Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More


New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More


New Zealand Government Website

November 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.
Reference Description Date
Red Hat
Quicksilver Forums "lang" File Inclusion Vulnerability
 27/11/08
Red Hat
Red Hat update for java-1.4.2-ibm
 27/11/08
IBM
IBM Tivoli Access Manager WebSEAL Denial of Service Vulnerability
 27/11/08
FreeBSD Project
FreeBSD "arc4random()" Insufficient Entropy Sources Security Issue
 27/11/08
Red Hat
Red Hat update for tog-pegasus
 27/11/08
Red Hat
WebStudio CMS "pageid" Cross-Site Scripting and SQL Injection
 27/11/08
Red Hat
Red Hat update for vim
 27/11/08
Red Hat
Red Hat update for vim
 27/11/08
Red Hat
Red Hat update for vim
 27/11/08
Debian
Debian update for iceweasel
 27/11/08
Debian
Debian update for enscript
 27/11/08
Debian
Debian update for xulrunner
 27/11/08
Debian
Debian update for hf
 27/11/08
Slackware Linux
Slackware update for mozilla-thunderbird
 27/11/08
Apple
iPhone Configuration Web Utility for Windows Directory Traversal
 27/11/08
OpenBSD
OpenSSH CBC Mode Plaintext Recovery Vulnerability
 27/11/08
Apple
Apple iPhone / iPod touch Multiple Vulnerabilities
 27/11/08
Red Hat
Fedora update for thunderbird
 27/11/08
IBM
IBM Workplace Web Content Management Cross-Site Scripting Vulnerabilities
 27/11/08
Check Point
Checkpoint VPN-1 Information Disclosure Vulnerability
 27/11/08
Avaya
Avaya CMS Solaris "sadmind" Buffer Overflow Vulnerability
 27/11/08
IBM
IBM AIX update for sendmail
 27/11/08
Red Hat
imlib2 XPM Processing Buffer Overflow Vulnerability
 27/11/08
Red Hat
PunBB Private Message System Module Multiple Vulnerabilities
 27/11/08
Red Hat
PunBB Private Message System Module Multiple Vulnerabilities
 27/11/08
Red Hat
Fedora update for grip
 27/11/08
HP
HP OpenView Network Node Manager Cross-Site Scripting Vulnerabilities
 27/11/08
Red Hat
Fedora update for roundup
 27/11/08
Slackware Linux
Slackware update for libxml2
 27/11/08
Red Hat
Red Hat update for kernel
 27/11/08
Red Hat
Fedora update for cobbler
 27/11/08
Red Hat
Fedora update for libxml2
 27/11/08
Mozilla Organization
Mozilla Thunderbird Multiple Vulnerabilities
 27/11/08
Red Hat
Red Hat update for thunderbird
 27/11/08
Debian
Debian update for python2.4
 27/11/08
Citrix Systems
Citrix XenServer Ext2/Ext3 Processing Security Bypass Vulnerability
 19/11/08
Opera Software
Opera "file://" URI Handling Buffer Overflow Vulnerability
 19/11/08
NetGear
Netgear WGR614 Web Interface Request Denial of Service
 19/11/08
Debian
Debian update for libxml2
 19/11/08
Adobe Systems
Adobe AIR Multiple Vulnerabilities
 19/11/08
Red Hat
Red Hat update for libxml2
 18/11/08
Adobe Systems
Libxml2 Two Integer Overflow Vulnerabilities
 18/11/08
Adobe Systems
Flash Media Server Video Stream Capture Security Issue
 18/11/08
OpenBSD
OpenSSH CBC Mode Plaintext Recovery Vulnerability
 18/11/08
Slackware Linux
Slackware update for mozilla-firefox
 18/11/08
Slackware Linux
Slackware update for seamonkey
 18/11/08
Gentoo
Gentoo update for php
 18/11/08
Sun Microsystems
Sun Solaris socket Local Denial of Service
 15/11/08
Red Hat
Fedora update for firefox
 15/11/08
Red Hat
Fedora update for firefox and xulrunner
 15/11/08
Red Hat
Fedora update for clamav
 15/11/08
Red Hat
Fedora update for quassel
 15/11/08
Sun Microsystems
