Posts Tagged ‘Critical vulnerabilities’

7-year-old critical vulnerability in the hypervisor Xen

Posted: October 30, 2015 in IT Security News
Tags: ,
0

Vulnerabilities 2014Critical vulnerability in the Xen hypervisor

The critical elevation privilege vulnerability has been corrected in the hypervisor Xen. This gap allows to gain control over the host server. Seven years this problem is present in the Xen code base.

The developers of the Xen hypervisor released nine security patches, eliminating multiple vulnerabilities in the server software. One of the flaws could allow an attacker to gain control over the host server. We are talking about the vulnerability CVE-2015-7835 (XSA-148), by which the paravirtualization guest can manage memory OS of the host and other virtual machines. The problem was discovered by engineers Alibaba, which recently joined the development of Xen. (more…)

Adobe has corrected a dangerous gap in the Shockwave Player

Posted: October 28, 2015 in IT Security News
Tags: ,
0

Shockwave Player critical vulnerabilityA critical vulnerability in the popular Shockwave Player

The vulnerability allows a remote attacker to compromise an affected system.

Yesterday, October 27, Adobe has released a security bulletin APSB15-26, which was fixed a dangerous vulnerability in the product Shockwave Player. The flaw could allow an attacker to execute arbitrary code on the target system. (more…)

Critical vulnerabilities in the monitoring system Centreon

Posted: October 18, 2014 in Vulnerabilities
Tags: ,
0

SQL InjectionSQL Injection / Command Injection in Centreon and Centreon Enterprise Server

Critical vulnerabilities has been identified in all versions of the free system monitoring Centreon, issued since 2008 (Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2 | 3.0). These vulnerabilities can be exploited by anonymous users without passing authentication. Update with security fixes until released.

Danger level: High
Availability of corrections: No
Quantity of vulnerabilities: 2 (more…)

Highly critical vulnerabilities in Mozilla Firefox and Thunderbird – October 17, 2014

Posted: October 17, 2014 in Vulnerabilities
Tags: , ,
0

Vulnerabilities in Mozilla Firefox and ThunderbirdMultiple vulnerabilities in Mozilla Firefox, Firefox ESR and Thunderbird

The remote user can bypass certain security restrictions, gain access to sensitive information and compromise a vulnerable system.

Danger level: High
Availability of corrections: Yes
Quantity of vulnerabilities: 10

CVSSv2 Rating:

(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:P/I:C/A:N/E:U/RL:W/RC:C) = Base:7.8/Temporal:6.3
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:P/I:C/A:N/E:U/RL:W/RC:C) = Base:7.8/Temporal:6.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:W/RC:C) = Base:4.3/Temporal:3.5
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:P/I:C/A:N/E:U/RL:W/RC:C) = Base:7.8/Temporal:6.3 (more…)

Microsoft released scheduled security updates for its products

Posted: October 15, 2014 in IT Security News
Tags: , ,
0
Microsoft

Microsoft Security Bulletin

Eight security bulletins contain patches for 24 vulnerabilities, including three critical.

On the Tuesday, October 14, Microsoft has released scheduled security updates, for its products. Unlike the past couple of releases, this release is complete, correcting just three zero-day vulnerabilities.

Eight security bulletins contain patches for 24 flaws in Windows, Internet Explorer, Office and .Net framework. Three of them are critical, so administrators need to test and install the update immediately. Note that one bulletin fixes several vulnerabilities. (more…)

Critical vulnerabilities in PostgreSQL, BIND, Linux kernel and Asterisk

Posted: March 29, 2013 in Vulnerability News
Tags: , , , ,
0
Critical vulnerabilities

Critical vulnerabilities

Published a notice of detected critical vulnerability in the database PostgreSQL.

No details and data on the nature of the problem is not reported prior to release official updates that are scheduled for April 4. Apparently the vulnerability is very dangerous, because the first time in the history of the project repository access will be limited, and the updates will be prepared and tested for release in high secrecy in private committers to avoid premature leak. PostgreSQL users should prepare for the April 4 unplanned upgrade their systems. Issue affects all supported editions of PostgreSQL. (more…)