New Security Vulnerabilities 12th November 2007
The following new security tests were added to Telspace' database:
TOTAL THREATS IN THE DATABASE 16968
NEW THREATS RISK FACTOR SUMMARY
(*****) Urgent Risk 1
(**** ) Critical Risk 59
(*** ) High Risk 14
(** ) Medium Risk 10
(* ) Low Risk 2
NEW THREATS FAMILY SUMMARY
Windows 14
SuSE Local Checks 13
Gentoo Local Checks 12
Red Hat Local Checks 10
Debian Local Checks 7
FreeBSD Local Checks 7
Centos Local Checks 6
Web Services 5
Mandrake Local Checks 5
Remote Shell Access 2
Miscellaneous 1
Denial of Service 1
Service Detection 1
Slackware Local Checks 1
Solaris Local Checks 1
(*****) Urgent Risk - Windows
Symantec Mail Security for SMTP File Parsing Vulnerabilities
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: opal security update (opal-4531)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Opera version 9.24 (opera-4575)
(**** ) Critical Risk - Debian Local Checks
[DSA1397] DSA-1397-1 mono
(**** ) Critical Risk - Windows
Lotus Notes Client < 7.0.3 / 8.0.1 Buffer Overflow Vulnerabilities
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0970: dhcp
(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0975
(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:201: hplip
(**** ) Critical Risk - Windows
Trend Micro Scan Engine Tmxpflt.sys Buffer Overflow Vulnerability
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0980: seamonkey
(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0980
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: fetchmail: Fix remote denial of service attack
(fetchmail-4490)
(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0979
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0981: thunderbird
(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0813
(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0981
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: mono-core: Fix BigInteger buffer overflow.
(bytefx-data-mysql-4597)
(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0992
(**** ) Critical Risk - Web Services
CA Host-Based Intrusion Prevention System Server Default Credentials
(**** ) Critical Risk - Windows
Ipswitch IMail Client Buffer Overflow Vulnerability
(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:195: kernel
(**** ) Critical Risk - Remote Shell Access
Lotus Domino IMAP Server Mailbox Name Buffer Overflow Vulnerability
(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:204: cups
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: openssh: This update fixes a bug in ssh's cookie and signal handling code. (openssh-4579)
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0940: kernel
(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:203: xen
(**** ) Critical Risk - Debian Local Checks
[DSA1401] DSA-1401-1 iceape
(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200711-05] SiteBar: Multiple issues
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: mono-core: Fix BigInteger buffer overflow.
(bytefx-data-mysql-4452)
(**** ) Critical Risk - Debian Local Checks
[DSA1398] DSA-1398-1 perdition
(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200710-30] OpenSSL: Remote execution of arbitrary code
(**** ) Critical Risk - Remote Shell Access
Perdition IMAP Tag Format String Vulnerability
(**** ) Critical Risk - Debian Local Checks
[DSA1402] DSA-1402-1 gforge
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: ImageMagick: Fix for several security bugs
(ImageMagick-4543)
(**** ) Critical Risk - Windows
FLEXnet Connect Update Service ActiveX Control Unsafe Method Vulnerability
(**** ) Critical Risk - Windows
Altiris AClient < 6.8.380 Local Vulnerabilities
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0979: firefox
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: openssl security update (libopenssl-devel-4560)
(**** ) Critical Risk - Miscellaneous
CUPS IPP Tags Text-Length Buffer Overflow Vulnerability
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: t1lib security update (t1lib-4592)
(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200711-10] Mono: Buffer overflow
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 127753-02
(**** ) Critical Risk - Debian Local Checks
[DSA1400] DSA-1400-1 perl
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0813: openssl
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-1020: cups
(**** ) Critical Risk - SuSE Local Checks SuSE Security Update: flac security update (flac-4571)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: libvorbis security update (libvorbis-4583)
(**** ) Critical Risk - Debian Local Checks
[DSA1399] DSA-1399-1 pcre3
(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:096: timezone
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: cups security update (cups-4598)
(**** ) Critical Risk - Windows
RealPlayer for Windows < 6.0.12.1662
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: GraphicsMagick: Fix for several security bugs
(GraphicsMagick-4539)
(**** ) Critical Risk - Windows
SeaMonkey < 1.1.5
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0888: php
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0992: libpng
(**** ) Critical Risk - Windows
Microsoft Office service pack not up to date
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0975: flac
(**** ) Critical Risk - Debian Local Checks
[DSA1396] DSA-1396-1 iceweasel
(**** ) Critical Risk - Windows
RealPlayer Playlist Handling Buffer Overflow Vulnerability
(**** ) Critical Risk - Windows
Adobe Reader < 8.1.1
(*** ) High Risk - Windows
CA Host-Based Intrusion Prevention System Server Log Injection Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200711-06] Apache: Multiple vulnerabilities
(*** ) High Risk - Gentoo Local Checks
[GLSA-200711-07] Python: User-assisted execution of arbitrary code
(*** ) High Risk - Gentoo Local Checks
[GLSA-200711-01] gFTP: Multiple vulnerabilities
(*** ) High Risk - Gentoo Local Checks
[GLSA-200711-08] libpng: Multiple Denials of Service
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-31] Opera: Multiple vulnerabilities
(*** ) High Risk - Web Services
Module Builder DownloadModule File Disclosure Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200711-04] Evolution: User-assisted remote execution of arbitrary code
(*** ) High Risk - Denial of Service
DeleGate Proxy Server < 9.7.5
(*** ) High Risk - Gentoo Local Checks
[GLSA-200711-09] MadWifi: Denial of Service
(*** ) High Risk - Web Services
LiteSpeed Web Server Null Byte Source Code Disclosure Vulnerability
(*** ) High Risk - Web Services
Simple Machines Forum userspec Parameter SQL Injection Vulnerability
(*** ) High Risk - Windows
Lotus Notes Client Memory Mapped Files Vulnerability
(*** ) High Risk - Web Services
TikiWiki < 1.9.8.2 Local File Include Vulnerabilities
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : opera -- multiple vulnerabilities (1023)
(** ) Medium Risk - Gentoo Local Checks
[GLSA-200711-02] OpenSSH: Security bypass
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : ldapscripts -- Command Line User Credentials Disclosure (1021)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : wordpress -- cross-site scripting (1026)
(** ) Medium Risk - Slackware Local Checks
SSA-2007-305-01 cups
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : drupal --- multiple vulnerabilities (1022)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : py-django -- denial of service vulnerability (1024)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : firefox -- OnUnload Javascript browser entrapment vulnerability (1020)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : openldap -- multiple remote denial of service vulnerabilities
(1025)
(** ) Medium Risk - Gentoo Local Checks
[GLSA-200711-03] Gallery: Multiple vulnerabilities
(* ) Low Risk - Windows
Microsoft Office Detection
(* ) Low Risk - Service Detection
Novell CLNTRUST Service Detection |
