JC3 Medium Impact Assessment Bulletins | Department of Energy

You are here

JC3 Medium Impact Assessment Bulletins

February 26, 2013

V-099: Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability

A vulnerability has been reported in multiple Honeywell products.

February 25, 2013

V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service

A vulnerability was reported in the Linux Kernel.

February 19, 2013

V-094: IBM Multiple Products Multiple Vulnerabilities

A weakness and multiple vulnerabilities have been reported in multiple IBM products.

February 18, 2013

V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges

Two vulnerabilities were reported in Symantec PGP Desktop.

February 12, 2013

V-089: Apache CXF SOAP URIMappingInterceptor and Plaintext UsernameTokens Security Issues

Two security issues have been reported in Apache CXF

February 6, 2013

V-085: Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks

A vulnerability was reported in Cisco Unity Express.

February 5, 2013

V-084: RSA Archer eGRC Permits Cross-Site Scripting, Cross-Domain Access, Clickjacking, and File Upload Attacks

Several vulnerabilities were reported in RSA Archer eGRC.

January 29, 2013

V-079: ISC BIND AAAA Record Lookup Handling Assertion Failure Vulnerability

ISC has learned of the potential for an error condition to occur in BIND 9

January 28, 2013

V-078: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks

WordPress 3.5.1 Maintenance and Security Release

January 24, 2013

V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code

A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can modify the configuration on the target system. A remote user can cause denial of service conditions.