[ISN] Secunia Weekly Summary - Issue: 2011-44

From: InfoSec News <alerts_at_private>
Date: Fri, 4 Nov 2011 01:44:16 -0500 (CDT)
========================================================================

                   The Secunia Weekly Advisory Summary
                         2011-10-27 - 2011-11-03

                        This week: 47 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4................................................Secunia Community News
5................................................Secunia Corporate News
6..................................................This Week in Numbers

========================================================================
1) Word From Secunia:

Want help coordinating vulnerabilities?
The new Secunia Vulnerability Coordination Reward Program (SVCRP)
rewards researchers for coordinating software vulnerabilities.
"The fun part of vulnerability research is the actual process of
discovering and understanding the vulnerabilities as well as creating
proof of concepts or exploits; and not the sometimes extensive
coordination and liaison process that follows with the vendor in order
to fix the problem. Under the new program we will both confirm
vulnerability discoveries and handle the coordination process, allowing
researchers to focus on the more exciting aspects of vulnerability
research." Carsten Eiram, Chief Security Specialist. Read more:
http://secunia.com/company/blog_news/news/271

========================================================================
2) This Week in Brief:

VMware has acknowledged multiple vulnerabilities in multiple VMware
vCenter products, which can be exploited by malicious, local users to
disclose potentially sensitive information, by malicious users to cause
a DoS (Denial of Service), and by malicious people to disclose
potentially sensitive information, manipulate certain data, bypass
certain security restrictions, conduct spoofing attacks, conduct DNS
cache poisoning attacks, cause a DoS (Denial of Service), and
compromise a vulnerable system.

http://secunia.com/advisories/46651/

Multiple vulnerabilities have been reported in Apple Quicktime, which
can be exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/46618/

Cisco has acknowledged two vulnerabilities in Cisco Security Agent,
which can be exploited by malicious people to compromise a vulnerable
system.

http://secunia.com/advisories/46631/

A vulnerability has been reported in Novell iPrint Client, which can be
exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/46606/

Multiple vulnerabilities have been reported in Google Chrome, where
some have unknown impacts and others can be exploited by malicious
people to bypass certain security restrictions, conduct spoofing
attacks, conduct cross-site scripting attacks, and potentially
compromise a user's system.

http://secunia.com/advisories/46594/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

For more information on how to receive alerts on these vulnerabilities,
subscribe to the Secunia business solutions:
http://secunia.com/advisories/business_solutions/

1.  [SA46512] Oracle Java SE Multiple Vulnerabilities
2.  [SA46529] VMware ESX Server Multiple Vulnerabilities
3.  [SA46618] Apple QuickTime Multiple Vulnerabilities
4.  [SA46637] D-Link Products SSH Server Buffer Overflow Vulnerability
5.  [SA46651] VMware vCenter Products JRE Multiple Vulnerabilities
6.  [SA45279] Winamp Multiple Vulnerabilities
7.  [SA46650] VMware ESXi Server "sblim-sfcb" Integer Overflow
               Vulnerability
8.  [SA46641] IBM AIX BIND Multiple Vulnerabilities
9.  [SA46652] Oracle Hyperion Enterprise Performance Management
               arsqls24.dll Buffer Overflow Vulnerability
10. [SA46113] Adobe Flash Player Multiple Vulnerabilities

========================================================================
4) Secunia Community News

Borsen: Super Gazelle (Danish article)
Secunia is recognised by the leading Danish financial newspaper as one
of the few Danish companies that has experienced growth for five
consecutive years: http://secunia.com/company/blog_news/articles/269/

Join Secunia @ Infosecurity Europe, 02-03 November, Utrecht, the
Netherlands
Book a one-to-one meeting with the Secunia team and learn how you can
enhance your patch management process:
http://secunia.com/resources/events/infosec_nl_2011/

Gartner Symposium/ITxpo 2011, 07-10 November, Barcelona, Spain
Secunia will be exhibiting (stand ET14) at arguably the industry's
largest and most important annual gathering of CIOs and senior IT
leaders: http://www.gartner.com/technology/symposium/barcelona/

========================================================================
5) Secunia Corporate News

Gartner Symposium/ITxpo 2011, 07-10 November, Barcelona, Spain
Secunia will be exhibiting (stand ET14) at arguably the industry's
largest and most important annual gathering of CIOs and senior IT
leaders: http://www.gartner.com/technology/symposium/barcelona/

Pre-emptive action against vulnerabilities . a priority for effective
security strategies
The Secunia VIM enables you to simplify and strategize your handling of
emerging threats. Read more and request a free trial:
http://secunia.com/products/corporate/vim/

Attending Finance Forum in Zurich, Switzerland this year (09 November)?
If so, visit the Secunia team at Stand 3.6 and learn how to stay secure
the most efficient and cost effective way by enhancing your
vulnerability/patch management process:
http://www.finance-forum.com/en/

========================================================================
6) This Week in Numbers

During the past week 47 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
   Windows             :     11 Secunia Advisories
   Unix/Linux          :     16 Secunia Advisories
   Other               :      2 Secunia Advisories
   Cross platform      :     18 Secunia Advisories

Criticality Ratings:
   Extremely Critical  :      0 Secunia Advisories
   Highly Critical     :     14 Secunia Advisories
   Moderately Critical :     13 Secunia Advisories
   Less Critical       :     19 Secunia Advisories
   Not Critical        :      1 Secunia Advisory

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Thu Nov 03 2011 - 23:44:16 PDT

This archive was generated by hypermail 2.2.0 : Thu Nov 03 2011 - 23:48:13 PDT