New Security Vulnerabilities 21st January 2009
The following new vulnerabilities were added to the Telspace's database this
month:
81 NEW THREATS ADDED SINCE JANUARY 01
TOTAL THREATS IN THE DATABASE 24667
NEW THREATS RISK FACTOR SUMMARY
(*****) Urgent Risk 5
(**** ) Critical Risk 37
(*** ) High Risk 13
(** ) Medium Risk 20
(* ) Low Risk 6
NEW THREATS FAMILY SUMMARY
Remote Shell Access 1
Firewalls, Routers, SNMP 1
Microsoft Bulletins 1
FTP Services 1
Cross-Site Scripting 1
Miscellaneous 2
Slackware Local Checks 2
Web Services 3
CentOS Local Checks 4
Windows 5
Service Detection 5
Debian Local Checks 7
Gentoo Local Checks 8
SuSE Local Checks 10
Red Hat Local Checks 12
FreeBSD Local Checks 18
5 Urgent Risk - Windows
Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) - Network check
5 Urgent Risk - Service Detection
HTTP Backdoor Detection
5 Urgent Risk - Microsoft Bulletins
Vulnerabilities in SMB Could Allow Remote Code Execution (958687 /
MS09-001)
5 Urgent Risk - Remote Shell Access
Wild TCL Shell Detection
5 Urgent Risk - Web Services
Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
4 Critical Risk - SuSE Local Checks
SuSE Security Update: epiphany: Update to match mozilla-xulrunner181 update. (epiphany-5894)
4 Critical Risk - Debian Local Checks
[DSA1698] DSA-1698-1 gforge
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0002: thunderbird
- Critical Risk - CentOS Local Checks
CentOS : RHSA-2009-0004
4 Critical Risk - SuSE Local Checks
SuSE Security Update: git-web security update (git-5892)
4 Critical Risk - Gentoo Local Checks
[GLSA-200901-01] NDISwrapper: Arbitrary remote code execution
4 Critical Risk - SuSE Local Checks
SuSE Security Update: jhead: various security problems were fixed
(jhead-5899)
4 Critical Risk - Debian Local Checks
[DSA1700] DSA-1700-1 lasso
4 Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for libxml2 (libxml2-5802)
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0011: lcms
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0008: dbus
4 Critical Risk - SuSE Local Checks
SuSE Security Update: python security update (python-5848)
4 Critical Risk - CentOS Local Checks
CentOS : RHSA-2009-0018
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0020: bind
4 Critical Risk - Windows
Mozilla Thunderbird < 2.0.0.19 Multiple Vulnerabilities
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0013: avahi
- Critical Risk - Red Hat Local Checks
RHSA-2009-0003: xen
4 Critical Risk - CentOS Local Checks
CentOS : RHSA-2009-0010
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0018: xterm
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0010: squirrelmail
4 Critical Risk - Debian Local Checks
[DSA1697] DSA-1697-1 iceape
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0005: gnome
4 Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaFirefox: Security Update to 2.0.0.19
(MozillaFirefox-5885)
4 Critical Risk - Debian Local Checks
[DSA1696] DSA-1696-1 icedove
4 Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaThunderbird: Security Update to 2.0.0.19
(MozillaThunderbird-5900)
4 Critical Risk - Debian Local Checks
[DSA1694] DSA-1694-1 xterm
4 Critical Risk - SuSE Local Checks
SuSE Security Update: java-1_5_0-sun security update (java-1_5_0-sun-5875)
4 Critical Risk - Debian Local Checks
[DSA1699] DSA-1699-1 zaptel
4 Critical Risk - Windows
SizerOne ActiveX Control AddTab Method Remote Buffer Overflow
4 Critical Risk - Debian Local Checks
[DSA1695] DSA-1695-1 ruby1.8, ruby1.9
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0004: openssl
4 Critical Risk - SuSE Local Checks
SuSE Security Update: mozilla-xulrunner181: Security Update
(mozilla-xulrunner181-5881)
4 Critical Risk - Windows
NOD32 3.0/ESET Smart Security < 3.0.684 Local Privilege Escalation
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0001: kernel
