Latest JC3 Bulletins

You are here

September 9, 2013
V-237: TYPO3 Security Bypass Vulnerabilities

TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be...

September 6, 2013
V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability

A vulnerability has been reported in the CentralAuth extension for MediaWik that allows people to bypass certain security restrictions

September 5, 2013
V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously

A vulnerability was reported in Cisco Mobility Services Engine where a remote user can login anonymously.

September 4, 2013
V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue

This fixes multiple vulnerabilities, which can be exploited to bypass certain security restrictions and to conduct spoofing attacks

September 3, 2013
V-233: Red Hat update for JBoss Fuse

This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS.

August 31, 2013
V-232: Cisco ASA Software TFTP Protocol Inspection Denial of Service Vulnerability

A vulnerability has been reported in Cisco ASA Software

August 30, 2013
V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users

A vulnerability was reported in Cisco Identity Services Engine.

August 29, 2013
V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities have been reported in IBM TRIRIGA Application Platform

August 28, 2013
V-229: IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks

IBM Lotus iNotes 8.5.x contains four cross-site scripting vulnerabilities

August 27, 2013
V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code

A remote user can cause arbitrary code to be executed on the target user's system

August 26, 2013
V-227: VMware Workstation and Player vmware-mount Command Flaw Lets Local Users Gain Root Privileges

VMware Workstation and Player contain a vulnerability in the handling of the vmware-mount command

August 24, 2013
V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability

A vulnerability has been reported in HP StoreOnce D2D Backup Systems.

August 23, 2013
V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service

A vulnerability was reported in McAfee Email Gateway.

August 22, 2013
V-224: Google Chrome Multiple Vulnerabilities

Multiple vulnerabilities have been reported in Google Chrome.

August 21, 2013
V-223: RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts

A remote user can make unlimited login attempts

August 20, 2013
V-222: SUSE update for Filezilla

This vulnerability can be exploited by malicious people to potentially compromise a user's system

August 19, 2013
V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities

This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

August 17, 2013
V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands

A vulnerability was reported in Juniper Security Threat Response Manager (STRM)

August 16, 2013
V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability

Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.

August 15, 2013
V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access

This security update resolves a vulnerability in the HP Service Manager which allows people to have access to unauthorized information

August 14, 2013
V-217: Microsoft Windows NAT Driver ICMP Packet Handling Denial of Service Vulnerability

This security update resolves a vulnerability in the Windows NAT Driver in Microsoft Windows

August 12, 2013
V-216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities

The vulnerabilities can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks

August 9, 2013
V-215: NetworkMiner Directory Traversal and Insecure Library Loading Vulnerabilities

The vulnerabilities are reported in versions 1.4.1 and prior

August 8, 2013
V-214: Mozilla Firefox Multiple Vulnerabilities

The vulnerabilities are reported in versions prior to 23.0.

August 7, 2013
V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities

The vulnerabilities can be exploited by malicious people to potentially compromise a user's system.