[ISN] Secunia Weekly Summary - Issue: 2012-12

From: InfoSec News <alerts_at_private>
Date: Fri, 23 Mar 2012 04:21:19 -0500 (CDT)
========================================================================

                   The Secunia Weekly Advisory Summary
                         2012-03-15 - 2012-03-22

                        This week: 139 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4................................................Secunia Corporate News
5..................................................This Week in Numbers

========================================================================
1) Word From Secunia:

New Secunia and MS-ISAC partnership to provide vulnerability & patch
Management to US state & local governments
"We are looking forward to commencing the collaboration, and supporting
the MS-ISAC members, who with the Secunia CSI will be empowered to deal
with the root cause, the vulnerabilities. The Secunia CSI will have a
direct, positive impact on the effectiveness and timeliness of the
members. patch management operations, providing transparency into what
is posing a security threat to their organisation so that they can
target and prioritise their resources and efforts." - Thomas Zeihlund,
CEO, Secunia.

Read the official announcement here:
http://secunia.com/company/blog_news/blog/312/

========================================================================
2) This Week in Brief:

Francis Provencher has discovered a vulnerability in Adobe Photoshop,
which can be exploited by malicious people to potentially compromise a
user's system.

http://secunia.com/advisories/48457/

Two vulnerabilities have been reported in libzip, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise an application using the library.

http://secunia.com/advisories/48469/

Mu Dynamics has reported two vulnerabilities in GnuTLS, which can be
exploited by malicious people to potentially compromise an application
using the library.

http://secunia.com/advisories/48488/

Andrea Micalizzi has discovered a vulnerability in Dell Webcam Central,
which can be exploited by malicious people to compromise a user's
system.

http://secunia.com/advisories/48450/

Multiple vulnerabilities have been reported in VLC Media Player, which
can be exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/48503/

VMware has acknowledged multiple vulnerabilities in multiple VMware
products, which can be exploited by malicious users to disclose certain
information and by malicious people to disclose potentially sensitive
information, hijack a user's session, conduct DNS cache poisoning
attacks, bypass certain security restrictions, manipulate certain data,
cause a DoS (Denial of Service), and compromise a vulnerable system.

http://secunia.com/advisories/48444/

Two vulnerabilities have been reported in Asterisk, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

http://secunia.com/advisories/48417/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

For more information on how to receive alerts on these vulnerabilities,
subscribe to the Secunia business solutions:
http://secunia.com/advisories/business_solutions/

1.  [SA48009] Oracle Java SE Multiple Vulnerabilities
2.  [SA48281] Adobe Flash Player Two Vulnerabilities
3.  [SA48444] VMware Multiple Products Multiple Vulnerabilities
4.  [SA48395] Microsoft Windows Remote Desktop Protocol Two
               Vulnerabilities
5.  [SA48500] VLC Media Player Multiple Vulnerabilities
6.  [SA48378] VMware ESX Server / ESXi Multiple Vulnerabilities
7.  [SA48366] nginx HTTP Header Parsing Memory Disclosure Weakness
8.  [SA48402] Mozilla Firefox / Thunderbird / SeaMonkey Multiple
               Vulnerabilities
9.  [SA48423] Cisco Adaptive Security Appliances Multiple Denial of
               Service Vulnerabilities
10. [SA48379] VMware View Cross-Site Scripting and Privilege Escalation
               Vulnerabilities

========================================================================
4) Secunia Corporate News

Kick-start Spring by meeting Secunia @ key industry events in April
2012
Microsoft Management Summit (16-20 April, Las Vegas) and Infosecurity
Europe (24-26 April, London), plus others:
http://secunia.com/resources/events/

========================================================================
5) This Week in Numbers

During the past week 139 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
   Windows             :     22 Secunia Advisories
   Unix/Linux          :     47 Secunia Advisories
   Other               :     18 Secunia Advisories
   Cross platform      :     51 Secunia Advisories

Criticality Ratings:
   Extremely Critical  :      0 Secunia Advisories
   Highly Critical     :     30 Secunia Advisories
   Moderately Critical :     41 Secunia Advisories
   Less Critical       :     53 Secunia Advisories
   Not Critical        :     15 Secunia Advisories

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web     : http://secunia.com/
E-mail  : support_at_private
Tel     : +45 70 20 51 44
Fax     : +45 70 20 51 45


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill .  It's that easy.
http://www.expandingsecurity.com/PainPill
Received on Fri Mar 23 2012 - 02:21:19 PDT

This archive was generated by hypermail 2.2.0 : Fri Mar 23 2012 - 02:22:45 PDT