06.01.2010 - Current Activity

View Current Activity Feed

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

May 27Cisco Network Building Manager Vulnerabilities
May 26Google Releases Chrome 5.0.375.55
May 19Apple Releases Updates for Java Mac OS X 10.5 and 10.6
May 13Cisco Releases Updates for PGW Softswitch
May 12Adobe Releases Update for Shockwave Player
May 11Microsoft Releases May Security Bulletin
May 10Apple Safari Vulnerability
May 7Microsoft Releases Advance Notification for May Security Bulletin
May 5Foxit Releases Foxit Reader 3.3
April 30Opera Software Releases Opera 10.53


Cisco Network Building Manager Vulnerabilities

added May 27, 2010 at 07:57 am

Cisco has released a security advisory to address multiple vulnerabilities in Network Building Manager. The advisory indicates that the legacy Richards-Zeta Mediator products are also affected by these vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to operate with escalated privileges or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100526-mediator and apply any necessary updates to help mitigate the risks.


Google Releases Chrome 5.0.375.55

added May 26, 2010 at 08:16 am

Google has released Chrome 5.0.375.55 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to bypass security restrictions, execute script in an unsafe context, or mislead users.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 5.0.375.55 to help mitigate the risks.


Apple Releases Updates for Java Mac OS X 10.5 and 10.6

added May 19, 2010 at 08:56 am

Apple has released Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple Article HT4170 and HT4171 and apply any necessary updates to help mitigate the risks.


Cisco Releases Updates for PGW Softswitch

added May 13, 2010 at 08:18 am

Cisco has released updates to address multiple vulnerabilities in Cisco PGW Softswitch. These vulnerabilities may allow an attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100512-pgw and apply any necessary updates to help mitigate the risks.


Adobe Releases Update for Shockwave Player

added May 12, 2010 at 07:51 am

Adobe has released a security update to address multiple vulnerabilities in Adobe Shockwave Player 11.5.6.606 and earlier versions for both Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-12 and update to Adobe Shockwave Player 11.5.7.609 to help mitigate the risks.


Microsoft Releases May Security Bulletin

added May 11, 2010 at 01:29 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Visual Basic for Applications as part of the Microsoft Security Bulletin Summary for May 2010. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.


Apple Safari Vulnerability

added May 10, 2010 at 10:57 am

US-CERT is aware of a vulnerability affecting Apple Safari. By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available.

US-CERT encourages users and administrators to disable JavaScript as detailed in the Securing Your Web Browser document until a fix is provided by the vendor. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.


Microsoft Releases Advance Notification for May Security Bulletin

added May 7, 2010 at 08:38 am

Microsoft has issued a Security Bulletin Advance Notification, indicating that its May release cycle will contain two bulletins. Both of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Office, and Visual Basic for Applications. Release of these bulletins is scheduled for Tuesday, May 11, 2010.

US-CERT will provide additional information as it becomes available.


Foxit Releases Foxit Reader 3.3

added May 5, 2010 at 08:40 am

The Foxit Corporation has released Foxit Reader 3.3 for Windows. This release of Foxit Reader contains a component called Trust Manager. Foxit Reader release notes indicate that the Trust Manager enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachments PDF action, and JavaScript. This addresses the vulnerability in the PDF specification /Launch function.

US-CERT encourages users and administrators to review the Foxit Reader 3.3 release notes and upgrade to Foxit Reader 3.3 to help mitigate the risks associated with the PDF specification /Launch function vulnerability. Additional information regarding the /Launch function vulnerability can be found in the Vulnerability Notes Database.


Opera Software Releases Opera 10.53

added April 30, 2010 at 02:14 pm

Opera Software has released Opera 10.53 to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Opera Software security advisory related to this vulnerability and upgrade to Opera 10.53 to help mitigate the risks.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Technical Documents