News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
August 22, 2014, 03:44:40
Pages: 1 ... 5 6 [7] 8 9 10   Go Down
  Print  
Topic: Multiple AV vendor vulns / updates / issues  (Read 64974 times)
0 Members and 1 Guest are viewing this topic.
« Reply #90 on: February 24, 2011, 06:24:42 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

CA ActiveX vuln - update available
* http://secunia.com/advisories/43377/
Release Date: 2011-02-24
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
Original Advisory:  ZDI / CA (CA20110223-01):
http://www.zerodayinitiative.com/advisories/ZDI-11-093/

CA ActiveX vuln - update available
- http://secunia.com/advisories/43490/
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
Solution: Set the kill-bit for the affected ActiveX control. Reportedly, the vendor will issue fix information soon.
For more information: SA43377*

- http://www.securitytracker.com/id/1025120
Updated: Feb 26 2011
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1036
Last revised: 03/11/2011
CVSS v2 Base Score: 8.8 (HIGH)

 Exclamation Exclamation
« Last Edit: March 14, 2011, 11:33:31 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #91 on: February 25, 2011, 04:00:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

F-Secure multiple vulns - update available
- http://secunia.com/advisories/43049/
Release Date: 2011-02-24
Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote...
Software: F-Secure Policy Manager 8.x, F-Secure Policy Manager 9.x
... The weakness and the vulnerability are confirmed in version 9.00.30231 and also reported in versions 8.00 and 8.1x.
Solution: Apply patches.
Original Advisory: F-Secure (FSC-2011-2):
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html

- http://www.securitytracker.com/id/1025124
Feb 24 2011
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1102
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1103
Last revised: 03/11/2011
"... before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux..."

 Exclamation
« Last Edit: March 14, 2011, 11:31:35 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #92 on: March 15, 2011, 10:59:53 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

F-secure beta f/Macs false positive, fix available
- http://www.f-secure.com/weblog/archives/00002121.html
March 15, 2011 - "The beta version of our Mac OSX software, F-Secure Mac Protection, had a serious false alarm last night. Database update 2011-03-14_03 caused several false alarms in clean files with detection names such as
 Exploit:W32/NeosploitPDF.gen!A and Exploit:JS/Brooks.gen!A. The problematic update was removed after two hours. Beta users who received the update have seen some of their clean files moved to Trash. This problem only affected users of our Mac OSX beta version (Technology Preview). Our Windows and Linux products were not affected in any way... We have now released a tool that will restore the files back to their original locations. You can download the tool from here*."
* http://www.f-secure.com/en_EMEA-Labs/beta-programs/home-users-beta/fsmac/FSMACTP-01/
F-Secure Mac Protection Technology Preview advisory 15.3.2011...

 Sad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #93 on: April 07, 2011, 08:53:07 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

McAfee 'rogue script' mix-up...
- http://www.theregister.co.uk/2011/04/06/mcafee_email_filter_screw_up/
6 April 2011 - "McAfee has apologised for a Sesame Street-style mix-up over the weekend that temporarily prevented any customers with addresses that start with the letter A from receiving email. The glitch... bounced emails sent to supported inboxes that began with an A or a non-alphanumeric special character (eg, @£$). In a statement, McAfee blamed a rogue script for the mix-up, which has now been resolved..."

 Shocked Sad Frustrated
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #94 on: April 12, 2011, 04:02:05 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

McAfee Firewall Reporter vuln - fix
- https://kc.mcafee.com/corporate/index?page=content&id=SB10015
Security Bulletins ID: SB10015
Last Modified: April 11, 2011
This update fixes a bug that leverages an issue in the authentication sequence to allow unauthorized users access to the system...
> Remediation..."
(See the URL above.)

- http://www.securitytracker.com/id/1025314
Apr 11 2011
Version: prior to 5.1.0.13...

- http://secunia.com/advisories/44110/
Criticality level: Moderately critical

 Sad
« Last Edit: April 12, 2011, 08:43:20 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #95 on: April 12, 2011, 08:29:33 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Avast! false positive - virus defs 110411-1 ...
- https://blog.avast.com/2011/04/11/false-positive-issue-with-virus-defs-110411-1/
April 11 2011 - "Virus definition update 110411-1 contained an error that resulted in a good number of innocent sites being flagged as infected. Generally, all sites with a script in a specific format were affected... We sincerely apologize for the inconvenience..."

- http://news.cnet.com/8301-1009_3-20053085-83.html
April 12, 2011 - "... the update was downloaded by around 5 million users, mostly on the Western Hemisphere..."

"Some of the sites affected by this Avast false positive include Wikipedia, Yahoo, PCWorld, and Youtube..."
(Hat tip to cnm @ spywareinfoforum.com)*
* http://www.spywareinfoforum.com/index.php?/topic/131584-avast-false-positive-bans-innocent-sites/page__view__findpost__p__744891

 Shocked Sad
« Last Edit: April 13, 2011, 07:38:57 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #96 on: April 21, 2011, 03:13:27 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

CA ActiveX controls vuln...
- http://secunia.com/advisories/43681/
Release Date: 2011-04-21
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-1719
Solution: Apply APARs.
Original Advisory: CA:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={DED5B724-B500-46DA-A855-B2AF457B5364}
___

- http://www.securitytracker.com/id/1025423
CVE Reference: CVE-2011-1718
Apr 21 2011
- http://www.securitytracker.com/id/1025424
CVE Reference: CVE-2011-1719
Apr 21 2011

 Exclamation
« Last Edit: April 21, 2011, 03:19:33 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #97 on: April 28, 2011, 12:11:55 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

McAfee - False Positive in DAT 6329...
- http://isc.sans.edu/diary.html?storyid=10783
Last Updated: 2011-04-28 12:26:24 UTC - McAfee Labs have issued an alert that McAfee VirusScan DAT file 6329 is returning a false positive for spsgui.exe. This is impacting SAP telephone connectivity functionality. McAfee... work around for the issue documented in KB71739:
https://kc.mcafee.com/corporate/index?page=content&id=KB71739

 Sad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #98 on: June 28, 2011, 11:20:50 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Avira AV v10 SP2 released
- http://techblog.avira.com/2011/06/28/service-pack-2-for-avira-antivir-v10/en/
June 28, 2011 - "... Service Pack 2 to all AntiVir v10 products today: Personal, Premium, Premium Security Suite, Professional and Server. Avira’s Service Pack 2 update will be made available as product update to all customers, paid and free in English and German. The other languages will follow in the next few weeks. Please make sure you have enabled Product Updates by choosing the first option in Configuration -> Update->Product Update...
... fixed many issues which our users reported
... improved the protection overall by enhancing the heuristic detection and the repair functionality
... enabled the protection of the product itself and that of the entire operating system by enabling automatically the advanced process protection which prevents malware to terminate the Avira processes and to change the registry keys of the system.
... antirootkits protection was enhanced in order to be able to detect new methods of hiding malware...
You must restart your system after SP2 is installed in order to use the new drivers. Please save your work to prevent any loss of data.
Please read here about how to prepare for the reboot if you are in a company:
http://www.avira.com/en/support-for-home-knowledgebase-detail?kbid=841
... and check this document for the default values
http://www.avira.com/files/support/FAQ_KB/EN/Restart_Behavior_AV10_SP2_Prof_EN.pdf ...

... The SP2 brings also an optional toolbar to the users of the AntiVir Personal Free. If the user installs it, uses the toolbar and clicks on the links provided, Avira gets some money from the provider of the toolbar, the well-known search provider Ask .com...  For more information about data collected, please read the Ask’s privacy policy available here:
http://sp.ask.com/en/docs/about/privacy.shtml
    Most visible innovations in the SP2:
http://www.avira.com/en/support-for-business-faq-detail/faqid/854
    Release Information of SP2 at a glance:
http://www.avira.com/en/support-for-home-faq-detail/faqid/840.
    Detailed information of the changes performed in the products by the SP2:
http://www.avira.com/files/support/FAQ_KB/EN/Release_Information_AV10_SP2_EN.pdf
    How to install the new Avira Toolbar after updating to SP2:
http://www.avira.com/en/support-for-free-faq-detail/faqid/861
    How to install the new Avira Toolbar later via setup:
http://www.avira.com/en/support-for-free-faq-detail/faqid/862
    How to -remove- the Avira Toolbar:
http://www.avira.com/en/support-for-free-faq-detail?faqid=863

Update: Some of our users experienced that the online protection is inactive after the SP2 update. Please see here* how to fix it.
* http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/566
___

- http://www.h-online.com/security/news/item/Service-Pack-for-Antivir-confuses-users-1271030.html
30 June 2011

 Exclamation
« Last Edit: July 03, 2011, 01:19:24 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #99 on: July 22, 2011, 05:22:18 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

CA Gateway v8.1 Security advisory...
- http://h-online.com/-1284003
22 July 2011 - "CA is warning of a critical vulnerability in its Gateway Security 8.1 business security solution that allows attackers to inject malicious code into systems... The company has provided a fix* for Gateway Security. Alternatively, users can upgrade to version 9.0. Users of Total Defense Suite r12 are also advised to take action quickly as the vulnerable version of Gateway Security is part of this security package."

* https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=RO32642&actionID=4
07/13/2011

CA20110720-01: Security Notice for CA Gateway Security and Total Defense
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D}
July 20, 2011
Risk Rating: High
Platform: Windows
Affected Products: CA Gateway Security 8.1, CA Total Defense r12
Non-Affected Products: CA Gateway Security 9.0 ...
___

- http://secunia.com/advisories/45332/
Release Date: 2011-07-21
Criticality level: Moderately critical
... vulnerability is reported in versions prior to 8.1.0.69...

 Exclamation
« Last Edit: July 24, 2011, 03:42:30 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #100 on: July 27, 2011, 04:55:44 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

ClamAV DoS vuln - update available
- http://secunia.com/advisories/45382/
Release Date: 2011-07-26
Criticality level: Moderately critical
Impact: DoS
Where: From remote...
Solution Status: Vendor Patch
... The vulnerability is reported in versions prior to 0.97.2.
Solution: Update to version 0.97.2.

- http://www.clamav.net/lang/en/
"... ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing
detection, hash matcher, and other minor issues. Please see the ChangeLog file for details..."
* http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #101 on: August 09, 2011, 04:27:57 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

McAfee SaaS Endpoint v5.2.2 update released
- https://secunia.com/advisories/45506/
Release Date: 2011-08-09
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee SaaS Endpoint Protection 5.x
... The vulnerabilities are reported in versions 5.2.1 and prior.
Solution: Update to version 5.2.2...

- http://www.securitytracker.com/id/1025890
Aug 9 2011
Vendor URL: https://kc.mcafee.com/corporate/index?page=content&id=SB10016

- http://osvdb.org/show/osvdb/74512
Vendor Informed Date: 2011-01-24
Disclosure Date: 2011-08-09

 Exclamation
« Last Edit: August 14, 2011, 06:46:51 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #102 on: August 15, 2011, 07:50:59 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Symantec - Veritas/NetBackup advisory
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110815_00
August 15, 2011- SYM11-010
Severity: High...

- http://www.symantec.com/business/support/index?page=content&id=TECH165536
Updated: 2011-08-15

- http://www.securitytracker.com/id/1025926
- http://www.securitytracker.com/id/1025927
Aug 15 2011

- https://secunia.com/advisories/45576/
Release Date: 2011-08-15
Criticality level: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix*...

 Exclamation Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #103 on: September 02, 2011, 05:13:43 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

VB100 > RAP averages > Feb - August 2011
> http://www.virusbtn.com/vb100/rap-index.xml
___

Symantec Enterprise Vault multiple vuln - hotfix available
- https://secunia.com/advisories/45834/
Release Date: 2011-09-02
Criticality level: Highly critical
Impact:   DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec Enterprise Vault 10.x, 8.x, 9.x
CVE Reference(s): CVE-2011-0794, CVE-2011-0808, CVE-2011-2264, CVE-2011-2267
...more information:
- https://secunia.com/advisories/44295/
- https://secunia.com/advisories/45297/
Solution: Apply hotfix.
Original Advisory: Symantec:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20110901_00

 Exclamation
« Last Edit: September 05, 2011, 06:50:08 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #104 on: September 30, 2011, 06:33:10 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Symantec IM Manager multiple vulns - update available
- https://secunia.com/advisories/43157/
Release Date: 2011-09-30
Impact: Cross Site Scripting, System access
Where: From local network
... Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in version 8.4.17 and prior.
Solution: Update to version 8.4.18.
Original Advisory: Symantec:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00
SYM11-012
September 29, 2011

- http://www.securitytracker.com/id/1026130
CVE Reference: CVE-2011-0552, CVE-2011-0553, CVE-2011-0554
Sep 30 2011

 Exclamation
« Last Edit: September 30, 2011, 20:33:05 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 ... 5 6 [7] 8 9 10   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.279 seconds with 19 queries.