Security Alerts and Advisories
Home > 
Security Alerts and Advisories
< back
2015-12-29
GovCERT.HK - Security Alert (A15-12-09): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, integer overflow, type confusion and use-after-free error. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.
2015-12-18
GovCERT.HK - Security Alert (A15-12-08): Vulnerability in IBM Notes and Domino
IBM has published a security bulletin to address a vulnerability related to Apache Commons Collections used in Domino/Notes when handling Java object deserialization in the InvokerTransformer class. An attacker could send specially crafted data to affected system to execute arbitrary Java code. 
2015-12-18
GovCERT.HK - Security Alert (A15-12-07): Multiple Vulnerabilities in Apple iOS
Apple has released software update fixing 30 vulnerabilities in iOS versions prior to iOS 9.2. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, the attacker could entice a user to open a specially crafted image or media files, font file, iBook file, iWork file, XML document, web page or install a malicious application to exploit the vulnerabilities.
2015-12-16
GovCERT.HK - Security Alert (A15-12-06): Multiple Vulnerabilities in ISC BIND
Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to request a record with malformed class attribute to trigger REQUIRE assertion failure, causing a denial-of-service condition. In addition, a flaw was found which can cause the BIND to exit after encountering an INSIST assertion failure.
2015-12-16
GovCERT.HK - Security Alert (A15-12-05): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, flaws in API or use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities. 
2015-12-9
GovCERT.HK - Security Alert (A15-12-03): Multiple Vulnerabilities in Microsoft Products (December 2015)
Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-12-9
GovCERT.HK - Security Alert (A15-12-04): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, various buffer overflow, type confusion, use-after-free error and security bypass problems. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.
2015-12-4
GovCERT.HK - Security Alert (A15-12-02): Multiple Vulnerabilities in OpenSSL
Multiple vulnerabilities are found in the OpenSSL library. A remote attacker could exploit a memory leak problem or launch denial of service attack exploiting a NULL pointer dereference problem in OpenSSL.
2015-12-2
GovCERT.HK - Security Alert (A15-12-01): Multiple Vulnerabilities in IBM Notes and Domino
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (October 2015) which could be remotely exploited without authentication. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially-crafted file or visit a malicious website.
2015-11-11
GovCERT.HK - Security Alert (A15-11-03): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion, security bypass and use-after-free error.
2015-11-11
GovCERT.HK - Security Alert (A15-11-02): Multiple Vulnerabilities in Microsoft Products (November 2015)
Microsoft has released 12 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-11-4
GovCERT.HK - Security Alert (A15-11-01): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.
2015-10-26
GovCERT.HK - Security Alert (A15-10-07): Multiple Vulnerabilities in IBM Domino
IBM has issued a security bulletin to address two GIF parsing buffer overflow vulnerabilities in IBM Domino.
2015-10-22
GovCERT.HK - Security Alert (A15-10-06): Multiple Vulnerabilities in Cisco Products
Cisco has released security advisories fixing a number of vulnerabilities in Cisco security appliances, virtual appliances and services modules. 
2015-10-22
GovCERT.HK - Security Alert (A15-10-05): Multiple Vulnerabilities in Oracle Java and Oracle Products (October 2015)
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products. 
2015-10-19
GovCERT.HK - Security Alert (A15-10-04): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion. 
2015-10-16
GovCERT.HK - Security Alert (A15-10-03): Vulnerability in Firefox
Mozilla has published a security advisory to address a vulnerability found in Firefox. This vulnerability is caused a problem in fetch() API that did not correctly implement the Cross-Origin Resource Sharing(CORS) specification.
2015-10-14
GovCERT.HK - Security Alert (A15-10-02): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by various buffer overflow, use-after-free error, memory leak, memory corruption, security bypass and problems in Flash broker and Javascript API. 
2015-10-14
GovCERT.HK - Security Alert (A15-10-01): Multiple Vulnerabilities in Microsoft Products (October 2015)
Microsoft has released 6 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-9-24
GovCERT.HK - Security Alert (A15-09-05): Multiple Vulnerabilities in Cisco Products (September 2015)
Cisco has released three security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software. An unauthenticated remote attacker could exploit the vulnerabilities in relation to several functions or protocols including SSH version 2 (SSHv2) using RSA-based user authentication, Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services, and IPv6 snooping feature configured.
2015-9-23
GovCERT.HK - Security Alert (A15-09-04): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, buffer overflow or use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
2015-9-22
GovCERT.HK - Security Alert (A15-09-03): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion, various buffer overflow, use-after-free error, memory leak and memory corruption. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
2015-9-9
GovCERT.HK - Security Alert (A15-09-02): Multiple Vulnerabilities in Microsoft Products (September 2015)
Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-9-4
GovCERT.HK - Security Alert (A15-09-01): Multiple Vulnerabilities in ISC BIND
Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to exploit errors in parsing a malformed DNSSEC key or in performing a boundary check in openpgpkey_61.c that would trigger an assertion failure, causing BIND to exit.
