Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | October 2008

October 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
VMware	VMware ESX Server update for libxml2	31/10/08
Gentoo	Gentoo update for libspf2	31/10/08
IBM	IBM Lotus Connections Multiple Vulnerabilities	30/10/08
IBM	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability	30/10/08
Red Hat	Fedora update for ed	30/10/08
Red Hat	Fedora update for libtirpc	30/10/08
Red Hat	Fedora update for dovecot	30/10/08
Red Hat	Fedora update for drupal	30/10/08
Opera Software	MyBB Multiple Vulnerabilities	30/10/08
Opera Software	Opera Command Execution and Cross-Site Scripting	30/10/08
Debian	Debian update for openoffice.org	30/10/08
OpenOffice.org	KTorrent 2 Web Interface Torrent Upload and PHP Code Injection	29/10/08
OpenOffice.org	OpenOffice WMF and EMF Processing Buffer Overflows	29/10/08
Red Hat	Red Hat update for flash-plugin	29/10/08
Adobe Systems	Adobe PageMaker PMD File Processing Buffer Overflows	29/10/08
Novell	SUSE update for kernel	29/10/08
Novell	Novell eDirectory NCP Unspecified Vulnerability	28/10/08
NetBSD	NetBSD ftpd Long Command Processing Vulnerability	28/10/08
NetBSD	NetBSD ICMPv6 "Packet Too Big" MTU Denial of Service Vulnerability	28/10/08
NetBSD	NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability	28/10/08
Red Hat	Red Hat update for lynx	28/10/08
Citrix Systems	Citrix Web Interface Improper Session Termination Security Issue	28/10/08
Red Hat	Fedora update for drupal	28/10/08
Debian	Debian update for clamav	28/10/08
HP	Mantis "sort" PHP Code Execution Vulnerability	28/10/08
HP	HP Insight Diagnostics Unspecified File Disclosure Vulnerability	27/10/08
Red Hat	VLC Media Player TY Processing Buffer Overflow Vulnerability	27/10/08
Red Hat	Red Hat update for java-1.5.0-ibm	27/10/08
Red Hat	Red Hat update for java-1.6.0-ibm	27/10/08
Sun Microsystems	Sun Java System LDAP JDK Information Disclosure Vulnerability	24/10/08
IBM	IBM WebSphere Host On-Demand Authentication Bypass	24/10/08
Red Hat	Fedora update for git	24/10/08
Red Hat	Fedora update for gfs2-utils and rgmanager	24/10/08
Red Hat	Fedora update for cman	24/10/08
Debian	Debian update for libspf2	24/10/08
Red Hat	Fedora update for kernel	24/10/08
SuSE	SUSE Update for Multiple Packages	24/10/08
Microsoft	Microsoft Windows Server Service Vulnerability	24/10/08
Opera Software	LoudBlog "colpick" SQL Injection Vulnerability	23/10/08
Opera Software	Opera Multiple Vulnerabilities	23/10/08
Cisco	Cisco ASA and PIX IPv6 Denial of Service	23/10/08
Cisco	freeSSHd SFTP Directory Buffer Overflow Vulnerability	23/10/08
Cisco	freeSSHd Two Denial of Service Vulnerabilities	23/10/08
Cisco	Cisco ASA and PIX VPN Authentication Bypass	23/10/08
Cisco	Cisco ASA Crypto Accelerator Memory Leak	23/10/08
Debian	Debian update for dbus	23/10/08
Sun Microsystems	Sun Integrated Lights-Out Manager Web Interface Unauthorized Access	23/10/08
HP	HP OpenView Products Shared Trace Service Denial of Service	23/10/08
Trend Micro	Trend Micro OfficeScan CGI Parsing Buffer Overflow	23/10/08
Red Hat	imlib2 PNM and XPM Buffer Overflow Vulnerabilities	23/10/08
Red Hat	Fedora update for php-Smarty	23/10/08
Debian	Debian update for qemu	22/10/08
GNU Project	GNU Enscript "setfilename" Special Escape Buffer Overflow	22/10/08
Novell	SUSE update for kernel	22/10/08
IBM	IBM DB2 Multiple Vulnerabilities	22/10/08
Red Hat	Red Hat update for ed	22/10/08
Red Hat	Red Hat update for ruby	22/10/08
Red Hat	Red Hat update for ruby	22/10/08
Red Hat	Red Hat update for ruby	22/10/08
Red Hat	Fedora update for jhead	22/10/08
Altiris	Symantec Altiris Deployment Solution Privilege Escalation	21/10/08
SuSE	SUSE update for kernel	21/10/08
Opera Software	Opera Multiple Vulnerabilities	21/10/08
F-Secure	F-Secure Products RPM Parsing Integer Overflow Vulnerability	21/10/08
Microsoft	Microsoft Outlook Web Access Redirection Weaknesses	21/10/08
Debian	Debian update for cupsys	21/10/08
Red Hat	Fedora update for mantis	21/10/08
IBM	Wireshark Multiple Denial of Service Vulnerabilities	21/10/08
IBM	IBM WebSphere Application Server Multiple Vulnerabilities	21/10/08
IBM	IBM HTTP Server mod_proxy Interim Responses Denial of Service	21/10/08
Debian	cpCommerce Multiple Cross-Site Scripting Vulnerabilities	21/10/08
Debian	yappa-ng "album" Local File Inclusion Vulnerability	21/10/08
Debian	Debian update for linux-2.6	21/10/08
HP	e107 "ue[]" SQL Injection Vulnerability	21/10/08
HP	Fast Click SQL Lite "CFG[CDIR]" File Inclusion Vulnerability	03/10/08
HP	HP SiteScope SNMP Trap Script Insertion Vulnerability	03/10/08
Red Hat	VLC Media Player TY Processing Buffer Overflow Vulnerability	03/10/08
SuSE	SUSE Update for Multiple Packages	03/10/08
Sun Microsystems	Nuked-Klan "Referer" SQL Injection Vulnerability	03/10/08
Sun Microsystems	PhpWebGallery PHP Code Execution and SQL Injection	03/10/08
Sun Microsystems	WEB//NEWS "catid" SQL Injection Vulnerability	03/10/08
Sun Microsystems	Sun Solaris libpng tRNS Chunk Denial of Service	03/10/08
Avaya	Avaya Products ipsec-tools Denial of Service	03/10/08
Avaya	Avaya Products libxml2 Denial of Service	03/10/08
Avaya	Avaya Products bzip2 Denial of Service	03/10/08
Apache Software Foundation	Apache mod_proxy_ftp Wildcard Characters Cross-Site Scripting	03/10/08
HP	HP Systems Insight Manager Unspecified Unauthorised Access	16/10/08
Microsoft	myEvent Multiple Vulnerabilities	16/10/08
Microsoft	Microsoft Windows IIS IPP Service Integer Overflow Vulnerability	16/10/08
HP	HP OpenView Network Node Manager Multiple Vulnerabilities	16/10/08
Adobe Systems	Adobe Flash Player "Clickjacking" Security Bypass Vulnerability	16/10/08
Adobe Systems	Adobe Flash Player Multiple Security Issues	16/10/08
Adobe Systems	Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities	16/10/08
Red Hat	Fedora update for rubygems / rubygem packages	16/10/08
Red Hat	Fedora update for cups	16/10/08
Red Hat	Fedora update for neon	16/10/08
Red Hat	Fedora update for drupal	16/10/08
Red Hat	Fedora update for bluez-utils and bluez-libs	16/10/08
Microsoft	Microsoft Products GDI+ Multiple Vulnerabilities	16/10/08
Microsoft	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability	16/10/08
Microsoft	Microsoft Office Web Components Two Vulnerabilities	15/10/08
Oracle	Oracle Products Multiple Vulnerabilities	15/10/08
	BEA WebLogic Server Multiple Vulnerabilities	15/10/08
Oracle	BEA WebLogic Server Multiple Authorizers Security Bypass	15/10/08
BEA	BEA WebLogic Workshop NetUI Pageflow Information Disclosure Vulnerability	15/10/08
	BEA WebLogic Workshop NetUI Tags Information Disclosure Vulnerability	15/10/08
Microsoft	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability	15/10/08
Sun Microsystems	Sun Solaris "sadmind" Buffer Overflow Vulnerability	15/10/08
Debian	Debian update for libxml2	15/10/08
Microsoft	VLC Media Player XSPF Processing Memory Corruption Vulnerability	15/10/08
Microsoft	Microsoft Windows Privilege Escalation Vulnerabilities	15/10/08
Microsoft	Microsoft Windows IIS IPP Service Integer Overflow Vulnerability	15/10/08
Microsoft	Microsoft Windows Active Directory Buffer Overflow Vulnerability	14/10/08
Microsoft	Microsoft Windows SMB Buffer Underflow Vulnerability	14/10/08
Microsoft	Microsoft Windows Virtual Address Descriptor Privilege Escalation	14/10/08
Microsoft	Microsoft Windows 2000 Message Queuing Service Vulnerability	14/10/08
Microsoft	Microsoft Windows Ancillary Function Driver Privilege Escalation	14/10/08
Microsoft	Microsoft Internet Explorer Multiple Vulnerabilities	14/10/08
Microsoft	Internet Explorer 6 Window "location" Handling Vulnerability	14/10/08
Microsoft	Microsoft Host Integration Server SNA RPC Vulnerability	14/10/08
Microsoft	Microsoft Excel Multiple Vulnerabilities	14/10/08
Microsoft	Microsoft Office CDO URI Handling Cross-Site Scripting	14/10/08
Sun Microsystems	Phorum BBcode Nested "img" Tags Script Insertion	14/10/08
Sun Microsystems	Sun Java System Web Proxy Server Two Vulnerabilities	14/10/08
Cisco	RaidenFTPD Directory Name Buffer Overflow Vulnerability	14/10/08
Cisco	Zomplog Multiple Vulnerabilities	14/10/08
Cisco	Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability	14/10/08
Mozilla Organization	Firefox .url Shortcut File Information Disclosure	14/10/08
Avaya	Avaya AES / MX Apache Tomcat Multiple Vulnerabilities	14/10/08
Avaya	Avaya Products vsftpd PAM Memory Leak Vulnerability	14/10/08
Avaya	Avaya Products libxml2 XML Entity Name Buffer Overflow Vulnerability	14/10/08
Debian	Debian update for linux-2.6	14/10/08
Avaya	Avaya Products Red Hat Tampered OpenSSH Packages	14/10/08
Trend Micro	WinFTP "PASV" Denial of Service Vulnerability	14/10/08
Trend Micro	Trend Micro OfficeScan Directory Traversal Vulnerability	14/10/08
Debian	JasPer Multiple Vulnerabilities	14/10/08
Debian	OpenCA Cross-Site Request Forgery Vulnerability	14/10/08
Debian	GForge Multiple SQL Injection Vulnerabilities	14/10/08
Debian	Debian update for mon	14/10/08
Debian	Debian update for ruby1.9	13/10/08
Debian	Debian update for ruby1.8	13/10/08
Debian	Debian update for squid	13/10/08
Apache Software Foundation	Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue	13/10/08
Debian	Debian update for openldap	13/10/08
Sun Microsystems	Sun Java System Web Proxy Server Two Vulnerabilities	13/10/08
Red Hat	Red Hat update for cups	13/10/08
Apple	Apple Mac OS X Security Update Fixes Multiple Vulnerabilities	13/10/08
Red Hat	Fedora update for condor	10/10/08
HP	HP OpenView Network Node Manager Multiple Vulnerabilities	10/10/08
HP	HP OpenView Network Node Manager Denial of Service and Code Execution	10/10/08
Red Hat	CUPS Multiple Vulnerabilities	10/10/08
Red Hat	Fedora update for postfix	10/10/08
Red Hat	Fedora update for ruby	10/10/08
Red Hat	Fedora update for dbus	10/10/08
Gentoo	Gentoo Portage Insecure Python Module Search Path Security Issue	10/10/08
Computer Associates (CA)	CA ARCserve Backup Multiple Vulnerabilities	10/10/08
HP	HP System Management Homepage Unspecified Cross Site Scripting Vulnerability	10/10/08
Avaya	ModSecurity "SecCacheTransformations" Vulnerability	10/10/08
Avaya	Avaya AES LibTIFF LZW Decoder Buffer Underflow Vulnerability	10/10/08
Avaya	Avaya Products Wireshark Multiple Denial of Service Vulnerabilities	10/10/08
Avaya	Avaya IP Softphone H.323 Denial of Service Vulnerability	10/10/08
Avaya	Avaya one-X Desktop Edition SIP Denial of Service Vulnerability	10/10/08
Avaya	Avaya Communication Manager Information Disclosure Vulnerability	10/10/08
Avaya	Avaya Communication Manager Arbitrary Command Execution Vulnerabilities	10/10/08
Nortel Networks	Nortel Multimedia Communication Server 5100 Multiple Vulnerabilities	09/10/08
Cisco	Cisco Unity Multiple Vulnerabilities	09/10/08
Cisco	Cisco Unity Script Insertion Vulnerability	09/10/08
SuSE	AdMan "campaignId" SQL Injection Vulnerability	09/10/08
SuSE	SUSE update for MozillaFirefox, MozillaThunderbird, seamonkey, and mozilla	09/10/08
Debian	Debian update for iceweasel	09/10/08
Microsoft	OpenX "bannerid" SQL Injection Vulnerability	09/10/08
Microsoft	TorrentTrader Classic "completed-advance.php" SQL Injection	08/10/08
Microsoft	Mircosoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability	08/10/08
Opera Software	FreeRADIUS "dialup_admin" Insecure Temporary Files	08/10/08
Opera Software	Opera Multiple Vulnerabilities	08/10/08
Red Hat	Red Hat update for condor	08/10/08
Adobe Systems	Adobe Flash Player "Clickjacking" Security Bypass Vulnerability	08/10/08
