Attack Statistics

Map of Direct Cyber Attacks Summary Data Top 20 Attacks by Location Top 20 Email Viruses Top 20 Malicious Email Sources Top 20 Pieces of Malware

Commonwealth Security Advisory – May 10th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.

Summary:

  1. Adobe Flash Player Object Confusion Vulnerability
  2. Adobe Shockwave Player Multiple Vulnerabilities
  3. Cisco Secure ACS Multiple Vulnerabilities
  4. Cisco Unified MeetingPlace Multiple Vulnerabilities
  5. CiscoWorks Prime LAN Management Solution (LMS) Multiple Vulnerabilities
  6. HP Performance Insight Multiple Vulnerabilities
  7. IBM AIX Multiple Vulnerabilities
  8. IBM OS/400 OpenSSL DER Format Data Processing Vulnerability
  9. IBM Tivoli Access Manager for e-business Java Double Literal Denial of Service Vulnerability
  10. Microsoft May Security Bulletin -
    1. Vulnerability in Microsoft Word Could Allow Remote Code Execution MS12-029 – Critical (2680352)
    2. Vulnerabilities in Microsoft Office Could Allow Remote Code Execution MS12-030 – Important (2663830)
    3. Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution MS12-031 – Important (2597981)
    4. Vulnerability in TCP/IP Could Allow Elevation of Privilege MS12-032 – Important (2688338)
    5. Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege MS12-033 – Important (2690533)
    6. Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight MS12-034 – Critical (2681578)

    7. Vulnerabilities in .NET Framework Could Allow Remote Code Execution MS12-035 – Critical (2693777)

  11. Red Hat Multiple Vulnerabilities
  12. SUSE Multiple Vulnerabilities
  13. VMware ESX Server / ESXi Multiple Vulnerabilities

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – May 3rd, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.

Summary:

  1. Citrix Provisioning Services Code Execution Vulnerability
  2. Google Chrome Multiple Vulnerabilities
  3. HP Insight Management Agents Multiple Vulnerabilities
  4. HP NonStop Server Java Multiple Vulnerabilities
  5. HP SNMP Agents URL Redirect and Cross-Site Scripting Vulnerabilities
  6. IBM OS/400 HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness
  7. Red Hat Multiple Vulnerabilities
  8. SUSE Multiple Vulnerabilities

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – Apr 26th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.

Summary:

  1. HP-UX Multiple Vulnerabilities
  2. IBM Java Multiple Vulnerabilities
  3. IBM Rational Products Multiple Vulnerabilities
  4. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Vulnerabilities
  5. OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability
  6. Red Hat Multiple Vulnerabilities
  7. SUSE Multiple Vulnerabilities

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – Apr 19th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.

Summary:

  1. Apache HTTP Server LD_LIBRARY_PATH Security Issue
  2. Attachmate Reflection X X.Org xrdb Hostname Command Injection Security Issue
  3. HP Onboard Administrator Denial of Service Vulnerability
  4. IBM 31-bit SDK for z/OS and IBM 64-bit SDK for z/OS Multiple Vulnerabilities
  5. Oracle Quarterly Critical Patch Update, April 2012 –
    1. Oracle Agile PLM Multiple Vulnerabilities
    2. Oracle Agile PLM for Process Unspecified Vulnerability
    3. Oracle AutoVue Office Unspecified Vulnerability
    4. Oracle BI Publisher Administration Unspecified Vulnerability
    5. Oracle Database Multiple Vulnerabilities
    6. Oracle E-Business Suite Multiple Vulnerabilities
    7. Oracle Enterprise Manager Grid Control Multiple Vulnerabilities
    8. Oracle FLEXCUBE Direct Banking Unspecified Vulnerabilities
    9. Oracle FLEXCUBE Universal Banking Unspecified Vulnerabilities
    10. Oracle GlassFish Enterprise Server Unspecified Vulnerabilities
    11. Oracle Grid Engine Multiple Vulnerabilities
    12. Oracle Identity Manager Connector for Database User Management Unspecified Vulnerability
    13. Oracle Identity Manager User Config Management Unspecified Vulnerability
    14. Oracle iPlanet Web Server Multiple Cross-Site Scripting Vulnerabilities
    15. Oracle JDeveloper Java Business Objects Unspecified Vulnerability
    16. Oracle JRockit Multiple Vulnerabilities
    17. Oracle MySQL Server Multiple Vulnerabilities
    18. Oracle PeopleSoft Enterprise CRM Unspecified Vulnerability
    19. Oracle PeopleSoft Enterprise FCSM Unspecified Vulnerability
    20. Oracle PeopleSoft Human Capital Management Human Resources Unspecified Vulnerability
    21. Oracle PeopleSoft Enterprise Human Resource Management System (HRMS) Unspecified Vulnerabilities
    22. Oracle PeopleSoft Enterprise PeopleTools Multiple Vulnerabilities
    23. Oracle PeopleSoft Enterprise Portal Unspecified Vulnerability
    24. Oracle PeopleSoft Enterprise Supply Chain Management (SCM) Unspecified Vulnerabilities
    25. Oracle Primavera P6 Enterprise Project Portfolio Management Unspecified Vulnerability
    26. Oracle Outside In Technology Outside In Image Export SDK Multiple Vulnerabilities
    27. Oracle Siebel Clinical Multiple Unspecified Vulnerabilities
    28. Oracle Solaris Multiple Vulnerabilities
    29. Oracle WebCenter Forms Recognition Designer Multiple Vulnerabilities
    30. SPARC Enterprise M Series XSCF Control Package Vulnerabilities
  6. RealPlayer Enterprise Multiple Vulnerabilities
  7. Red Hat Multiple Vulnerabilities
  8. SUSE Multiple Vulnerabilities
  9. VMware Multiple Products Privilege Escalation Security Issue

