(Common Vulnerabilities and Exposures) A list of information security exposures and vulnerabilities sponsored by US-CERT and maintained by the MITRE Corporation. The CVE mission is to provide standard names for all publicly known security exposures as well as standard definitions for security terms. The CVE can be searched online using the National Vulnerability Database (NVD) at http://nvd.nist.gov or downloaded in several formats from MITRE Corporation at www.cve.mitre.org/cve. See National Vulnerability Database.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- MSN Norway serving Flash exploits through malvertising
- Morten Krakvik from the Norwegian Honeynet Project is reporting that MSN Norway is among the latest victims of malvertising, a practice where a bogus advertising provider tricks leading portals into accepting advertisements from its network, which often end up redirecting to live exploit URLs. The recent wave of malvertising that...
- Blog posts 2008-08-27
- iPhone passcode lock rendered useless
- Do not trust that passcode lock on Apple's iPhone. The feature, which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information. ...
- Blog posts 2008-08-27
- Exploit code published for Apache Tomcat flaw
- The United States Computer Emergency Response Team (US-CERT) has raised an alarm for a serious vulnerability in Apache Tomcat, warning that a proof-of-concept exploit is publicly available. The code, posted to Milw0rm.com, exploits a directory traversal vulnerability vulnerability in the way Apache Tomcat handles malformed requests. ...
- Blog posts 2008-08-21
- Exploits, vulnerabilities, and questions
- Exploits, vulnerabilities, and questionsIt is cooking with love.The person works for MS, and even a "stock" install without all the optional packages still contains hundreds and hundreds of applications. More to the point, however, I think a carefully crafted criteria was enforced that skewed things in a positive...
- Discussion threads 2008-08-16
- Measuring (not so) recent BIND nameserver patching
- Guest editorial by Derek Callaway This post is meant to provide an approximation of BIND nameserver updates that occurred during the past month, most likely in response to Dan Kaminsky's DNS cache poisoning vulnerability. I conducted this research because I was curious as to how widely BIND...
- Blog posts 2008-08-14
- Microsoft plugs IE, Office in big patch haul
- Microsoft patched 26 vulnerabilities with its latest patch including 20 flaws that were deemed critical. Here's the rundown of critical flaws full bulletin: CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2259 and CVE-2008-2258: These patches fix IE 5 through 7 on various flavors of Windows and address...
- Blog posts 2008-08-12
- CNET's Clientside developer blog serving Adobe Flash exploits
- Yesterday, Websense Labs issued an alert regarding a compromised CNET blog, namely the Clientside developer blog which has been embedded with a malicious javascript code attempting to exploit the visitors through a well known vulnerability in Adobe Flash's player. Websense's alert : "Websense Security Labs ThreatSeeker Network has discovered...
- Blog posts 2008-08-07
- Did Apple forget to patch something?
- Did Apple forget to patch something?AppleI usually sing the praises of Apple except when they don't live up to the hype or expectations. If they really want to grow their user base, they'd better get with it when it comes to delivering patches in a timely manner. In terms of...
- Discussion threads 2008-08-01
- Apple finally ships DNS flaw fix, patches 16 other Mac OS X holes
- [ UPDATE: nCircle Andrew Storms reports that the DNS client on the OSX 10.4.11 distribution still has not been patched. ] Apple has shipped a Mac OS X security update with patches for at least 17 documented vulnerabilities, including a fix for the serious DNS...
- Blog posts 2008-07-31
- Gaping holes in RealPlayer patched
- Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks. The patch comes a few hours after Secunia released an advisory warning for one...
- Blog posts 2008-07-25
- |)ruid and HD Moore release part 2 of DNS exploit
- |)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...
- Discussion threads 2008-07-24
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Blog posts 2008-07-21
- David Litchfield on details of one of the critical vulnerabilities from the latest Oracle patch
- More details coming out on the Oracle patches that were released last week, see Ryan Naraine's write up here. David Litchfield, noted security researcher from NGSSoftware, released details of one of the vulnerabilities on the Full-Disclosure email list today, and the details are staggering. The flaw allows potential unauthenticated remote...
- Blog posts 2008-07-15
- Apple ships (long overdue) iPhone security patches
- Finally, after months of waiting, iPhone users finally get security fixes for a batch of known software vulnerabilities. The latest iPhone 2.0 and iPod Touch 2.0 update patches at least 13 documented vulnerabilities, including several code execution holes in the Safari mobile Web browser. The...
- Blog posts 2008-07-11
- Apple releases patches for dangerous QuickTime flaws in Apple TV 2.1 product
- Apple released patches for its Apple TV 2.1 product yesterday. Some of you might be saying, why do I care, I don't use Apple TV. Well, if you do use Apple TV, you obviously should care as some of these are very serious flaws, but if you don't,...
- Blog posts 2008-07-11
- Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins
- Microsoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server. Briefly, the vulnerabilities involve: Cache poisoning and insufficient socket entropy flaws in Microsoft DNS Server A remote...
- Blog posts 2008-07-08
- Microsoft delivers 'important' patches
- Microsoft on Tuesday delivered nine important patches to fix vulnerabilities in SQL Server, Exchange Server, Vista and Windows Server. Among the details, which were previewed last week. CVE-2008-0085: A vulnerability in the way SQL Server manages memory page reuse. An attacker with database operator...
- Blog posts 2008-07-08
- Apple hasn't learned from past security mistakes
- * Ryan Naraine is on vacation. Guest editorial by Aviv Raff Apple's Safari for Windows is a nice browser. It really is. It has slick user interface, some pretty cool features, and benchmarks show that it is really fast. But, saying that...
- Blog posts 2008-07-08
- Apple plugs 25 Mac OS X security vulnerabilities
- Apple has shipped another Mac OS X monster update to fix a total of 25 documented vulnerabilities that could lead to arbitrary code execution attacks. With Security Update 2008-004, Apple fixes code execution flaws in Launch Services, SMB File Server, System Configuration, VPN and WebKit. ...
- Blog posts 2008-06-30
- 90% of all statistics can be made to say anything... 50% of the time, aka my thoughts on the Verizon report
- ** Update 06/23/2008: I realize I didn't do a very good job of talking about what we're reviewing here. This is in response to the statistics gathered by Verizon related to Forensic Analysis of Data Breaches over a four year span. First off, let me...
- Blog posts 2008-06-22
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Demo: Virtualization with the Intel® Xeon® Processor
-
In this Flash demo, you'll learn about virtualization performance and features ideal for consolidation, load balancing, and disaster recovery with leading enterprise reliability.
- Watch how the Intel Xeon processor can increase performance and reliability of your servers >>
- Sports and Technology
-
Major League Baseball pitches new app to iPhone users
At Apple's Worldwide Developers Conference in San Francisco, Jeremy Schoenherr of MLB.com demos At-Bat, a new iPhone app from Major League Baseball.
View the ZDNet video to learn more -
The SF Giants' new hi-tech ballpark
SF Giants CIO Bill Schlough discusses new technology upgrades at AT&T Park and outlines his dual role- managing technology operations at the backend while using hi-tech to improve player performance on the field.
View the ZDNet CIO Vision Series video - From our Sponsors
- Fantasy Football
-
-
3 Great Ways To Play Fantasy Football
Play for free, play to win cash prizes- up to $3500, or customize your own league.
Learn More » -
