Public Safety Canada Cyber Warnings 2008

Public Safety Canada Cyber Warnings 2008 Public Safety Canada Cyber Warnings 2008 http://www.publicsafety.gc.ca/app_support/xml/ps_ccirc_e.xml COPYRIGHT en-ca Wed, 14 Jan 2009 11:08:18 -0500 web@ps.gc.ca Wed, 14 Jan 2009 11:06:33 -0500 1 web@ps.gc.ca FeedForAll v2.0 (2.0.2.9) http://www.feedforall.com IN08-007: Increased activity of malicious code spreading using removable devices The purpose of this Information Note is to encourage organizations to proactively ensure their web presence is not impacted by the threat of SQL injection attacks. Compromised servers could unwittingly infect the computer systems of users visiting their site through redirection scripts inserted in the web pages html code. CCIRC urges all website administrators to scrutinize how they secure their web pages and SQL databases. Organizations are also reminded to remain vigilant to emerging internet threats. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/in08-007-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/in08-007-eng.aspx Mon, 22 Dec 2008 16:14:41 -0500 TR08-004: Disabling Autorun The purpose of this technical report is to highlight common configuration options found in mailing list management software that may help alleviate the threats against electronic mailing lists. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-004-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-004-eng.aspx Mon, 22 Dec 2008 15:37:12 -0500 AV08-092: Critical Security Update for Internet Explorer The purpose of this advisory is to bring attention to an out-of-band security patch released by Microsoft to address a significant vulnerability affecting all supported versions of Internet Explorer. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-092-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-092-eng.aspx Wed, 17 Dec 2008 20:57:52 -0500 AV08-091: Vulnerability in CA ARCserve Backup LDBserver The purpose of this advisory is to bring attention to a vulnerability in CA ARCserve Backup LDBserver. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-091-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-091-eng.aspx Fri, 12 Dec 2008 18:40:34 -0500 AV08-089: Microsoft Security Bulletins for the Month of December The purpose of this advisory is to bring attention to the following 8 vulnerabilities (6 Critical) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-089-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-089-eng.aspx Tue, 9 Dec 2008 19:08:37 -0500 AV08-088: Sun Releases Updates for Java SE The purpose of this advisory is to bring attention to security updates available for Java SE. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-088-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-088-eng.aspx Thu, 4 Dec 2008 17:12:11 -0500 AV08-087: BlackBerry Desktop Software buffer overflow vulnerability The purpose of this advisory is to bring attention to a buffer overflow that exists in the DWUpdateService ActiveX control service bundled with the BlackBerry Desktop Software, which could potentially be exploited to execute arbitrary commands with the privileges of the user when a client visits a malicious web page that invokes this control. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-087-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-087-eng.aspx Fri, 28 Nov 2008 16:23:35 -0500 AV08-086: Symantec Backup Exec Authentication Bypass and Potential Buffer Overflow The purpose of this advisory is to bring attention to a vulnerability in the backup exec service, which could cause a buffer overflow in the data management protocol. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-086-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-086-eng.aspx Fri, 21 Nov 2008 17:41:39 -0500 AV08-085: Microsoft Security Bulletins for the Month of November The purpose of this advisory is to bring attention to the following 2 vulnerabilities (1 Critical) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-085-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-085-eng.aspx Wed, 12 Nov 2008 11:31:01 -0500 AV08-083: VMware Hosted products and patches for ESX and ESXi resolves two security issues The purpose of this advisory is to bring attention to security issues affecting VMware hosted products, VMWare ESX and ESXi which might allow privillege escalation. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-083-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-083-eng.aspx Mon, 10 Nov 2008 19:01:46 -0500 AV08-084: VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues The purpose of this advisory is to bring attention to multiple security issues in VMware in a in-guest privilege escalation on 64-bit guest operating systems in ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential information disclosure and updates Java JRE packages. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-084-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-084-eng.aspx Mon, 10 Nov 2008 18:13:24 -0500 AV08-078: Update: Flash Player update available to address security vulnerabilities The purpose of this advisory is to bring attention to potential vulnerabilities that have been identified in Adobe Flash Player 9.0.124.0 and earlier, which could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-078-eng.aspx 940D53E4-BFFC-4638-9B96-64DFF3F860B5 Fri, 7 Nov 2008 16:43:10 -0500 AV08-082: Security update available for Adobe Reader 8 and Acrobat 8 The purpose of this advisory is to bring attention to a security update for critical vulnerabilities that have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-082-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-082-eng.aspx Wed, 5 Nov 2008 16:12:48 -0500 AV08-080: Update: Microsoft Security Bulletin MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution The purpose of this advisory is to bring attention to a critical patch released by Microsoft to address a server service vulnerability that could allow for remote code execution. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-080-eng.aspx 031853F1-B0CB-41ED-92F9-1645FCB16F4C Wed, 29 Oct 2008 21:42:23 -0400 AV08-081: Remote Arbitrary Code Execution Vulnerability in LibSPF2 The purpose of this advisory is to bring attention to a vulnerability that has been identified in LibSPF2, which could be exploited by remote attackers to compromise a vulnerable system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-081-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-081-eng.aspx Mon, 27 Oct 2008 14:43:57 -0400 AV08-080: Microsoft Security Bulletin MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution The purpose of this advisory is to bring attention to a critical patch released by Microsoft to address a server service vulnerability that could allow for remote code execution. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-080-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-080-eng.aspx Thu, 23 Oct 2008 18:58:38 -0400 AV08-079: Trend Micro OfficeScan Critical Patch Release A vulnerability has been reported in Trend Micro OfficeScan product. This vulnerability is due to a stack-based buffer overflow condition, which could allow an attacker to execute arbitrary code on the affected system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-079-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-079-eng.aspx Wed, 22 Oct 2008 19:41:08 -0400 AV08-078: Flash Player update available to address security vulnerabilities The purpose of this advisory is to bring attention to potential vulnerabilities that have been identified in Adobe Flash Player 9.0.124.0 and earlier, which could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-078-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-078-eng.aspx Fri, 17 Oct 2008 20:49:41 -0400 TR08-003: Securing Electronic Mailing Lists The purpose of this technical report is to highlight common configuration options found in mailing list management software that may help alleviate the threats against electronic mailing lists. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-003-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-003-eng.aspx Fri, 17 Oct 2008 13:17:08 -0400 AV08-077: Oracle Critical Patch Update - October 2008 The purpose of this advisory is to bring attention to the quarterly Oracle Critical Patch update for October 2008. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-077-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-077-eng.aspx Wed, 15 Oct 2008 21:57:04 -0400 AV08-076: Microsoft Security Bulletins for the Month of October The purpose of this advisory is to bring attention to the following 11 vulnerabilities (4 Critical) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-076-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-076-eng.aspx Wed, 15 Oct 2008 11:10:58 -0400 AV08-075: Multiple Security Vulnerabilities with CA ARCserve backup Several vulnerabilities have been reported for CA ARCserve backup. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial of service. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-075-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-075-eng.aspx Tue, 14 Oct 2008 15:22:08 -0400 AV08-074: Trend Micro OfficeScan Buffer Overflow and DoS Vulnerabilities Three vulnerabilities have been reported in Trend Micro OfficeScan product. Exploitation of these vulnerabilities may allow a remote attacker to gain access to sensitive information and systems, and/or cause a denial of service condition. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-074-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-074-eng.aspx Fri, 3 Oct 2008 15:59:17 -0400 AV08-073: ABB PCU400 Remote Buffer Overflow Vulnerability The purpose of this advisory is to bring attention to a buffer overflow vulnerability in ABB's PCU400 (Process Communication Unit). http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-073-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-073-eng.aspx Mon, 29 Sep 2008 14:35:32 -0400 AV08-072: Cisco Security Advisory September 2008 The purpose of this advisory is to raise awareness of multiple vulnerabilities in Cisco Internetwork Operating System (IOS) and Cisco Unified Communications Manager. CISCO has released software to address the following vulnerabilities http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-072-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-072-eng.aspx Thu, 25 Sep 2008 21:08:56 -0400 AV08-071: VMware ESX/ESXi openwsman Buffer Overflow Vulnerability The purpose of this advisory is to bring attention to a buffer overflow vulnerability recently disclosed in VMware ESX/ESXi which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-071-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-071-eng.aspx Fri, 19 Sep 2008 15:00:38 -0400 AV08-068: Update: Microsoft Security Bulletins for the Month of September This update is to highlight the fact that active exploitation of MS08-053 vulnerability (Windows Media Encoder 9) has been reported by some Anti-Virus vendors. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-068-eng.aspx 6D042782-38B4-4BA5-AE3B-11C67C92463F Tue, 16 Sep 2008 13:30:48 -0400 AV08-069: Apple QuickTime Multiple Remote Code Execution Vulnerabilities The purpose of this advisory is to bring attention to multiple vulnerabilities recently disclosed in Apple QuickTime which could be exploited by remote attackers to take complete control of an affected system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-069-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-069-eng.aspx Wed, 10 Sep 2008 19:56:06 -0400 AV08-068: Microsoft Security Bulletins for the Month of September The purpose of this advisory is to bring attention to the following 4 critical vulnerabilities in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-068-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-068-eng.aspx Tue, 9 Sep 2008 17:21:01 -0400 AV08-067: Cisco PIX and Cisco ASA Multiple Denial of Service and Information Disclosure Vulnerabilities The purpose of this advisory is to raise awareness of multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-067-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-067-eng.aspx Thu, 4 Sep 2008 17:49:35 -0400 AV08-066: Multiple VMware Products Vulnerabilities and Security Updates The purpose of this advisory is to bring attention to multiple vulnerabilities recently disclosed and other security updates for VMware products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-066-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-066-eng.aspx Wed, 3 Sep 2008 14:43:37 -0400 AV08-064: Update: Microsoft Security Bulletins for the Month of August The purpose of this advisory is to bring attention to an update for Microsoft Security Bulletin MS08-05. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-064-eng.aspx 4DFC5075-DAD8-4FCF-ABD5-54CA8AEBC625 Fri, 22 Aug 2008 16:17:06 -0400 AV08-065: VMware ESX/ESXi 3.5 Update 2 patch causing error An issue has been discovered with VMware ESX/ESXi 3.5 Update 2 where Virtual Machines fail to power on or VMotion successfully. This problem began to occur on August 12, 2008 for clients that had upgraded to ESX 3.5 Update 2. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-065-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-065-eng.aspx Wed, 13 Aug 2008 14:33:10 -0400 AV08-064: Microsoft Security Bulletins for the Month of August The purpose of this advisory is to bring attention to the following 11 vulnerabilities (6 Critical, 5 Important) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-064-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-064-eng.aspx Wed, 13 Aug 2008 12:45:27 -0400 AV08-063: Vulnerability in CA ARCserve Backup for Laptops and Desktops Server The purpose of this advisory is to bring attention to a vulnerability in CA ARCserve Backup for Laptops and Desktops Server which could be exploited to cause a denial-of-service condition or execute arbitrary code on a vulnerable system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-063-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-063-eng.aspx Tue, 5 Aug 2008 14:16:52 -0400 AV08-062: Vulnerability in Oracle WebLogic plug-in for Apache web server The purpose of this advisory is to bring attention to a vulnerability in Oracle WebLogic plug-in for Apache web server which could be exploited to cause a denial-of-service condition or execute arbitrary code on a vulnerable system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-062-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-062-eng.aspx Wed, 30 Jul 2008 17:38:33 -0400 AV08-061: BlackBerry Enterprise Server PDF Distiller Remote Code Execution Vulnerability The purpose of this advisory is to bring attention to a BlackBerry Enterprise Server PDF Distiller Remote Code Execution Vulnerability. hhttp://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-061-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-061-eng.aspx Thu, 7 Aug 2008 14:32:11 -0400 AL08-001: Proof of concept code for new DNS cache poisoning attacks publicly available The purpose of this alert is to raise awareness that proof of concept code that can facilitate DNS cache poisoning attacks has been publicly disclosed. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/al08-001-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/al08-001-eng.aspx Tue, 22 Jul 2008 09:14:18 -0400 AV08-060: Oracle Critical Patch Update - July 2008 The purpose of this advisory is to bring attention to the quarterly Oracle Critical Patch update for July 2008. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-060-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-060-eng.aspx Wed, 16 Jul 2008 09:05:30 -0400 AV08-056: Update: Multiple vendor DNS implementations vulnerable to cache poisoning The purpose of this update is to provide additional information to the cache poisoning issue raised in the initial version of this advisory. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-056-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-056-eng.aspx Fri, 11 Jul 2008 14:08:40 -0400 AV08-059: Novell eDirectory LDAP Service Search Parameters Heap Overflow Vulnerability The purpose of this advisory is to raise awareness of a vulnerability affecting Novell eDirectory. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-059-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-059-eng.aspx Fri, 11 Jul 2008 12:13:03 -0400 AV08-058: Multiple Vulnerabilities in Sun Java The purpose of this advisory is to bring attention to multiple vulnerabilities identified in Sun Java. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-058-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-058-eng.aspx Thu, 10 Jul 2008 16:16:37 -0400 AV08-057: Microsoft Security Bulletins for the Month of July The purpose of this advisory is to bring attention to the following 4 vulnerabilities in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-057-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-057-eng.aspx Tue, 8 Jul 2008 20:14:47 -0400 AV08-056: Multiple vendor DNS implementations vulnerable to cache poisoning The purpose of this advisory is to raise awareness of deficiencies in the DNS protocol and common DNS implementations that can facilitate DNS cache poisoning attacks. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-056-eng.aspx 62328222-3BEE-4EF2-9879-9BAC7C75E572 Tue, 8 Jul 2008 22:09:18 -0400 AV08-055: Microsoft Internet Explorer 6 Cross-Domain Vulnerability The purpose of this advisory is to raise awareness of a vulnerability in Microsoft Internet Explorer 6. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-055-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-055-eng.aspx Thu, 26 Jun 2008 20:41:41 -0400 AV08-054: Adobe Products JavaScript Method Code Execution Vulnerability The purpose of this advisory is to raise awareness of a vulnerability in Adobe Reader and Acrobat. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-054-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-054-eng.aspx Wed, 25 Jun 2008 09:50:47 -0400 IN08-002: SQL Injection Attacks The purpose of this Information Note is to encourage organizations to proactively ensure their web presence is not impacted by the threat of SQL injection attacks. Compromised servers could unwittingly infect the computer systems of users visiting their site through redirection scripts inserted in the web pages html code. CCIRC urges all website administrators to scrutinize how they secure their web pages and SQL databases. Organizations are also reminded to remain vigilant to emerging internet threats. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/in08-002-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/in08-002-eng.aspx Mon, 23 Jun 2008 13:14:05 -0400 AV08-052: Update: Microsoft Security Bulletins for the Month of June The purpose of this advisory is to bring attention to the following 7 vulnerabilities (3 Critical) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-052-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-052-eng.aspx Fri, 20 Jun 2008 12:07:35 -0400 AV08-053: SNMPv3 authentication bypass vulnerability The purpose of this advisory is to raise awareness of a vulnerability in SNMPv3. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-053-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-053-eng.aspx Wed, 11 Jun 2008 14:15:27 -0400 AV08-052: Microsoft Security Bulletins for the Month of June The purpose of this advisory is to bring attention to the following 7 vulnerabilities (3 Critical) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-052-eng.aspx 46992886-356F-46A8-BF16-E0132CDE2399 Tue, 10 Jun 2008 22:27:32 -0400 AV08-051: Apple QuickTime Multiple File Handling Code Execution Vulnerabilities The purpose of this advisory is to raise awareness of multiple vulnerabilities in Apple QuickTime. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-051-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-051-eng.aspx Tue, 10 Jun 2008 16:18:57 -0400 AV08-050: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Security Appliances The purpose of this advisory is to raise awareness of multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-050-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-050-eng.aspx Thu, 5 Jun 2008 14:37:17 -0400 AV08-049: VMware Products Multiple Vulnerabilities The purpose of this advisory is to raise awareness of multiple vulnerabilities in VMware products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-049-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-049-eng.aspx Mon, 2 Jun 2008 18:03:32 -0400 AV08-048: CiscoWorks Common Services Arbitrary Code Execution Vulnerability The purpose of this advisory is to raise awareness of a vulnerability in CiscoWorks products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-048-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-048-eng.aspx Wed, 28 May 2008 18:42:04 -0400 AV08-047: Cisco Multiple Vulnerabilities The purpose of this advisory is to raise awareness of multiple vulnerabilities within Cisco products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-047-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-047-eng.aspx Thu, 22 May 2008 14:11:28 -0400 AV08-046: Computer Associates ARCserve Backup Multiple Vulnerabilities The purpose of this advisory is to raise awareness of multiple remote vulnerabilities within Computer Associates ARCserve Backup products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-046-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-046-eng.aspx Tue, 20 May 2008 20:56:07 -0400 AV08-045: Cisco Products Multiple Vulnerabilities The purpose of this advisory is to bring attention to multiple vulnerabilities in various Cisco products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-045-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-045-eng.aspx Thu, 15 May 2008 16:24:17 -0400 AV08-044: Citrix Access Gateway Unspecified Authentication Bypass vulnerability The purpose of this advisory is to raise awareness of remotely exploitable vulnerability present in: Citrix Access Gateway products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-044-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-044-eng.aspx Wed, 14 May 2008 15:33:30 -0400 AV08-043: Microsoft Security Bulletins for the Month of May The purpose of this advisory is to bring attention to the following 4 vulnerabilities (3 Critical) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-043-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-043-eng.aspx Wed, 14 May 2008 09:19:07 -0400 AV08-042: Update: WonderWare SuiteLink Remote Denial of Service Vulnerability The purpose of this advisory is to raise awareness of a Denial of Service vulnerability within Wonderware SuiteLink product. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-042-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-042-eng.aspx Fri, 9 May 2008 13:13:16 -0400 AV08-042: WonderWare SuiteLink Remote Denial of Service Vulnerability The purpose of this advisory is to raise awareness of a Denial of Service vulnerability within Wonderware SuiteLink product. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-042-eng.aspx F23143F1-5A2D-4A58-939C-2F261E663766 Wed, 7 May 2008 19:22:50 -0400 AV08-041: Sun Java System Directory Server Vulnerability The purpose of this advisory is to raise awareness of a vulnerability within the Sun Java System Directory Server. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-041-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-041-eng.aspx Tue, 29 Apr 2008 16:31:04 -0400 AV08-040: HP HPeDiag ActiveX Control Information Disclosure and Remote Code Execution Vulnerability HP HPeDiag ActiveX Control Information Disclosure and Remote Code Execution Vulnerability http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-040-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-040-eng.aspx Fri, 25 Apr 2008 15:01:31 -0400 AV08-039: VMware ESX Code Execution and Denial of Service Vulnerabilities The purpose of this advisory is to raise awareness of a vulnerability in VMware products using the ESX Server. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-039-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-039-eng.aspx Fri, 18 Apr 2008 12:43:38 -0400 AV08-038: CA products using the DSM ActiveX control Vulnerabilities The purpose of this advisory is to raise awareness of a vulnerability in Computer Associate products using the DSM ActiveX control. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-038-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-038-eng.aspx Fri, 18 Apr 2008 09:04:34 -0400 AV08-037: McAfee Common Management Agent Denial of Service Vulnerability The purpose of this advisory is to raise awareness of a Denial of Service vulnerability within McAfee Common Management Agent Framework. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-037-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-037-eng.aspx Thu, 17 Apr 2008 16:38:13 -0400 AV08-036: Cisco Network Admission Control Shared Secret Vulnerability The purpose of this advisory is to raise awareness of a remotely exploitable vulnerability within Cisco Network Admission Control (NAC) Appliance. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-036-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-036-eng.aspx Thu, 17 Apr 2008 15:46:49 -0400 AV08-035: Oracle Critical Patch Update - April 2008 The purpose of this advisory is to bring attention to the quarterly Oracle Critical Patch Update for April 2008. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-035-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-035-eng.aspx Wed, 16 Apr 2008 13:03:39 -0400 AV08-034: Multiple Vulnerabilities in IBM Lotus Notes file viewers The purpose of this advisory is to raise awareness of multiple vulnerabilities within IBM Lotus Notes file viewers. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-034-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-034-eng.aspx Thu, 10 Apr 2008 14:58:36 -0400 AV08-033: Adobe Flash Player Multiple Vulnerabilities The purpose of this advisory is to raise awareness of multiple vulnerabilities within Adobe Flash Player. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-033-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-033-eng.aspx Wed, 9 Apr 2008 15:13:50 -0400 AV08-032: Microsoft Security Bulletins for the Month of April The purpose of this advisory is to bring attention to the following 5 critical and 3 important vulnerabilities in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-032-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-032-eng.aspx Tue, 8 Apr 2008 18:45:36 -0400 AV08-031: CA Products LGServer and NetBackup Multiple Vulnerabilities The purpose of this advisory is to raise awareness of multiple vulnerabilities within Computer Associates ARCserve Backup for Laptops, Desktops and Computer Associates Desktop Management Suite products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-031-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-031-eng.aspx Mon, 7 Apr 2008 15:42:51 -0400 AV08-030: Apple QuickTime File Handling Code Execution Vulnerabilities The purpose of this advisory is to draw attention to multiple vulnerabilities in Apple QuickTime File Handling. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-030-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-030-eng.aspx Fri, 4 Apr 2008 10:22:03 -0400 AV08-029: HP TCP/IP Services for OpenVMS Unauthorized Access Vulnerability The purpose of this advisory is to raise awareness of a vulnerability in HP TCP/IP Services for Open Virtual Memory System (OpenVMS). http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-029-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-029-eng.aspx Fri, 28 Mar 2008 15:30:21 -0400 AV08-028: Cisco IOS Multiple Vulnerabilities The purpose of this advisory is to bring attention to the following 5 vulnerabilities in certain versions of Cisco IOS. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-028-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-028-eng.aspx Thu, 27 Mar 2008 16:20:48 -0400 AV08-027: Novell eDirectory LDAP Extended Request Message Buffer Overflow Vulnerability The purpose of this advisory is to raise awareness of a vulnerability affecting Novell eDirectory. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-027-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-027-eng.aspx Wed, 26 Mar 2008 15:44:35 -0400 AV08-026: Adobe Form Designer and Advanced Form Client Buffer Overflow Vulnerabilities The purpose of this advisory is to draw attention to remote buffer overflow vulnerabilities in Adobe Form Designer and Adobe Form Client. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-026-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-026-eng.aspx Tue, 18 Mar 2008 16:25:25 -0400 AV08-025: CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability The purpose of this advisory is to draw attention to a remote code execution vulnerability in CiscoWorks Internetwork Performance Monitor. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-025-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-025-eng.aspx Mon, 17 Mar 2008 16:49:08 -0400 AV08-024: Microsoft Security Bulletins for the Month of March The purpose of this advisory is to bring attention to the following 4 critical vulnerabilities in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-024-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-024-eng.aspx Tue, 11 Mar 2008 16:19:40 -0400 AV08-023: Cross Site Scripting Vulnerability in CheckPoint VPN-1 UTM Edge The purpose of this advisory is to draw attention to a cross site scripting vulnerability in the CheckPoint VPN-1 UTM Edge Logon Page. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-023-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-023-eng.aspx Fri, 7 Mar 2008 20:00:58 -0500 AV08-022: Sun Java SE Multiple Vulnerabilities The purpose of this advisory is to raise awareness of multiple vulnerabilities in Sun Java SE, which could be exploited by remote attackers to compromise an affected system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-022-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-022-eng.aspx Wed, 5 Mar 2008 19:44:58 -0500 AV08-021: Multiple Vulnerabilities in Multiple Symantec Products The purpose of this advisory is to raise awareness of two vulnerabilities affecting the Symantec's Decomposer Engine. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-021-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-021-eng.aspx Thu, 28 Feb 2008 10:52:22 -0500 AV08-020: Novell iPrint Client Buffer Overflow Vulnerability The purpose of this advisory is to rise awareness of a vulnerability affecting Novell iPrint Client. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-020-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-020-eng.aspx Fri, 22 Feb 2008 15:05:13 -0500 AV08-019: Symantec Veritas Storage Foundation Multiple Vulnerabilities The purpose of this advisory is to raise awareness of two newly disclosed vulnerabilities within Symantec Veritas Storage Foundation. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-019-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-019-eng.aspx Thu, 21 Feb 2008 12:50:47 -0500 AV08-018: Cisco Unified Communications Manager SQL Injection Vulnerability The purpose of this advisory is to bring attention to a vulnerability affecting the Cisco Unified Communications Manager (Formally known as the CallManager). http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-018-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-018-eng.aspx Thu, 14 Feb 2008 13:31:40 -0500 AV08-017: Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities The purpose of this advisory is to raise awareness of newly disclosed vulnerabilities within various Cisco Unified IP Phones. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-017-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-017-eng.aspx Thu, 14 Feb 2008 20:45:22 -0500 AV08-016: Microsoft Security Bulletins for the Month of February The purpose of this advisory is to bring attention to the following 11 vulnerabilities (6 Critical) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-016-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-016-eng.aspx Wed, 13 Feb 2008 13:05:44 -0500 AV08-015: Novell Client NWSPOOL.DLL Stack Overflow Vulnerability This advisory has been written to raise awareness of a remotely exploitable buffer overflow vulnerability identified in Novell Client (NWSPOOL.DLL). http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-015-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-015-eng.aspx Tue, 12 Feb 2008 15:47:10 -0500 AV08-014: Update: Multiple vulnerabilities in Adobe Reader and Acrobat Advisory AV08-014 was released to bring attention to multiple vulnerabilities in Adobe Reader and Adobe Acrobat. This update is to highlight the fact that active exploitation of one of these vulnerabilities has been reported by the internet community and by various Anti-Virus vendors. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-014-eng.aspx 3DA22DDF-7352-4C77-B9A8-6F9483DA9CD9 Mon, 11 Feb 2008 20:04:25 -0500 AV08-014: Multiple vulnerabilities in Adobe Reader and Acrobat The purpose of this advisory is to draw attention to multiple vulnerabilities in Adobe Reader and Adobe Acrobat. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-014-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-014-eng.aspx Fri, 8 Feb 2008 19:20:51 -0500 AV08-013: IBM WebSphere Application Server information disclosure issue The purpose of this advisory is to raise awareness of an information disclosure issue in the IBM WebSphere Application Server. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-013-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-013-eng.aspx Fri, 8 Feb 2008 19:06:22 -0500 AV08-012: Sun Java Runtime Environment Remote Code Execution Vulnerabilities The purpose of this advisory is to raise awareness of two vulnerabilities in Sun Java Runtime Environment, which could be exploited by remote attackers to take complete control of an affected system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-012-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-012-eng.aspx Thu, 7 Feb 2008 08:00:44 -0500 AV08-011: HP OpenView Network Node Manager Denial of Service Vulnerability The purpose of this advisory is to raise awareness of a vulnerability in HP OpenView Network Node Manager (OV NNM), which can be exploited by malicious users to cause a Denial of Service (DoS). http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-011-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-011-eng.aspx Thu, 7 Feb 2008 08:00:44 -0500 AV08-010: Symantec Backup Exec System Recovery Manager File Upload Vulnerability The purpose of this advisory is to raise awareness for a vulnerability in Symantec Backup Exec System Recovery Manager, which can be exploited by malicious users to compromise a vulnerable system. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-010-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-010-eng.aspx Wed, 6 Feb 2008 16:20:22 -0500 Update: AV07-024: Apache Tomcat Connector mod_jk Library URL Handling Buffer Overflow Vulnerability Advisory AV07-024 was released to bring attention to a buffer overflow vulnerability in the Tomcat Connector mod_jk library. http://www.publicsafety.gc.ca/prg/em/ccirc/2007/av07-024-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2007/av07-024-eng.aspx Thu, 31 Jan 2008 19:00:43 -0500 AV08-009: Cisco Application Velocity Systems (AVS) Default Passwords vulnerability The purpose of this advisory is to raise awareness of a security issue found in certain versions of Cisco's Application Velocity System (AVS) which could be remotely exploited to gain unauthorised system access. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-009-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-009-eng.aspx Fri, 25 Jan 2008 10:23:36 -0500 AV08-008: Java SE Runtime Environment 6 Update The purpose of this advisory is to bring attention all changes made in Java 1.6.0 update releases for January 2008. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-008-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-008-eng.aspx Thu, 24 Jan 2008 16:23:26 -0500 AV08-007: Apple QuickTime File Processing Vulnerabilities The purpose of this advisory is to bring attention to multiple vulnerabilities in Apple QuickTime File Processing. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-007-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-007-eng.aspx Fri, 18 Jan 2008 16:58:05 -0500 AV08-006: Citrix Products IMA Service arbitrary code execution vulnerability The purpose of this advisory is to raise awareness of remotely exploitable vulnerabilities present in various versions of Citrix MetaFrame and Presentation Server, Citrix Access Essentials and Citrix Desktop Server. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-006-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-006-eng.aspx Fri, 18 Jan 2008 12:59:35 -0500 AV08-005: Cisco Unified Communications Manager Heap Buffer Overflow Vulnerability The purpose of this advisory is to bring attention to multiple vulnerabilities affecting the Cisco Unified Communications Manager (Formally known as the CallManager). http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-005-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-005-eng.aspx Thu, 17 Jan 2008 16:42:06 -0500 AV08-004: Oracle Critical Patch Update - January 2008 The purpose of this advisory is to bring attention to the quarterly Oracle Critical Patch Update for January 2008. A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. This Critical Patch Update contains 27 new security fixes for multiple products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-004-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-004-eng.aspx Tue, 15 Jan 2008 16:12:23 -0500 AV08-003: IBM Tivoli Storage Manager Express Heap Overflow Vulnerability The purpose of this advisory is to bring attention to a buffer overflow vulnerability identified in Tivoli Storage Manager Express. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-003-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-003-eng.aspx Fri, 11 Jan 2008 15:14:21 -0500 AV08-002: Microsoft Security Bulletins for the Month of January The purpose of this advisory is to bring attention to the following 2 vulnerabilities (1 Critical) in some Microsoft products. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-002-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-002-eng.aspx Wed, 9 Jan 2008 12:34:34 -0500 IN08-001: Cross Site Scripting vulnerabilities in SWF applications generated by various Shockwave Flash Authoring tools The purpose of this Information Note is to draw attention to cross site scripting (XSS) vulnerabilities created by various Shockwave Flash (SWF) authoring tools. SWF files created by affected applications and currently hosted by various organizations remain vulnerable until removed or corrective action is taken. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/in08-001-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/in08-001-eng.aspx Fri, 4 Jan 2008 16:13:33 -0500 AV08-001: Multiple Vulnerabilities in HP Quick Launch Button software The purpose of this advisory is to raise awareness of multiple remotely exploitable vulnerabilities in the Info Center component of HP Quick Launch Button software package. http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-001-eng.aspx http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-001-eng.aspx Thu, 3 Jan 2008 12:58:23 -0500