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – Apr 12th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.

Summary:

  1. Adobe Reader/Acrobat Multiple Vulnerabilities

  2. Cisco WebEx Player Three Vulnerabilities

  3. Google Chrome Multiple Vulnerabilities

  4. Microsoft April Security Bulletin –

    1. Cumulative Security Update for Internet Explorer MS12-023 – Critical (2675157)

    2. Vulnerability in Windows Could Allow Remote Code Execution MS12-024 – Critical (2653956)

    3. Vulnerability in .NET Framework Could Allow Remote Code Execution MS12-025 – Critical (2671605)

    4. Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure MS12-026 – Important (2663860)

    5. Vulnerability in Windows Common Controls Could Allow Remote Code Execution MS12-027 – Critical (2664258)

    6. Vulnerability in Microsoft Office Could Allow Remote Code Execution MS12-028 – Important (2639185)

  5. Novell iManager jclient "EnteredAttrName" Buffer Overflow Vulnerability

  6. Novell Sentinel "filename"Arbitrary File Download Vulnerability

  7. Oracle MySQL Server Two Unspecified Vulnerabilities

  8. Red Hat Multiple Vulnerabilities

  9. SUSE Multiple Vulnerabilities

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – Apr 5th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.

Summary:

  1. Adobe Flash Player / AIR Two Vulnerabilities
  2. Apple Mac OS X update for Java
  3. Check Point Multiple Products Hash Collision Denial of Service Vulnerability
  4. Cisco ISO Multiple Vulnerabilities
  5. HP-UX DCE Unspecified Denial of Service Vulnerability
  6. Red Hat Multiple Vulnerabilities
  7. SUSE Multiple Vulnerabilities
  8. VMware ESX Server / ESXi I/O Handling ROM Overwrite Privilege Escalation Vulnerability

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – Mar 29th, 2012

Commonwealth Securityand Risk Management staff has been tracking multiple vulnerabilitiesthat may have significant impact for the Commonwealth Information Security community.

Summary:

  1. Adobe ColdFusion Hash Collision Denial of Service Vulnerability
  2. Blue Coat PacketShaper and PolicyCenter OpenSSL Ciphersuite Downgrade Vulnerability
  3. Cisco Adaptive Security Appliances Multiple Vulnerabilities
  4. Cisco Firewall Services Module PIM Processing Denial of Service Vulnerability
  5. Citrix XenServer vSwitch Controller Component Multiple Unspecified Vulnerabilities
  6. Dell PowerVault ML6000 Multiple Vulnerabilities
  7. Google Chrome Multiple Vulnerabilities
  8. HP OpenView Network Node Manager Multiple Vulnerabilities
  9. HP Performance Manager Unspecified Code Execution Vulnerability
  10. HP-UX Multiple Vulnerabilities
  11. IBM AIX OpenSSL Multiple Vulnerabilities
  12. IBM HTTP Server Multiple Vulnerabilities
  13. IBM 31-bit SDK for z/OS Multiple Vulnerabilities
  14. Ipswitch WhatsUp Gold"ExportViewer.asp" Directory Traversal Vulnerability
  15. McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities
  16. Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities
  17. Novell eDirectory Multiple Vulnerabilities
  18. Novell iManager Multiple Vulnerabilities
  19. Novell ZENworks Configuration Management Multiple Vulnerabilities
  20. Opera Multiple Vulnerabilities
  21. Red Hat Multiple Vulnerabilities
  22. SUSE Multiple Vulnerabilities
  23. VMWare Multiple Vulnerabilities
  24. Wireshark Multiple Denial of Service Vulnerabilities

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – Mar 13th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.

