Page 8 of 31 FirstFirst ... 45678910111218 ... LastLast
Results 71 to 80 of 306

Thread: Alerts

  1. #71
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple OS X 10.8.4 - Safari v6.0.5 released

    FYI...

    Apple OS X 10.8.4 - Security Update 2013-002
    - http://www.securitytracker.com/id/1028625
    CVE Reference: CVE-2013-0982, CVE-2013-0983, CVE-2013-0984, CVE-2013-0985, CVE-2013-0975, CVE-2013-0990, CVE-2013-1024
    Jun 5 2013
    Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 10.8.x prior to 10.8.4; 10.6.x, 10.7.x ...
    Solution: The vendor has issued a fix (10.8.4; Security Update 2013-002).
    Vendor URL: http://support.apple.com/kb/HT5784

    - http://prod.lists.apple.com/archives.../msg00000.html

    - https://secunia.com/advisories/53684/
    Release Date: 2013-06-05
    Criticality level: Highly critical
    Impact: Cross Site Scripting, Exposure of sensitive information, Security Bypass, DoS, System access
    Where: From remote...

    - http://h-online.com/-1883007
    5 June 2013

    - https://support.apple.com/kb/HT1222
    ___

    Safari v6.0.5 released
    - http://www.securitytracker.com/id/1028627
    CVE Reference: CVE-2013-0926, CVE-2013-1009, CVE-2013-1012, CVE-2013-1013, CVE-2013-1023
    Jun 5 2013
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 6.0.5
    Solution: The vendor has issued a fix (6.0.5).
    Vendor URL: http://support.apple.com/kb/HT5785

    - http://prod.lists.apple.com/archives.../msg00001.html

    - https://secunia.com/advisories/53711/
    Release Date: 2013-06-05
    Criticality level: Highly critical
    Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
    Where: From remote...
    ___

    - https://isc.sans.edu/diary.html?storyid=15929
    Last Updated: 2013-06-05 02:43:44 UTC

    Last edited by AplusWebMaster; 2013-06-05 at 14:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #72
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress v3.5.2 released

    FYI...

    WordPress v3.5.2 released
    - https://wordpress.org/download/
    June 21, 2013 - "The latest stable release of WordPress (Version 3.5.2) is available..."

    - https://wordpress.org/news/
    June 21, 2013 - "... This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening... Download WordPress 3.5.2 or update now from the Dashboard..."
    - https://wordpress.org/news/2013/06/wordpress-3-5-2/

    Release notes
    - https://codex.wordpress.org/Version_3.5.2
    CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205

    "WordPress Plugin" search results ...
    - https://secunia.com/advisories/searc...rdPress+Plugin
    Found -606- Secunia Security Advisories ...
    June 21, 2013
    ___

    - http://www.securitytracker.com/id/1028700
    CVE Reference: CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
    Jun 25 2013
    Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 3.5.2 ...

    - http://h-online.com/-1895188
    24 June 2013

    Last edited by AplusWebMaster; 2013-06-26 at 00:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #73
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird v17.0.7 released

    FYI...

    Thunderbird v17.0.7 released
    - https://www.mozilla.org/en-US/thunde...7/releasenotes
    June 25, 2013

    - https://www.mozilla.org/security/kno...nderbird17.0.7
    Fixed in Thunderbird 17.0.7
    MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
    MFSA 2013-56 PreserveWrapper has inconsistent behavior
    MFSA 2013-55 SVG filters can lead to information disclosure
    MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
    MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
    MFSA 2013-51 Privileged content access and execution via XBL
    MFSA 2013-50 Memory corruption found using Address Sanitizer
    MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

    Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    Download: https://www.mozilla.org/thunderbird/all.html
    ___

    - https://secunia.com/advisories/53953/
    Release Date: 2013-06-26
    Criticality level: Highly Critical
    Impact: Security Bypass, Exposure of sensitive information, System access
    ... vulnerabilities are reported in versions prior to 17.0.7.
    Solution: Update to version 17.0.7.

    - http://www.securitytracker.com/id/1028704
    CVE Reference: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
    Jun 26 2013
    Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 17.0.7 ...

    Last edited by AplusWebMaster; 2013-06-26 at 18:05.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #74
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Ruby update...

    FYI...

    Ruby update - SSL vuln
    - https://isc.sans.edu/diary.html?storyid=16076
    Last Updated: 2013-06-27 16:57:11 UTC - "An update has been released for the SSL vulnerability reported in Ruby. From the site: "All Ruby versions are affected". The Ruby update also contains a patch for a DOS vulnerability... details here*."
    * http://h-online.com/-1901986
    ___

    - http://www.securitytracker.com/id/1028714
    CVE Reference: CVE-2013-4073
    Jun 27 2013
    Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to versions 1.8.7-p374, 1.9.3-p448, 2.0.0-p247
    Impact: A remote user can spoof SSL servers in certain cases.
    Solution: The vendor has issued a fix (1.8.7-p374, 1.9.3-p448, 2.0.0-p247).
    ... vendor's advisory is available at:
    - http://www.ruby-lang.org/en/news/201...cve-2013-4073/

    - https://secunia.com/advisories/54011/
    Release Date: 2013-06-28
    Where: From remote
    Impact: Spoofing
    Solution Status: Vendor Patch
    CVE Reference: CVE-2013-4073
    Solution: Update to version Ruby 1.8.7-p374, 1.9.3-p448, or 2.0.0-p247.
    Original Advisory: Ruby:
    http://www.ruby-lang.org/en/news/201...cve-2013-4073/
    ___

    Ruby 1.8.7 retired
    - http://www.ruby-lang.org/en/news/201...-retire-1-8-7/
    30 Jun 2013

    Last edited by AplusWebMaster; 2013-07-01 at 16:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #75
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IrfanView v4.36 released

    FYI...