Red Hat	Red Hat update for kernel	08/10/08
Gentoo	Gentoo update for wordnet	08/10/08
Debian	Debian update for php5	08/10/08
Debian	Debian update for php5	08/10/08
Parallels	H-Sphere webshell4 Cross-Site Scripting and Request Forgery	08/10/08
Debian	Debian update for squid	08/10/08
Novell	SUSE update for dovecot and graphicsmagic	08/10/08
SuSE	SUSE update for openssh	07/10/08
Novell	SUSE update for mercurial	07/10/08
Red Hat	Fedora update for mediawiki	07/10/08
Juniper Networks	Juniper Networks Neighbor Discovery Protocol Neighbor Solicitation Vulnerability	07/10/08
SuSE	SUSE update for MozillaFirefox	07/10/08
IBM	IBM Lotus Quickr Security Issues and Denial of Service	07/10/08
HP	HP-UX NFS/ONCplus Denial of Service Vulnerability	07/10/08
Debian	D-Bus "_dbus_validate_signature_with_reason()" Denial of Service	07/10/08
Debian	Debian update for lighttpd	07/10/08
Microsoft	Microsoft Windows Vista Page Fault Handling Denial of Service	07/10/08
Microsoft	OpenX "bannerid" SQL Injection Vulnerability	07/10/08
VMware	VMware VirtualCenter Multiple Vulnerabilities	07/10/08
VMware	VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability	07/10/08
VMware	VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities	07/10/08
Red Hat	Dovecot ACL Plugin Security Bypass Security Issues	07/10/08
Red Hat	Fastpublish CMS Multiple Vulnerabilities	06/10/08
Red Hat	Fedora update for pam_krb5	06/10/08
Debian	Debian update for feta	06/10/08
Red Hat	Fedora update for libxml2	06/10/08
Debian	Debian update for mplayer	06/10/08
OpenBSD	phpScheduleIt PHP "eval()" Injection Vulnerability	06/10/08
OpenBSD	OpenBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability	06/10/08
Novell	MediaWiki "useskin" Cross-Site Scripting Vulnerability	06/10/08
Novell	Novell eDirectory Multiple Vulnerabilities	06/10/08
Apple	Apple TV Multiple Vulnerabilities	03/10/08
Red Hat	XAMPP adodb.php Cross-Site Scripting Vulnerabilities	03/10/08
Red Hat	Red Hat update for pam_krb5	03/10/08
Avaya	Libxml2 Predefined Entities Denial of Service Vulnerability	03/10/08
Avaya	Avaya CMS Solaris Editors Tag File Handling Privilege Escalation	03/10/08
Avaya	Avaya CMS Solaris ACL for UFS File Systems Local Denial of Service	03/10/08
Blue Coat Systems	mIRC "PRIVMSG" Processing Buffer Overflow Vulnerability	03/10/08
Blue Coat Systems	Blue Coat SGOS ICAP Patience Page Cross-Site Scripting Vulnerability	03/10/08
Red Hat	Red Hat update for tomcat	03/10/08
Microsoft	Microsoft Windows Mobile Bluetooth Device Name Denial of Service	03/10/08
MySQL	WikyBlog Multiple Cross-Site Scripting Vulnerabilities	03/10/08
MySQL	MySQL HTML Output Script Insertion Security Issue	03/10/08
Juniper Networks	Juniper NetScreen ScreenOS Script Insertion Vulnerability	03/10/08
FreeBSD Project	FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability	03/10/08
Red Hat	Red Hat update for xen	03/10/08
SuSE	SUSE update for kernel	03/10/08
Apache Software Foundation	Xerces-C++ "maxOccurs" Denial of Service Vulnerability	03/10/08
Trend Micro	Trend Micro OfficeScan Multiple Vulnerabilities	03/10/08
Trend Micro	Trend Micro OfficeScan Directory Traversal Vulnerability	03/10/08
Red Hat	Red Hat update for thunderbird	03/10/08
Novell	SUSE update for kernel	03/10/08
Red Hat	Red Hat update for wireshark	03/10/08
SuSE	SUSE update for kernel	03/10/08
Mozilla Organization	PHP iCalendar Security Bypass Vulnerability	03/10/08
Mozilla Organization	EC-CUBE Multiple Vulnerabilities	03/10/08
Mozilla Organization	Mozilla Firefox "keypress" User Interface Event Dispatching Weakness	03/10/08
Red Hat	Fedora update for emacspeak	03/10/08
Sun Microsystems	Flip4Mac Importer Unspecified Vulnerabilities	03/10/08
Sun Microsystems	Sun Solaris X Server Extensions Multiple Vulnerabilities	03/10/08
Citrix Systems	Citrix Presentation Server Privilege Escalation Vulnerability	03/10/08