[ISN] Secunia Weekly Summary - Issue: 2011-39

From: InfoSec News <alerts_at_private>
Date: Mon, 3 Oct 2011 03:46:07 -0500 (CDT)
========================================================================

                   The Secunia Weekly Advisory Summary
                         2011-09-22 - 2011-09-29

                        This week: 74 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4................................................Secunia Community News
5................................................Secunia Corporate News
6..................................................This Week in Numbers

========================================================================
1) Word From Secunia:

A formalized approach to handling vulnerabilities is best practice, not
ad hoc tools
According to a new Ovum Technology Report, companies operating diverse
and wide-ranging systems cannot solve their vulnerability management
challenges by using ad hoc tools. They say, "There needs be an
integrated and inclusive approach that makes use of security
intelligence to highlight vulnerabilities and their severity as they
occur." This is where the Secunia Vulnerability Intelligence Manager
(VIM) comes in.
Read more: http://secunia.com/blog/257

========================================================================
2) This Week in Brief:

Multiple vulnerabilities have been reported in Mozilla Firefox, which
can be exploited by malicious people to bypass certain security
restrictions and compromise a user's system.

http://secunia.com/advisories/46203/

Multiple vulnerabilities have been reported in Novell GroupWise, which
can be exploited by malicious users to conduct script insertion
attacks, cause a DoS (Denial of Service), or potentially compromise a
vulnerable system and by malicious people to compromise a vulnerable
system.

http://secunia.com/advisories/43513/

Luigi Auriemma has discovered two vulnerabilities in Sunway
ForceControl and Sunway pNetPower, which can be exploited by malicious
people to disclose system information and compromise a user's system.

http://secunia.com/advisories/46146/

Luigi Auriemma has discovered a vulnerability in CellCtrl, which can be
exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/46144/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

For more information on how to receive alerts on these vulnerabilities,
subscribe to the Secunia business solutions:
http://secunia.com/advisories/business_solutions/

1.  [SA46113] Adobe Flash Player Multiple Vulnerabilities
2.  [SA46168] Microsoft Windows SSL/TLS Initialization Vector Selection
Weakness
3.  [SA45173] Sun Java JRE Insecure Executable Loading Vulnerability
4.  [SA46134] FFmpeg Multiple Vulnerabilities
5.  [SA46171] Mozilla Firefox Multiple Vulnerabilities
6.  [SA46137] Oracle Solaris Apache HTTP Server ByteRange Filter Denial
of Service Vulnerability
7.  [SA45978] Adobe Reader / Acrobat Multiple Vulnerabilities
8.  [SA46146] Sunway ForceControl / pNetPower Directory Traversal and
ActiveX Control Vulnerabilities
9.  [SA46049] Google Chrome Multiple Vulnerabilities
10. [SA46144] CellCtrl Read & Write Excel ActiveX Control "Login()"
Buffer Overflow Vulnerability

========================================================================
4) Secunia Community News

Fixing the fundamental failures of end-point security
How can you keep a typical end-point up-to-date? Secunia's ISF World
Congress presentation analyses the trends and evolving threats
affecting a typical software portfolio, using data from real end-points
in the field:
http://secunia.com/?action=fetch&filename=Secunia_ISF_2011_Presentation.pdf


Attending RSA Conference Europe in London this year (11-13 October)?
If so, visit Secunia at stand S2 and listen to Stefan Frei, Secunia's
Research Analyst Director present "How can a CIO secure a moving target
with limited resources".
Find out more about RSA here: http://www.rsaconference.com/2011/europe/


========================================================================
5) Secunia Corporate News

Be tactical in your handling of vulnerability threats
The Secunia VIM enables you to take pre-emptive action against
vulnerabilities in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/

========================================================================
6) This Week in Numbers

During the past week 74 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
   Windows             :      7 Secunia Advisories
   Unix/Linux          :     25 Secunia Advisories
   Other               :     13 Secunia Advisories
   Cross platform      :     29 Secunia Advisories

Criticality Ratings:
   Extremely Critical  :      0 Secunia Advisories
   Highly Critical     :     22 Secunia Advisories
   Moderately Critical :     27 Secunia Advisories
   Less Critical       :     24 Secunia Advisories
   Not Critical        :      1 Secunia Advisory

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_____________________________________________________________
FINAL CALL to register #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Mon Oct 03 2011 - 01:46:07 PDT

This archive was generated by hypermail 2.2.0 : Mon Oct 03 2011 - 01:48:05 PDT