    IrfanView v4.36 released
    - https://secunia.com/advisories/53976/
    Release Date: 2013-07-05
    Criticality: Highly Critical
    Where: From remote
    Impact: System access
    Solution Status: Vendor Patch
    Software: IrfanView 4.x
    ... vulnerability is confirmed in version 4.35. Prior versions may also be affected.
    Solution: Update to version 4.36.

    - http://www.irfanview.com/main_download_engl.htm

    - http://www.irfanview.com/main_history.htm
    Release date: 2013-06-27

    - http://www.irfanview.com/plugins.htm
    The current PlugIns version is: 4.36

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #76
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation OpenOffice 4.0 released

    FYI...

    OpenOffice 4.0 released
    - https://cwiki.apache.org/confluence/...+Release+Notes
    Jul 23, 2013

    - http://www.openoffice.org/security/bulletin.html

    Bug Fixes
    - https://cwiki.apache.org/confluence/...Notes-BugFixes
    "As of July 17th 2013 there were -498- verified issues that have been resolved..."

    - https://secunia.com/advisories/54133/
    Release Date: 2013-07-26
    Criticality: Highly Critical
    Impact: System access
    CVE Reference(s): CVE-2013-2189, CVE-2013-4156
    ... vulnerabilities are reported in versions 3.4.0 and 3.4.1. Prior versions may also be affected.
    Solution: Upgrade to version 4.0
    Original Advisory:
    http://www.openoffice.org/security/c...2013-2189.html
    http://www.openoffice.org/security/c...2013-4156.html

    Instructions for Downloading and Installing Apache OpenOffice 4.0.0
    - http://www.openoffice.org/download/c...tructions.html

    Download
    - http://www.openoffice.org/download/

    Last edited by AplusWebMaster; 2013-07-26 at 23:13.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #77
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation AdblockPlus 2.3.1 released

    FYI...

    AdblockPlus 2.3.1 released
    - https://adblockplus.org/releases/adb...opera-released
    2013-07-24
    Changes:
    - Improved filter list downloads.
    - Implemented filter forward-compatibility proposal.
    - Implemented an emergency notification mechanism that can be used to communicate important issues.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #78
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress v3.6 released

    FYI...

    WordPress v3.6 released
    - https://wordpress.org/download/
    August 1, 2013 - "The latest stable release of WordPress (Version 3.6) is available..."

    - https://wordpress.org/news/2013/08/oscar/
    "... WordPress, version 3.6, is now live to the world and includes a beautiful new blog-centric theme, bullet-proof autosave and post locking, a revamped revision browser, native support for audio and video embeds, and improved integrations with Spotify, Rdio, and SoundCloud..."

    Release Post
    - https://codex.wordpress.org/Version_3.6

    Changelog
    - https://codex.wordpress.org/Changelog/3.6

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #79
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird v17.0.8 released

    FYI...

    Thunderbird v17.0.8 released
    - https://www.mozilla.org/en-US/thunde...8/releasenotes
    August 6, 2013

    Security Advisories
    - https://www.mozilla.org/security/kno...nderbird17.0.8
    Fixed in Thunderbird 17.0.8
    MFSA 2013-75 Local Java applets may read contents of local file system
    MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
    MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
    MFSA 2013-71 Further Privilege escalation through Mozilla Updater
    MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
    MFSA 2013-68 Document URI misrepresentation and masquerading
    MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
    MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

    Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    Download: https://www.mozilla.org/thunderbird/all.html
    ___

    - http://www.securitytracker.com/id/1028887
    CVE Reference: CVE-2013-1701, CVE-2013-1702, CVE-2013-1706, CVE-2013-1707, CVE-2013-1709, CVE-2013-1710, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
    Aug 6 2013
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 17.0.8 ...

    - https://secunia.com/advisories/54413/
    Release Date: 2013-08-07
    Criticality: Highly Critical
    Where: From remote
    Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access
    ... vulnerabilities are reported in the following products:
    * Mozilla Thunderbird and Thunderbird ESR versions prior to 17.0.8...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #80
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress v3.6.1 released

    FYI...

    WordPress v3.6.1 released
    - https://wordpress.org/download/
    Sep 11, 2013 - "The latest stable release of WordPress (Version 3.6.1) is available..."

    - http://www.securitytracker.com/id/1029025
    Sep 11 2013
    Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 3.6.1 ...
    Solution: The vendor has issued a fix (3.6.1).
    The vendor's advisory is available at:
    - http://codex.wordpress.org/Version_3.6.1
    ... Summary: From the announcement post*, this maintenance release addresses 13 bugs with version 3.6... Additionally: Version 3.6.1 fixes three security issues..."
    * http://wordpress.org/news/2013/09/wordpress-3-6-1/

    - https://secunia.com/advisories/54803/
    Release Date: 2013-09-13
    Criticality: Moderately Critical
    Where: From remote
    Impact: Security Bypass, Spoofing, System access
    CVE Reference(s):
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4338 - 7.5 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4339 - 7.5 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4340 - 3.5
    ... weakness, security issue, and vulnerability are reported in versions prior to 3.6.1.
    Solution: Update to version 3.6.1...

    Last edited by AplusWebMaster; 2013-09-14 at 00:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •