JC3 Medium Impact Assessment Bulletins | Department of Energy

You are here

JC3 Medium Impact Assessment Bulletins

November 15, 2012

V-025: Bugzilla Multiple Cross Site Scripting and Information Disclosure Vulnerabilities

Bugzilla Multiple Vulnerabilities

November 6, 2012

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

Two vulnerabilities were reported in Apache Tomcat

October 23, 2012

V-008: Debian Security Advisory

Debian update for bind9

October 22, 2012

V-007: McAfee Firewall Enterprise ISC BIND Record Handling Lockup Vulnerability

McAfee has acknowledged a vulnerability in McAfee Firewall Enterprise, which can be exploited by malicious people to cause a DoS (Denial of Service).

October 18, 2012

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

October 15, 2012

V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords

EMC NetWorker Module for Microsoft Applications Two Vulnerabilities

October 11, 2012

U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service

Several vulnerabilities were reported in Cisco Firewall Services Module.

October 8, 2012

U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability

A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks.

October 5, 2012

U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users

A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information.

October 2, 2012

U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability

A vulnerability in WebSphere Commerce could allow disclosure of user personal data.