4 Critical Risk - Red Hat Local Checks
RHSA-2009-0019: hanterm
4 Critical Risk - CentOS Local Checks
CentOS : RHSA-2009-0005
4 Critical Risk - SuSE Local Checks
SuSE Security Update: java-1_6_0-sun security update (java-1_6_0-sun-5876)
3 High Risk - Web Services
XOOPS mydirname Parameter Command Injection Vulnerabilities
3 High Risk - Gentoo Local Checks
[GLSA-200901-06] Tremulous: User-assisted execution of arbitrary code
3 High Risk - Gentoo Local Checks
[GLSA-200901-04] D-Bus: Denial of Service
3 High Risk - Web Services
XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal
3 High Risk - FTP Services
Serv-U 7.x < 7.4.0.0 DoS
3 High Risk - Gentoo Local Checks
[GLSA-200901-03] pdnsd: Denial of Service and cache poisoning
3 High Risk - Windows
Symantec Mail Security for SMTP < 5.0.1 Patch 200 Unspecified DoS
3 High Risk - Miscellaneous
Samba 3.2.0 - 3.2.6 Unauthorized Access
3 High Risk - Cross-Site Scripting
Apache Roller q Parameter XSS
3 High Risk - Gentoo Local Checks
[GLSA-200901-02] JHead: Multiple vulnerabilities
3 High Risk - Gentoo Local Checks
[GLSA-200901-07] MPlayer: Multiple vulnerabilities
3 High Risk - Gentoo Local Checks
[GLSA-200901-08] Online-Bookmarks: Multiple vulnerabilities
3 High Risk - Gentoo Local Checks
[GLSA-200901-05] Streamripper: Multiple vulnerabilities
2 Medium Risk - FreeBSD Local Checks
FreeBSD : p5-File-Path -- rmtree allows creation of setuid files (1230)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : cgiwrap -- XSS Vulnerability (1243)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : mysql -- privilege escalation and overwrite of the system table information (1238)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : libcdaudio -- remote buffer overflow and code execution (1233)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : mysql -- remote dos via malformed password packet (1234)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : nagios -- web interface privilege escalation vulnerability (1242)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : imap-uw -- local buffer overflow vulnerabilities (1240)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : imap-uw -- imap c-client buffer overflow (1237)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : mysql -- renaming of arbitrary tables by authenticated users
(1241)
- Medium Risk - FreeBSD Local Checks
- FreeBSD : awstats -- multiple XSS vulnerabilities (1231)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : mysql -- empty bit-string literal denial of service (1236)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : twiki -- multiple vulnerabilities (1227)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : vinagre -- format string vulnerability (1229)
2 Medium Risk - Slackware Local Checks
SSA-2008-366-01 mozilla-thunderbird
2 Medium Risk - FreeBSD Local Checks
FreeBSD : verlihub -- insecure temporary file usage and arbitrary command execution (1235)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : roundcube -- remote execution of arbitrary code (1226)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : vim -- multiple vulnerabilities in the netrw module (1228)
2 Medium Risk - FreeBSD Local Checks
FreeBSD : xterm -- DECRQSS remote command execution vulnerability (1232)
- Medium Risk - FreeBSD Local Checks
FreeBSD : pdfjam -- insecure temporary files (1239)
2 Medium Risk - Slackware Local Checks
SSA-2009-005-01 samba
1 Low Risk - Service Detection
HDHomeRun Control Service Detection
1 Low Risk - Miscellaneous
System information (DMI)
1 Low Risk - Service Detection
SSL Service Requests Client Certificate
1 Low Risk - Firewalls, Routers, SNMP
SNMP Protocol Version Detection
1 Low Risk - Service Detection
HDHomeRun Discovery Service Detection
1 Low Risk - Service Detection
Computer Associates Unicenter Cron Scheduler Detection
|
