WatchMouse website monitoring service - Nieuws over beveiliging en zwakke punten van websites

WatchMouse houdt het meest recente nieuws op het gebied van beveiliging en kwetsbaarheden in de gaten. Kijk hier regelmatig even voor updates of vul het formulier aan de rechterkant in om ons beveiligingsnieuws via e-mail te ontvangen.

Bekijk hier een volledige lijst met de meest recente kwetsbaarheden.

Apple Releases Safari 4.0.5	12 mrt 2010
Apple has released Safari 4.0.5 to address multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or bypass security restrictions. US-CERT encourages users and administrators to review Apple article HT4070 and upgrade to Safari 4.0.5 to help mitigate the risks.
US-CERT

Cisco Unified Communications Manager SCCP (CVE-2010-0588) Denial of Service Vulnerability	12 mrt 2010
Cisco Unified Communications Manager is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an interruption in voice services, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCtc47823.
Securityfocus.com

RETIRED: Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities	12 mrt 2010
Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-03-11-1. These issues affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP and Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability
Securityfocus.com

Cisco Unified Communications Manager SCCP (CVE-2010-0587) Denial of Service Vulnerability	12 mrt 2010
Cisco Unified Communications Manager is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an interruption in voice services, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCtc38985.
Securityfocus.com

Ipswitch WS_FTP Professional HTTP Server Response Format String Vulnerability	12 mrt 2010
Ipswitch WS_FTP Professional client is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. WS_FTP Professional 12 is vulnerable; other versions may also be affected.
Securityfocus.com

Zie ook

Nieuwsbrieven