Security

http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityFocus Vulnerabilities: SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
GEAR Software CD DVD Filter Driver ‘GEARAspiWDM.sys’ Local Privilege Escalation Vulnerability
Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
Linux Kernel ‘iov_iter_advance()’ Page Fault Local Denial of Service Vulnerability
Linux Kernel ’shmem_delete_inode()’ Local Denial of Service Vulnerability
Re: Motorola Timbuktu’s Internet Locator Service real-time data exposed to public.
Re: iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability
[ GLSA 200810-01 ] WordNet: Execution of arbitrary code
[OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability
News, Infocus, Columns, Vulnerabilities, Bugtraq …
http://www.debian.org/security/dsa
Debian Security: Debian Security Advisories
several vulnerabilities
array bounds check
various
integer overflow
insecure temp file handling
cross site scripting
several vulnerabilities
several vulnerabilities
command execution
denial of service
http://www.us-cert.gov/channels/techalerts.rdf
US-CERT Technical Cyber Security Alerts: US-CERT Technical Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits.
Apple Updates for Multiple Vulnerabilities
Microsoft Updates for Multiple Vulnerabilities
Microsoft Updates for Multiple Vulnerabilities
Sun Java Updates for Multiple Vulnerabilities
Multiple DNS implementations vulnerable to cache poisoning
Microsoft Updates for Multiple Vulnerabilities
Microsoft Office Snapshot Viewer ActiveX Vulnerability
Microsoft Updates for Multiple Vulnerabilities
Apple Quicktime Updates for Multiple Vulnerabilities
SNMPv3 Authentication Bypass Vulnerability
http://www.microsoft.com/technet/security/bulletin/secrss.aspx
Microsoft Security Bulletins: Microsoft Security Bulletins
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin Severity Rating:Important - This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user΄s logon ID and remotely log on to the user΄s Messenger client impersonating that user.
Bulletin Severity Rating:Important - This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin Severity Rating:Important - This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network.
Bulletin Severity Rating:Critical - This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.