.doe.gov/bulletins/t-048.shtml 28 Jan 2009 New Bulletin A vulnerability in Sun Solaris could be exploited by a remote attacker to cause a Denial of Service. http://circ.jc3.doe.gov/bulletins/t-047.shtml 28 Jan 2009 New Bulletin Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. http://circ.jc3.doe.gov/bulletins/t-046.shtml 27 Jan 2009 New Bulletin Linux Kernel dell_rbu Denial of Service Security Issues Summary: Two security issues in the Linux Kernel could be exploited by malicious, local users to cause a DoS (Denial of Service). Versions 2.6.27.13 and 2.6.28.2 are available to address these issues. http://circ.jc3.doe.gov/bulletins/t-045 26 Jan 2009 4:45 PM New Bulletin Apple has published an advisory for an input validation error in the Quicktime MPEG-2 Playback Component for Windows. http://circ.jc3.doe.gov/bulletins/t-044.shtml 23 Jan 2009 New Bulletin Multiple vulnerabilities in Apple QuickTime 7.5 and prior could allow remote attackers to cause a Denial of Service http://circ.jc3.doe.gov/bulletins/t-043.shtml 22 Jan 2009 New Bulletin A local denial of service vulnerability has been discovered in the Linux kernel http://circ.jc3.doe.gov/bulletins/t-042.shtml 21 Jan 2009 New Bulletin A vulnerability in Symantec AppStream Client could allow malicious files to be downloaded and saved to arbitrary locations on an affected computer. http://circ.jc3.doe.gov/bulletins/t-041.shtml 20 Jan 2009 New Bulletin A vulnerability in certain Sun SPARC Enterprise servers could allow a remote attacker to gain root access on the target system. http://circ.jc3.doe.gov/bulletins/t-040.shtml 20 Jan 2009 New Bulletin A vulnerability and security issue in Sun Java System Access Manager could be exploited by an attacker to gain escalated privileges, or disclose sensitive information. http://circ.jc3.doe.gov/bulletins/t-039.shtml 16 Jan 2009 New Bulletin Certain Cisco Platforms contain a vulnerability when processing TCP traffic streams that may result in a reload of the device control card. http://circ.jc3.doe.gov/bulletins/t-038.shtml 15 Jan 2009 New Bulletin Oracle has released the January 2009 critical patch update. The update addresses 41 vulnerabilities. http://circ.jc3.doe.gov/bulletins/t-037.shtml 14 Jan 2009 New Bulletin This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. http://circ.jc3.doe.gov/bulletins/t-036.shtml 13 Jan 2009 New Bulletin A Microsoft RPC vulnerability was patched in an out-of-band release in October, but organizations slow to deploy the update are learning the hard way how fast various RPC worm variants can spread through corporate networks. http://circ.jc3.doe.gov/bulletins/t-035.shtml 13 Jan 2009 New Bulletin Athos has discovered a vulnerability in XOOPS, which can be exploited by malicious people to compromise a vulnerable system. http://circ.jc3.doe.gov/bulletins/t-034.shtml 09 Jan 2009 New Bulletin A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to conduct spoofing attacks. http://circ.jc3.doe.gov/bulletins/t-033.shtml 08 Jan 2009 New Bulletin New xterm packages fix regression, there was a design flaw http://circ.jc3.doe.gov/bulletins/t-032.shtml 07 Jan 2009 New Bulletin Ehsan_Hp200 has reported a vulnerablility in SolucionWeb, which can be exploited by malicious people to conduct SQL injection attacks. http://circ.jc3.doe.gov/bulletins/t-031.shtml 06 Jan 2009 New Bulletin The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443). http://circ.jc3.doe.gov/bulletins/t-030.shtml 05 Jan 2009 New Bulletin It was discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, no would it (under proper conditions) prevent two databases from using the same paths for data or index files. The risk is LOW. This permits an authenticated user with authoriziation to create tables in one database to read, write or delete data from tables subsequently created in other databases, regardless of other GRANT authorizations. http://www.ciac.org/bulletins/s-346.shtml 28 Jul 2008 19:00 GMT New Bulletin A vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. The risk is MEDIUM. The application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. http://www.ciac.org/bulletins/s-345.shtml 28 Jul 2008 19:00 GMT New Bulletin Multiple interger overflows to a heap overflow were discovered in the array- and string-handling code used by Ruby. The risk is MEDIUM. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. http://www.ciac.org/bulletins/s-344.shtml 28 Jul 2008 19:00 GMT New Bulletin Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitary code on a vulnerable system. The risk is MEDIUM. By convincing a user to visit a specially crafted web page with Apple Safari on Windows, an attacker mey be able to execute arbitrary code on a vulnerable system. http://www.ciac.org/bulletins/s-343.shtml 28 Jul 2008 19:00 GMT New Bulletin It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object. The risk is MEDIUM. http://www.ciac.org/bulletins/s-342.shtml 28 Jul 2008 19:00 GMT New Bulletin Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. The risk is HIGH. Successful exploitation of the vulnerability described in this document may result in invalid hostname-to-IP address mappings in the cache of an affected DNS server. This may lead of this DNS server to contact with wrong provider of network services. http://www.ciac.org/bulletins/s-341.shtml 28 Jul 2008 19:00 GMT New Bulletin A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to gain unauthorized access to data. The risk is LOW. The vulnerability could be exploited remotely to gain unauthorized access to data. http://www.ciac.org/bulletins/s-340.shtml 8 Jul 2008 19:00 GMT New Bulletin There is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. The risk is LOW. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run inthe security context of the user's OWA session and could perform any action that user could perform such as reading, sending, and deleting e-mail as the logged-on user. http://www.ciac.org/bulletins/s-339.shtml 8 Jul 2008 19:00 GMT New Bulletin The Apple Webkit contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. The risk is MEDIUM. A remote, unauthenticated attacker may be able to execute arbitrary code. http://www.ciac.org/bulletins/s-338.shtml 8 Jul 2008 18:00 GMT New Bulletin Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. The risk is MEDIUM. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. http://www.ciac.org/bulletins/s-337.shtml 8 Jul 2008 18:00 GMT New Bulletin It was discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. The risk is MEDIUM. May encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading the arbitrary code execution. http://www.ciac.org/bulletins/s-336.shtml 8 Jul 2008 18:00 GMT New Bulletin Cross-Site Scripting has become an increasingly prevalent attack vector that can be leveraged to perform a wide range of compromises. These compromises can range from simple popup displays within a user's browser to session and cookie capture that are used for information and identity theft. As these attacks become more mature, as well as obscure, it is imperative that we understand how they happen, how they propagate, and the ways to prevent them. By understanding the different vectors of attack and realizing and implementing simple security measures against them, we can better protect ourselves and our users now, and in the future. http://www.ciac.org/ciac/techbull/CIACTech08-003.shtml 3 Jun 2008 17:00 GMT New Bulletin Windows hash dumping tools are often spotlighted as hacker tools that can somehow magically extract windows hashes and allow an intruder access to a system. In actuality, the hashes are there, in memory, where any admin or system level user can get at them. The tools just grab them and print them out. This paper will describe how Windows hashes are created, how the hash dumpers get at them, and what can be done with the hashes. http://www.ciac.org/ciac/techbull/CIACTech08-002.shtml 21 May 2008 23:00 GMT New Bulletin Many websites use the PHP programming language to build web pages on the fly from individual files and from values obtained from a database. PHP based websites are widely used to create Wikis such as MediaWiki used for Wikipedia. If the PHP programs that generate the web pages are not carefully crafted to check user input before it is used, an intruder could inject code into a page and get it executed. http://www.ciac.org/ciac/techbull/CIACTech08-001.shtml 29 Jan 2008 18:00 GMT New Bulletin A common cyber attack is to send a user an Office document (Word, Excel, PowerPoint) containing malicious code that infects the user's computer and proceeds to do the miscreant's bidding. Targeting of users has gotten so sophisticated that advice such as "don't open files from people you don't know" is no longer effective. MOICE, the Microsoft Office Isolated Conversion Environment opens Office documents before the Office application, converts it to a format that does not "support" malcode and then invokes the application with the newly cleaned document. Properly implemented, this could mitigate attacks using email-borne Office malcode. http://www.ciac.org/ciac/techbull/CIACTech07-001.shtml 22 May 2007 23:00 GMT New Revised Bulletin SQL injection is a real threat that is being used to exploit company systems and data. This threat can be reduced