InfoSec vulnerability disclosures

CPNI undertakes research into computer vulnerabilities or weaknesses and augments this with extensive intelligence to determine the extent of threats to the Critical National Infrastructure from hostile and malevolent elements.

Together with a number of partners, CPNI will identify problems and work with vendors to provide software patches through a policy of responsible disclosure - alerting communities at the most appropriate time, while minimising the risk of potential exploitation.

CPNI is working hard to develop a workable and efficient disclosure policy. In the past there was greater exposure between the disclosure of a vulnerability and the patch becoming available.

When a vulnerability is discovered, CPNI brokers an agreement with the 'finder' and vendors on disclosure dates and the release of the 'fix'.

Vulnerabilities are common in today's IT environment. It is strongly advised that such weaknesses should be reported to CPNI.

Most recent vulnerability disclosures

CSIRTUK Advisories Feed

• Local User Privilege Escalation Vulnerability in X-Kryptor Secure Client
• Predictable session identifiers in Crystal Reports
• Several Vulnerabilities found in Cisco Secure Access Control Server
• Vulnerability Issues in Implementations of the DNS Protocol
• Cross Site Scripting Vulnerability in IBM WebSphere
• Security Implications of failing to correctly use filtering in .NET web applications
• Denial-of-Service Condition Affecting X.509 Certificates Verification
• Security Implications of the FolderShare Program
• Multiple DoS Vulnerabilities in the BIND 9
• Vulnerability Issues with HP OpenView Storage Data Protector

Click here to view all vulnerability disclosures »