Summary:

  1. Apple Safari Multiple Vulnerabilities

  2. Apple iOS Software Multiple Vulnerabilities

  3. Cisco Multiple Vulnerabilities

  4. Google Chrome Multiple Vulnerabilities

  5. Microsoft March Security Bulletin -
    1. Vulnerabilities in Remote Desktop Could Allow Remote Code Execution MS12-020 – Critical (2671387)
    2. Vulnerability in DNS Server Could Allow Denial of Service MS12-017 – Important (2647170)
    3. Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege MS12-018 – Important (2641653)
    4. Vulnerability in Visual Studio Could Allow Elevation of Privilege MS12-021 – Important (2651019)
    5. Vulnerability in Expression Design Could Allow Remote Code Execution MS12-022 – Important (2651018)
    6. Vulnerability in DirectWrite Could Allow Denial of Service MS12-019 – Moderate (2665364)

  6. Mozilla Firefox Multiple Vulnerabilities

  7. SUSE Samba Multiple Vulnerabilities

  8. VMware ESX Server Multiple Vulnerabilities

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – Feb 16th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities
that may have significant impact for the Commonwealth Information Security community.

Summary:

  1. Adobe Flash Player Multiple Vulnerabilities

  2. Adobe Shockwave Player/RoboHelp Multiple Vulnerabilities

  3. Cisco NX-OS Vulnerability

  4. Google Chrome Multiple Vulnerabilities

  5. Microsoft February Security Bulletin -
    1. Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution MS12-008 (2660465) – Critical
    2. Cumulative Security Update for Internet Explorer MS12-010 (2647516) – Critical
    3. Vulnerability in C Run-Time Library Could Allow Remote Code Execution MS12-013 (2654428) – Critical
    4. Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution MS12-016 (2651026) – Critical
    5. Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege MS12-009 (2645640) – Important
    6. Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege MS12-011 (2663841) – Important
    7. Vulnerability in Color Control Panel Could Allow Remote Code Execution MS12-012 (2643719) – Important
    8. Vulnerability in Indeo Codec Could Allow Remote Code Execution MS12-014 (2661637) – Important
    9. Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution MS12-015 (2663510) – Important

  6. Mozilla Firefox Vulnerability

  7. Oracle Releases Critical Patch Update for February 2012

  8. Red Hat Multiple Vulnerabilities

Read the rest of this entry »

Posted in COV Security Advisories

Commonwealth Security Advisory – Feb 9th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.  

Summary:

              1.      Apache CXF Username Token Policy Validation Security Bypass

             2.      Apple Mac OS X Multiple Vulnerabilities

             3.      Avaya Interaction Center ORB Service Buffer Overflow Vulnerability

             4.      Blue Coat Reporter OpenSSL Two Vulnerabilities

             5.      EMC Documentum Content Server Privilege Escalation Vulnerability

             6.      EMC Documentum xPlore Search Result Information Disclosure Security Issue

             7.      HP Products OpenSSL Race Condition Vulnerability

             8.      HP-UX Apache Web Server Suite Multiple Denial of Service Vulnerabilities

             9.      IBM AIX “TCP large send offload” Denial of Service Vulnerability

           10.     JBoss Multiple Products JMX Console Authentication Bypass

           11.     Oracle Solaris Adobe Flash Player Multiple Vulnerabilities

           12.     PHP “php_register_variable_ex()” Code Execution Vulnerability

           13.     Real Player Multiple Vulnerabilities

           14.     Red Hat Multiple Vulnerabilities

           15.     SUSE Multiple Vulnerabilities

  Read the rest of this entry »

Posted in COV Security Advisories

« Older Entries

Virginia Information Technologies Agency
Commonwealth of Virginia 2008
Contact Us | Web Policy

Contact VITA: 1 (866) 637-8482
Virginia Information Technologies Agency
11751 Meadowville Lane Chester, VA 23836

This website provides content in several formats that require plug-ins, or separate browser components, to properly view.
All required plug-ins (except the non-trial version of WinZip) are free to use.

Word Viewer (.doc) | Adobe Acrobat Reader (.pdf) | Excel Viewer (.xls) | PowerPoint Viewer (.ppt) | WinZip (.zip) | Windows Media Player (.wmv)

This website is WAI compliant. If you have difficulty reading or accessing documents, please Contact Us for assistance