2015-8-28
GovCERT.HK - Security Alert (A15-08-08): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by use-after-free error or add-on notification bypass through "data:" URL. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
2015-8-21
GovCERT.HK - Security Alert (A15-08-07): Multiple Vulnerabilities in Apple QuickTime
Multiple vulnerabilities are found in Apple QuickTime. 
2015-8-19
GovCERT.HK - Security Alert (A15-08-06): Vulnerability in Microsoft Internet Explorer
A vulnerability is identified in Microsoft Internet Explorer that could allow arbitrary code execution.
2015-8-14
GovCERT.HK - Security Alert (A15-08-05): Multiple Vulnerabilities in IBM Notes and Domino
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (July 2015) which could be remotely exploited without authentication. 
2015-8-12
GovCERT.HK - Security Alert (A15-08-04): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, use-after-free error, integer overflows when handling MPEG4 video and buffer overflows in the Libvpx library used for WebM video. 
2015-8-12
GovCERT.HK - Security Alert (A15-08-03): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion, various buffer overflow, use-after-free error and memory corruption. 
2015-8-12
GovCERT.HK - Security Alert (A15-08-02): Multiple Vulnerabilities in Microsoft Products (August 2015)
Microsoft has released 14 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-8-7
GovCERT.HK - Security Alert (A15-08-01): Vulnerability in Firefox
Mozilla has published a security advisory to address a vulnerability found in Firefox. This vulnerability is caused by a problem that allows violation of the same origin policy to read local files. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerability. 
2015-7-29
GovCERT.HK - Security Alert (A15-07-11): Vulnerability in ISC BIND 
A vulnerability is found in the Internet Systems Consortium (ISC) BIND software. A remote attacker could send a specially crafted packets to exploit an error in the handling of TKEY queries and trigger a REQUIRE assertion failure, causing BIND to exit. Access control lists or configuration options limiting or denying service cannot prevent the problem.
2015-7-28
GovCERT.HK - Security Alert (A15-07-10): Multiple Vulnerabilities in Android
Multiple vulnerabilities are found in Android. A remote attacker could send a specially crafted Multimedia Messaging Service (MMS) message to targeted Android devices to exploit the vulnerabilities.
2015-7-21
GovCERT.HK - Security Alert (A15-07-09): Vulnerability in Microsoft Windows
A vulnerability is identified in Microsoft Windows that could be exploited to compromise an affected system. Due to an error when Windows Adobe Type Manager Library handles OpenType fonts, an attacker could exploit to take control of the system if a user opens a specially crafted document or visit a webpage that contains embedded OpenType fonts.
2015-7-15
GovCERT.HK - Security Alert (A15-07-08): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2015)
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
2015-7-15
GovCERT.HK - Security Alert (A15-07-07): Multiple Vulnerabilities in Microsoft Products (July 2015)
Microsoft has released 14 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-7-15
GovCERT.HK - Security Alert (A15-07-06): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by memory corruption, various buffer overflow, null-pointer dereference, use-after-free error and security bypass. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted PDF file, web page, Flash file, or document that supports embedded Flash content.
2015-7-10
GovCERT.HK - Security Alert (A15-07-05): Vulnerability in OpenSSL
By exploiting the vulnerability in the OpenSSL library, an attacker could bypass certain checks on certificates, such as the Certificate Authority (CA) flag check, enabling a certificate issued by a valid leaf certificate to be wrongly verified as issued by the valid CA.
2015-7-9
GovCERT.HK - Security Alert (A15-07-04): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, heap buffer overflow, type confusion or use-after-free error. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
2015-7-3
GovCERT.HK - Security Alert (A15-07-03): Multiple Vulnerabilities in Firefox and Thunderbird
Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, use-after-free error, uses of uninitialized memory, poor validation, read of not owned memory in zip files and buffer overflows. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
2015-7-2
GovCERT.HK - Security Alert (A15-07-02): Multiple Vulnerabilities in Apple QuickTime
Multiple vulnerabilities are found in Apple QuickTime. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially crafted media file.
2015-7-2
GovCERT.HK - Security Alert (A15-07-01): Multiple Vulnerabilities in Apple iOS
Apple has released software update fixing 33 vulnerabilities in iOS versions prior to iOS 8.4. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, a remote attacker could intercept SSL/TLS connections and perform man-in-the-middle (MITM) attacks (also known as Logjam attack). The attacker could also entice a user to open a specially crafted font file, PDF file, TIFF file, SMS or web page to exploit the vulnerabilities.
2015-6-24
GovCERT.HK - Security Alert (A15-06-05): Vulnerability in Adobe Flash Player
Security updates are released for Adobe Flash Player to address a vulnerability caused by heap buffer overflow. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
2015-6-12
GovCERT.HK - Security Alert (A15-06-04): Multiple Vulnerabilities in OpenSSL
Multiple vulnerabilities are found in the OpenSSL library. A remote attacker could downgrade a vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography and perform man-in-the-middle attack (known as Logjam attack). A remote attacker could also launch denial of service attack by sending specially crafted public keys, certificate requests, certificates, PKCS#7 data or signedData messages to an affected system.
