[ISN] Secunia Weekly Summary - Issue: 2011-45

From: InfoSec News <alerts_at_private>
Date: Fri, 11 Nov 2011 00:56:50 -0600 (CST)
========================================================================

                   The Secunia Weekly Advisory Summary
                         2011-11-03 - 2011-11-10

                        This week: 74 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4................................................Secunia Corporate News
5..................................................This Week in Numbers

========================================================================
1) Word From Secunia:

Answers To A Researcher's Questions About SVCRP
"Yesterday, I responded to some excellent questions received from a
researcher interested in our new SVCRP program. As I'm sure many
researchers have similar questions and would be interested in the
answers, I got the researcher's permission to publish part of my
response on our website as well." Carsten Eiram, Chief Security
Specialist, Secunia.

Read the Q&A here: http://secunia.com/blog/279/

========================================================================
2) This Week in Brief:

Multiple vulnerabilities have been reported in Mozilla Firefox and
Thunderbird, which can be exploited by malicious people to disclose
potentially sensitive information, conduct cross-site scripting
attacks, and compromise a user's system.

http://secunia.com/advisories/46757/

Multiple vulnerabilities have been reported in Adobe Shockwave Player,
which can be exploited by malicious people to compromise a user's
system.

http://secunia.com/advisories/46667/

A vulnerability has been discovered in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/46752/

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

http://secunia.com/advisories/46731/

Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus
products, which can be exploited by malicious users to disclose certain
information and by malicious people to disclose potentially sensitive
information, hijack a user's session, conduct DNS cache poisoning
attacks, manipulate certain data, cause a DoS (Denial of Service), and
compromise a vulnerable system.

http://secunia.com/advisories/46694/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

For more information on how to receive alerts on these vulnerabilities,
subscribe to the Secunia business solutions:
http://secunia.com/advisories/business_solutions/

1.  [SA46724] Microsoft Windows win32k.sys TrueType Font Parsing
               Vulnerability
2.  [SA46512] Oracle Java SE Multiple Vulnerabilities
3.  [SA46731] Microsoft Windows TCP/IP Reference Counter Overflow
               Vulnerability
4.  [SA46755] Microsoft Windows Active Directory LDAPS Authentication
               Bypass
5.  [SA46113] Adobe Flash Player Multiple Vulnerabilities
6.  [SA46644] Wireshark Multiple Vulnerabilities
7.  [SA46696] Citrix XenDesktop Client Drive Mapping Policy Bypass
               Security Issue
8.  [SA45793] Apache HTTP Server "ap_pregsub()" Privilege Escalation
               Vulnerability
9.  [SA46743] HP TCP/IP Services for OpenVMS Security Bypass and
               Denial of Service Vulnerabilities
10. [SA46447] phpMyadmin XML Entity References Information Disclosure
               Vulnerability

========================================================================
4) Secunia Corporate News

Microsoft Patch Tuesday Roundup - November
Get an overview of Microsoft Patch Tuesday's security bulletins and the
corresponding Secunia Advisories here: http://secunia.com/blog/277

Insecure Library Loading - One down, many more to go...
In this month's Microsoft Patch Tuesday, one of the security bulletins
covered an Insecure Library Loading vulnerability affecting several
versions of Microsoft's Windows OS. Read more:
http://secunia.com/blog/278

DEFCON 19: Is it 0-day or 0-care?
Watch this year's panel discussion with Secunia, Microsoft,
TippingPoint, MITRE/CVE, Open Security Foundation, OSVDB, and CERT:
http://secunia.com/blog/274/

Confessions of a Guru: How to know if App-V Apps need security updates
Tim Mangan reviews the Secunia PSI and Secunia CSI:
http://secunia.com/company/blog_news/articles/275/

========================================================================
5) This Week in Numbers

During the past week 74 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
   Windows             :     11 Secunia Advisories
   Unix/Linux          :     34 Secunia Advisories
   Other               :      6 Secunia Advisories
   Cross platform      :     23 Secunia Advisories

Criticality Ratings:
   Extremely Critical  :      1 Secunia Advisory
   Highly Critical     :     16 Secunia Advisories
   Moderately Critical :     25 Secunia Advisories
   Less Critical       :     27 Secunia Advisories
   Not Critical        :      5 Secunia Advisories

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web     : http://secunia.com/
E-mail  : support_at_private
Tel     : +45 70 20 51 44
Fax     : +45 70 20 51 45


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Thu Nov 10 2011 - 22:56:50 PST

This archive was generated by hypermail 2.2.0 : Thu Nov 10 2011 - 23:04:24 PST