======================================================================== The Secunia Weekly Advisory Summary 2011-11-03 - 2011-11-10 This week: 74 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4................................................Secunia Corporate News 5..................................................This Week in Numbers ======================================================================== 1) Word From Secunia: Answers To A Researcher's Questions About SVCRP "Yesterday, I responded to some excellent questions received from a researcher interested in our new SVCRP program. As I'm sure many researchers have similar questions and would be interested in the answers, I got the researcher's permission to publish part of my response on our website as well." Carsten Eiram, Chief Security Specialist, Secunia. Read the Q&A here: http://secunia.com/blog/279/ ======================================================================== 2) This Week in Brief: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. http://secunia.com/advisories/46757/ Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/46667/ A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/46752/ A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. http://secunia.com/advisories/46731/ Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. http://secunia.com/advisories/46694/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: For more information on how to receive alerts on these vulnerabilities, subscribe to the Secunia business solutions: http://secunia.com/advisories/business_solutions/ 1. [SA46724] Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability 2. [SA46512] Oracle Java SE Multiple Vulnerabilities 3. [SA46731] Microsoft Windows TCP/IP Reference Counter Overflow Vulnerability 4. [SA46755] Microsoft Windows Active Directory LDAPS Authentication Bypass 5. [SA46113] Adobe Flash Player Multiple Vulnerabilities 6. [SA46644] Wireshark Multiple Vulnerabilities 7. [SA46696] Citrix XenDesktop Client Drive Mapping Policy Bypass Security Issue 8. [SA45793] Apache HTTP Server "ap_pregsub()" Privilege Escalation Vulnerability 9. [SA46743] HP TCP/IP Services for OpenVMS Security Bypass and Denial of Service Vulnerabilities 10. [SA46447] phpMyadmin XML Entity References Information Disclosure Vulnerability ======================================================================== 4) Secunia Corporate News Microsoft Patch Tuesday Roundup - November Get an overview of Microsoft Patch Tuesday's security bulletins and the corresponding Secunia Advisories here: http://secunia.com/blog/277 Insecure Library Loading - One down, many more to go... In this month's Microsoft Patch Tuesday, one of the security bulletins covered an Insecure Library Loading vulnerability affecting several versions of Microsoft's Windows OS. Read more: http://secunia.com/blog/278 DEFCON 19: Is it 0-day or 0-care? Watch this year's panel discussion with Secunia, Microsoft, TippingPoint, MITRE/CVE, Open Security Foundation, OSVDB, and CERT: http://secunia.com/blog/274/ Confessions of a Guru: How to know if App-V Apps need security updates Tim Mangan reviews the Secunia PSI and Secunia CSI: http://secunia.com/company/blog_news/articles/275/ ======================================================================== 5) This Week in Numbers During the past week 74 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business. This weeks Secunia Advisories had the following spread across platforms and criticality ratings: Platforms: Windows : 11 Secunia Advisories Unix/Linux : 34 Secunia Advisories Other : 6 Secunia Advisories Cross platform : 23 Secunia Advisories Criticality Ratings: Extremely Critical : 1 Secunia Advisory Highly Critical : 16 Secunia Advisories Moderately Critical : 25 Secunia Advisories Less Critical : 27 Secunia Advisories Not Critical : 5 Secunia Advisories ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Nov 10 2011 - 22:56:50 PST
This archive was generated by hypermail 2.2.0 : Thu Nov 10 2011 - 23:04:24 PST