Tag: OSVDB

  • January Set As ‘Month Of Apple Bugs’

    [This was originally published on the OSVDB blog.] January Set As ‘Month Of Apple Bugs’http://www.informationweek.com/news/showArticle.jhtml;?articleID=196701178 The “Month of Apple Bugs” project, which will be similar to November’s “Month of Kernel Bugs” campaign, will be hosted by the kernel bug poster who goes by the initials “LMH,” and his partner, Kevin Finisterre, a researcher who has…

  • These two weeks of Word flaws – can we survive?

    [This was originally published on the OSVDB blog.] Courtesy of Juha-Matti Laurio at the Securiteam Blogs: http://blogs.securiteam.com/?p=764 Since 5th December we have seen three separate, serious vulnerabilities in Microsoft Word: [Disclosed – original reference – CVE nameAffected products and product versions] Tue 5th Dec – MS Security Advisory #929433 – CVE-2006-5994 and FAQWord 2003/2002/2000, Word…

  • McAfee: Microsoft patches 133 Critical/Important Vulns in 2006

    [This was originally published on the OSVDB blog.] http://www.avertlabs.com/research/blog/?p=153 McAfee is reporting that Microsoft patched 133 Critical / Important vulnerabilities in 2006. They also compare this number against previous years to presumably demonstrate that security isn’t getting better at Microsoft.

  • Weak of Oracle Bugs

    [This was originally published on the OSVDB blog.] No, not a typo. A couple weeks back, Argeniss “was proud to announce that we are starting on December the “Week of Oracle Database Bugs” (WoODB).” A couple days ago they abruptly called off the WoODB with the following message: We are sad to announce that due…

  • SANS Top 20 Report – Deja Vu

    [This was originally published on the OSVDB blog.] I previously blogged about the SANS Top 20 List in a pretty negative fashion. The list started off as the “Top 10 Vulnerabilities” and quickly expanded into the Top 20 Vulnerabilities. Even last year (2005), they were still calling it a “Top 20 Vulnerabilities” list when it…

  • Month of Kernel Bugs (MoKB)

    [This was originally published on the OSVDB blog.] First it was the Month of Browser Bugs (MoBB), now it is the Month of Kernel Bugs (MoKB). When I first read about it, I immediately thought of thirty odd entries about Linux Kernel Local DoS conditions. My pessimism is born out of the numerous local DoS…

  • CVE Commentary

    [This was originally published on the OSVDB blog.] http://cve.mitre.org/cve/edcommentary.html#community_issues CVE editor Steven Christey has begun to post commentary related to CVE and VDBs. [2013-07-07 Update: This effort didn’t last long. The last update was 2006-02-16, 4 days after this blog post. =(]

  • Insert a classy pun.

    [This was originally published on the OSVDB blog.] This entry should have been published days ago. On top of being overly busy and spread thin, I ran into a big problem related to finding a reference I wanted to include, which will lead to this being a little more ranty than intended. How is it…

  • Google VulnSearch?

    [This was originally published on the OSVDB blog.] Fall behind and someone will always beat you to the punch! Gadi Evron posted an entry over at Securiteam on the topic of using Google’s Codesearch to find vulns. Since he and others are writing about this, I don’t have to! However, i’ll post a few more…

  • Under Pressure…

    [This was originally published on the OSVDB blog.] Microsoft is finding themselves under increasing pressure to release fixes for critical vulnerabilities. This week, Microsoft broke from tradition again and opted to release and early fix for a critical Internet Explorer vulnerability. Since we’ve seen other critical vulnerabilities come up before this one, some of which…