by a combination of good programming practice, application firewalls, and scanning. http://www.ciac.org/ciac/techbull/CIACTech06-001.shtml 6 Sep 2006 21:00 GMT 28 Apr 2008 21:00 GMT Revised Bulletin Many sites have detected large numbers of udp packets directed at the DNS port (53). These packets contain a lot of structure and there is concern that they are exploit or remote control packets. It turns out that they are discovery packets being sent to random IP addresses by the Sinit Calypso worm. They are invalid DNS packets and should be ignored by DNS servers. http://www.ciac.org/ciac/techbull/CIACTech05-001.shtml 15 Nov 2004 20:00 GMT Before systems containing the MyDoom.A worm can be cleaned, they must be detected. As running a scanner on each system can be difficult and time consuming, a method of remote scanning for infected machines is needed. http://www.ciac.org/ciac/techbull/CIACTech04-001.shtml 30 Jan 2004 23:00 GMT New Bulletin A spam engine has been released that uses the Windows Messenger Service (not the MSN Messenger instant messaging program) to send spam messages to users. The Messenger service is active on most Windows platforms. http://www.ciac.org/ciac/techbull/CIACTech03-001.shtml 29 Oct 2002 24:00 GMT New Bulletin Several online articles have worried the problem of file capture using Microsoft Word field codes. The articles have gone so far as suggesting that Word be banned from company computers until this is changed. These articles have created undue worry among computer users about what is a relatively low risk vulnerability. http://www.ciac.org/ciac/techbull/CIACTech02-005.shtml 27 Sep 2002 24:00 GMT New Bulletin Programs are being intentionally packaged with legitimate software to display advertising on your screen, gather information on your browsing habits, and to sell your unused CPU cycles and disk space. Current applications are relatively benign but could easily be used for an invasion of privacy or other malicious purposes. http://www.ciac.org/ciac/techbull/CIACTech02-004.shtml 11 Nov 2002 23:00 GMT New Bulletin Microsoft Office for Macintosh OS X has an antipiracy mechanism that secretly opens network service ports on a Macintosh system and broadcasts version information to other systems on a single subnet. The problem is that open network services provide attack points for intruders and need to be controlled by users. http://www.ciac.org/ciac/techbull/CIACTech02-003.shtml 26 Apr 2002 00:00 GMT New Bulletin Browser Helper Objects (BHO) are Microsoft's way of attaching add-ins to Internet Explorer 4 and later. In addition to legitimate uses, BHOs are used to attach spyware to a user's web browser to secretly send a user's browsing habits to a marketing site and could be used for malicious code. The problems are that there is no simple way to know what BHOs are attached to a system and no simple way to control the attachment of new ones. http://www.ciac.org/ciac/techbull/CIACTech02-002.shtml 2 Apr 2002 23:00 GMT New Bulletin In recent months, many servers running ssh have been compromised using the SSH CRC32 Compensation Attack Detector. Compromised machines have either not been upgraded to SSH protocol 2 or have not disabled drop back to SSH protocol 1. Use of this attack allows a remote user to gain root access on a server. http://www.ciac.org/ciac/techbull/CIACTech02-001.shtml 9 May 2002 19:00 GMT New Bulletin A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS). The risk is MEDIUM. The vulnerability could be exploited remotely execute arbitrary code or to create a Denial of Service (DoS). http://www.ciac.org/bulletins/s-317.shtml 19 Jun 2008 16:00 GMT 8 Jul 2008 16:00 GMT Revised Bulletin A buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code. The risk is MEDIUM. Could lead to denial of service and potentially the execution of arbitrary code. http://www.ciac.org/bulletins/s-164.shtml 11 Feb 2008 18:00 GMT 27 Jun 2008 18:00 GMT Revised Bulletin A remote code execution vulnerability exists in Microsoft XML Core Services that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-onuser. The risk is MEDIUM. If the user is logged on with administrative user rights, an attacker could take complete control of the affected system. http://www.ciac.org/bulletins/r-316.shtml 14 Aug 2007 18:00 GMT 27 Jun 2008 18:00 GMT Revised Bulletin A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba). The risk is MEDIUM. This vulnerability could be exploited remotely to execute arbitrary code. http://www.ciac.org/bulletins/s-232.shtml 27 Mar 2008 14:00 GMT 27 Jun 2008 14:00 GMT Revised Bulletin A remote code execution vulnerability exists in the Bluetooth stack in Microsoft Windows because the Bluetooth stack does not correctly handle a large nubmer of service description requests. The risk is MEDIUM. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulenrability could take complete contorl of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. http://www.ciac.org/bulletins/s-314.shtml 12 Jun 2008 14:00 GMT 27 Jun 2008 14:00 GMT Revised Bulletin PHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code. The risk is MEDIUM. An attacker may be able to execute arbitrary code in the context of an application that uses the vulnerable function. The scope of the impact depends on how the affected application works. Applications that process filename input from the network, such as public-facing web applications, would be vulnerable to a remote attacker. http://www.ciac.org/bulletins/s-286.shtml 9 May 2008 15:00 GMT 27 Jun 2008 15:00 GMT Revised Bulletin A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. The risk is MEDIUM. A malicious Samba server could run arbitrary code on a Samba client as the Samba client user. Alternately, a malicious client could run arbitrary code on a Samba server with the permissions of the Samba server. http://www.ciac.org/bulletins/s-301.shtml 30 May 2008 12:00 GMT 27 Jun 2008 12:00 GMT Revised Bulletin A remote code execution exists in Outlook. The risk is MEDIUM. The vulnerability could allow remote code execution if Outlook is passed a specially crafted malito URI. http://www.ciac.org/bulletins/s-226.shtml 14 Mar 2008 17:00 GMT 5 Jun 2008 17:00 GMT Revised Bulletin A remote code execution vulnerability exists in the way Microsoft Publisher validates object header data. An attacker could exploit the vulnerability by sending a specially crafted Publisher file which could be an e-mail attachment, or hosted on a specially crafted or compromised Web site. The risk is MEDIUM. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. http://www.ciac.org/bulletins/s-289.shtml 13 May 2008 20:00 GMT 5 Jun 2008 19:00 GMT Revised Bulletin A buffer overfun vulnerability exists in the Microsoft Jet Database Engine (JET) that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by creating a specially crafted database query and sending it through an application that is using Jet on an affected system. The risk is MEDIUM. An attacker who successfully exploited this vulnerability could take complete control of an affected system. http://www.ciac.org/bulletins/s-290.shtml 13 May 2008 19:00 GMT 5 Jun 2008 19:00 GMT Revised Bulletin Several flaws werer reported in the way libvorbis processed audio data. The risk is MEDIUM. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. http://www.ciac.org/bulletins/s-294.shtml 15 May 2008 20:00 GMT 5 Jun 2008 20:00 GMT Revised Bulletin Remote code vulnerabilities exist in the way Excel: 1) processes data validation records when loading Excel files into memory; 2) handles data when importing files into Excel; 3) Style record data when opening Excel files; 4) handles malformed formulas; 5) handles rich text values when loading application data into memory; 6) handles conditional formatting values; and 7) handles macros when opening specially crafted Excel files. The risk is MEDIUM. An attacker could exploit the vulnerabilities by sending malformed files which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. http://www.ciac.org/bulletins/s-227.shtml 14 Mar 2008 17:00 GMT 5 Jun 2008 17:00 GMT Revised Bulletin The Speex library was found to not properly validate input values read from the Speex files headers, which could allow arbitrary code execution. The risk is MEDIUM. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. http://www.ciac.org/bulletins/s-272.shtml 25 Apr 2008 12:00 GMT 29 May 2008 12:00 GMT Revised Bulletin The libxslt library did not properly process long "transformation match" conditions in the XSL stylesheet files. The risk is MEDIUM. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the application using libxslt library to perform XSL transformations. http://www.ciac.org/bulletins/s-297.shtml 22 May 2008 13:00 GMT 29 May 2008 13:00 GMT Revised Bulletin Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. The risk is MEDIUM. Could result in denial of service and potentially the execution of arbitary code. http://www.ciac.org/bulletins/s-163.shtml 11 Feb 2008 18:00 GMT 20 May 2008 18:00 GMT Revised Bulletin A remote code execution vulnerability exists in the way that Microsoft Word handle specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed CSS value. The risk is MEDIUM. An attacker who successfully exploited this vulnerability could take complete control of an attected system. http://www.ciac.org/bulletins/s-288.shtml 13 May 2008 19:00 GMT 20 May 2008 19:00 GMT Revised Bulletin Remote code execution vulnerabilities exist in the way Microsoft Office Web Components manages memory resources. The risk is MEDIUM. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allos remote code execution. http://www.ciac.org/bulletins/s-224.shtml 14 Mar 2008 17:00 GMT 15 May 2008 17:00 GMT Revised Bulletin There are several security issues in PCRE library which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions. The risk is LOW. Could potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions. http://www.ciac.org/bulletins/s-037.shtml 7 Nov 2007 15:00 GMT 8 May 2008 15:00 GMT Revised Bulletin A remote code execution vulnerability exists in .NET Framework that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. The risk is HIGH. A remote code execution vulnerability exists in .NET Framework that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. http://www.ciac.org/bulletins/r-295.shtml 10 Jul 2007 20:00 GMT 8 May 2008 20:00 GMT Revised Bulletin There is a flaw in the way kpdf displayed malformed fonts embedded in PDF files which could potentially execute arbitrary code. The risk is MEDIUM. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially, execute arbitrary code when opened. http://www.ciac.org/bulletins/s-269.shtml 25 Apr 2008 11:00 GMT 8 May 2008 11:00 GMT Revised Bulletin Potential security vulnerabilities have been identified with HP-UX running WBEM Services that could remotely execute arbitrary code or gain extended privileges. The risk is MEDIUM. These vulnerabilities could be exploited remotely to execute arbitrary code or to gain extended privileges. http://www.ciac.org/bulletins/s-282.shtml 1 May 2008 15:00 GMT 7 May 2008 15:00 GMT Revised Bulletin Several vulnerabilities have been discovered in GNU Tar. The risk is MEDIUM. May lead to arbitrary code execution when processing maliciously crafted archives. http://www.ciac.org/bulletins/s-100.shtml 3 Jan 2008 22:00 GMT 7 May 2008 22:00 GMT Revised Bulletin There are several vulnerabilities in PHP. The risk is MEDIUM. Could possibly execute arbitrary code as the apache user. http://www.ciac.org/bulletins/r-355.shtml 20 Sep 2007 20:00 GMT 07 May 2008 18:00 GMT Revised Bulletin A flaw was found in the processing of malformed JavaScript content which could lead to the execution of arbitrary code. The risk is MEDIUM. A web page containing such maliciuos content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. http://www.ciac.org/bulletins/s-270.shtml 25 Apr 2008 11:00 GMT 2 May 2008 11:00 GMT Revised Bulletin There are remote code execution vulnerabilities that exist in the way Microsoft Office handles specially crafted Excel files and processes malformed Office files. The risk is MEDIUM. An attacker could exploit the vulnerability by creating a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. http://www.ciac.org/bulletins/s-225.shtml 14 Mar 2008 17:00 GMT 1 May 2008 17:00 GMT Revised Bulletin A remote code execution vulnerability exists in the way Microsoft Office handles a specially crafted drawing object. The risk is MEDIUM. Code runs in the context of the user. http://www.ciac.org/bulletins/r-232.shtml 9 May 2007 12:00 GMT 1 May 2008 12:00 GMT Revised Bulletin Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets. The risk is LOW. Successful exploitation of these vulnerabilities may result in the reload of the device or memory leaks, leading to a DoS condition. http://www.ciac.org/bulletins/s-241.shtml 27 Mar 2008 19:00 GMT 28 Apr 2008 19:00 GMT Revised Bulletin Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. The risk is MEDIUM. Could lead to the potential execution of arbitrary code. http://www.ciac.org/bulletins/s-092.shtml 21 Dec 2007 21:00 GMT 28 Apr 2008 21:00 GMT Revised Bulletin A remote code execution vulnerability exists in Internet Explorer because of the way that it processes data streams. An attacker could exploit the vulnerability by constructing a specially crafted Web page. The risk is MEDIUM. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. http://www.ciac.org/bulletins/s-257.shtml 9 Apr 2008 20:00 GMT 24 Apr 2008 20:00 GMT Revised Bulletin Several remote code execution vulnerabilities exists in the way Microsoft Visio validates: 1) object header data in specially crafted file; and 2) memory allocations when loading specially-crafted .DXF files from disk into memory. The risk is MEDIUM. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. http://www.ciac.org/bulletins/s-252.shtml 9 Apr 2008 19:00 GMT 24 Apr 2008 19:00 GMT Revised Bulletin