2015-6-10
GovCERT.HK - Security Alert (A15-06-03): Multiple Vulnerabilities in IBM Notes and Domino
Multiple vulnerabilities are found in IBM Lotus Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (April 2015) which could be remotely exploited without authentication.
2015-6-10
GovCERT.HK - Security Alert (A15-06-02): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption/leak, stack/integer overflow, use-after-free or security restrictions bypass issues. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
2015-6-10
GovCERT.HK - Security Alert (A15-06-01): Multiple Vulnerabilities in Microsoft Products (June 2015)
Microsoft has released 8 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-5-13
GovCERT.HK - Security Alert (A15-05-04): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by memory corruption, heap overflow, use-after-free or security bypass issues. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, PDF file, or document that supports embedded Flash content.
2015-5-13
GovCERT.HK - Security Alert (A15-05-03): Multiple Vulnerabilities in Firefox and Thunderbird
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, buffer overflow during rendering SVG format graphics or parsing compressed XML content, an out-of-bounds read and write in asm.js during JavaScript validation, and a use-after-free flaw during text processing with vertical text enabled. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
2015-5-13
GovCERT.HK - Security Alert (A15-05-02): Multiple Vulnerabilities in Microsoft Products (May 2015)
Microsoft has released 13 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-5-12
GovCERT.HK - Security Alert (A15-05-01): Multiple Vulnerabilities in IBM Notes, iNotes and Domino
IBM has issued a security bulletin to address two image parsing buffer overflow vulnerabilities in IBM Domino and one cross-site scripting vulnerability in the IBM Dojo Toolkit in IBM Notes, iNotes and Domino. A remote attacker could exploit these vulnerabilities by enticing a user to visit a specially crafted URL to execute scripts or sending a specially crafted bitmap (.BMP) image to the vulnerable Domino SMTP server.
2015-4-21
GovCERT.HK - Security Alert (A15-04-10): Vulnerability in Firefox
Mozilla has published a security advisory to address a vulnerability found in Firefox. The vulnerability is caused by memory corruption during failed plugin initialization. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerability.
2015-4-16
GovCERT.HK - Security Alert (A15-04-09): Vulnerability in IBM Domino
IBM has issued a security bulletin to address a vulnerability caused by a problem in processing GIF files in Domino. A remote attacker could send Internet email with specially crafted GIF files to an affected system to exploit the vulnerability without authentication.
2015-4-15
GovCERT.HK - Security Alert (A15-04-08): Multiple Vulnerabilities in Adobe Flash Player
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities that could be exploited to cause arbitrary code execution, security restrictions bypass, or information disclosure.
2015-4-15
GovCERT.HK - Security Alert (A15-04-07): Multiple Vulnerabilities in Oracle Java and Oracle Products
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
2015-4-15
GovCERT.HK - Security Alert (A15-04-06): Multiple Vulnerabilities in Microsoft Products
Microsoft has released 11 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.
2015-4-10
GovCERT.HK - Security Alert (A15-04-05): Multiple Vulnerabilities in Apple iOS
Apple has released software updates fixing 58 vulnerabilities in iOS versions prior to iOS 8.3. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, a remote attacker could entice a user to open a specially crafted web page, font file, configuration profile or iWork file, or install a malicious application to exploit the vulnerabilities. A local attacker could also connect the affected systems with a malicious external device to execute arbitrary code or access protected information of the affected systems.
2015-4-9
GovCERT.HK - Security Alert (A15-04-04): Multiple Vulnerabilities in Cisco Products
Cisco has released security advisories fixing a number of vulnerabilities in Cisco security appliances, virtual appliances and services modules as listed below.
2015-4-9
GovCERT.HK - Security Alert (A15-04-03): Vulnerability in IBM Lotus Notes and Domino
IBM has published a security bulletin to address a vulnerability related to Factoring Attack on RSA-EXPORT Keys (FREAK) problem in TLS/SSL used in IBM Java in Notes and Domino. It allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use weaker or "export-grade" cryptography, which can be easily decrypted to steal or manipulate sensitive data.
2015-4-8
GovCERT.HK - Security Alert (A15-04-02): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by a flaw in Reader mode on Firefox for Android to bypass restrictions and load privileged content, and a flaw in the HTTP Alternative Service implementation to bypass SSL certificate verification to launch man-in-the-middle attacks. A remote attacker could entice a user to open a web page in a specially configured server or with specially crafted content to exploit the vulnerabilities.
2015-4-1
GovCERT.HK - Security Alert (A15-04-01): Multiple Vulnerabilities in Firefox and Thunderbird
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, a use-after-free flaw in handling certain MP3 files by Fluendo MP3 plugin, memory corruption during 2D graphics rendering and type confusion flaws. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.