Sun StarOffice/StarSuite EMF File Processing Integer Overflow Vulnerability
 15/11/08
Apple
Apple Safari Multiple Vulnerabilities
 15/11/08
Sun Microsystems
Sun Java System Messaging Server Cross-Site Scripting Vulnerability
 14/11/08
Sun Microsystems
Sun Logical Domains Authentication Bypass Vulnerability
 14/11/08
HP
HP Service Manager Unspecified Security Bypass Vulnerability
 14/11/08
GNU Project
GnuTLS X.509 Certificate Chain Validation Vulnerability
 14/11/08
Red Hat
Red Hat update for seamonkey
 14/11/08
Red Hat
Red Hat update for firefox
 14/11/08
Mozilla Organization
Mozilla Thunderbird Multiple Vulnerabilities
 14/11/08
Mozilla Organization
Mozilla Firefox 2 Multiple Vulnerabilities
 14/11/08
Mozilla Organization
Mozilla Firefox 3 Multiple Vulnerabilities
 14/11/08
Mozilla Organization
Mozilla SeaMonkey Multiple Vulnerabilities
 14/11/08
Mozilla Organization
Firefox .url Shortcut File Information Disclosure
 14/11/08
Red Hat
Fedora update for optipng
 13/11/08
Red Hat
Fedora update for libpng10
 13/11/08
IBM
IBM Metrica Products Cross-Site Scripting and Script Insertion
 13/11/08
Debian
Debian update for libcdaudio
 13/11/08
Red Hat
Red Hat update for flash-plugin
 13/11/08
Red Hat
Red Hat update for acroread
 13/11/08
Sun Microsystems
Sun Solaris DNS Cache Poisoning Vulnerability
 13/11/08
Sun Microsystems
Sun Solaris IP Filter DNS Cache Poisoning
 13/11/08
Trend Micro
Trend Micro ServerProtect Multiple Vulnerabilities
 13/11/08
Siemens
Siemens SpeedStream 5200 "Host" Header Authentication Bypass
 13/11/08
Sun Microsystems
Sun Java System Identity Manager Multiple Vulnerabilities
 13/11/08
IBM
IBM Lotus Quickr Cross-Site Scripting and Denial of Service
 13/11/08
Red Hat
Fedora update for blender
 12/11/08
12/11/08
12/11/08
Red Hat
Fedora update for kvm
 12/11/08
12/11/08
12/11/08
Red Hat
Red Hat update for gnutls
 12/11/08
SAP
SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability
 11/11/08
IBM
IBM Lotus Quickr Cross-Site Scripting Vulnerabilities
 10/11/08
IBM
IBM HMC RMC Daemon Denial of Service Vulnerability
 08/11/08
Red Hat
Fedora update for php-Smarty
 08/11/08
Sun Microsystems
Sun SPARC System Firmware Unauthorised Data Access
 08/11/08
Mozilla Organization
Bugzilla Quips Approval Security Bypass Security Issue
 08/11/08
VMware
VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities
 08/11/08
VMware
VMware ESX / ESXi Privilege Escalation and Directory Traversal Vulnerability
 07/11/08
VMware
VMware Products Privilege Escalation Vulnerability
 07/11/08
HP
HP Tru64 UNIX AdvFS "showfile" Privilege Escalation Vulnerability
 07/11/08
Red Hat
Fedora update for cman, gfs2-utils, and rgmanager
 07/11/08
Red Hat
Fedora update for ipsec-tools
 07/11/08
Red Hat
Fedora update for drupal-cck
 07/11/08
Red Hat
PHPX "news_id" SQL Injection Vulnerability
 07/11/08
Red Hat
Fedora update for net-snmp
 07/11/08
Debian
Debian update for mysql-dfsg-5.0
 07/11/08
Cisco
Cisco IOS / CatOS VLAN Trunking Protocol Vulnerability
 06/11/08
Adobe Systems
Adobe ColdFusion Sandbox Security Bypass Vulnerability
 06/11/08
Red Hat
VLC Media Player CUE and RealText Processing Buffer Overflows
 06/11/08
Red Hat
Fedora update for enscript
 06/11/08
Red Hat
Fedora update for uw-imap
 06/11/08
Adobe Systems
Adobe Flash Player Multiple Security Issues and Vulnerabilities
 06/11/08
Red Hat
Fedora update for ktorrent
 06/11/08