Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | September 2009

September 2009

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Nortel Networks	Nortel Products OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerability	30/09/09
Apache Software Foundation	Apache mod_proxy_ftp EPSV Denial of Service Vulnerability	30/09/09
Apache Software Foundation	Apache mod_proxy_ftp FTP Command Injection	30/09/09
IBM	IBM DB2 Multiple Vulnerabilities	30/09/09
IBM	IBM DB2 Multiple Vulnerabilities	30/09/09
IBM	IBM Informix Dynamic Server Denial of Service	30/09/09
Juniper Networks	Juniper JUNOS JWeb Multiple Vulnerabilities	30/09/09
HP	HP Remote Graphics Software (RGS) Unauthorised Access	30/09/09
SAP	SAP GUI WebViewer2D / WebViewer3D ActiveX Controls Insecure Methods	30/09/09
Research In Motion	BlackBerry Devices Insufficient Certificate Warning Security Issue	30/09/09
Debian	Debian update for horde3	30/09/09
Debian	War FTP Daemon Denial of Service Vulnerability	30/09/09
Debian	Debian update for opensaml and shibboleth-sp	30/09/09
IBM	IBM Lotus Quickr Multiple Script Insertion Vulnerabilities	30/09/09
IBM	IBM AIX "syscall" Buffer Overflow Vulnerability	30/09/09
Red Hat	Fedora update for asterisk	30/09/09
Red Hat	Fedora update for asterisk	30/09/09
Red Hat	Fedora update for rubygem-actionpack and rubygem-activesupport	30/09/09
Cisco	Cisco ACE XML Gateway / Web Application Firewall Internal IP Address Disclosure	30/09/09
Red Hat	Fedora update for newt	30/09/09
Red Hat	Fedora update for gnutls	30/09/09
Red Hat	Fedora update for backintime	30/09/09
Gentoo	Gentoo update for curl	30/09/09
Debian	Debian update for xmltooling	28/09/09
IBM	IBM AIX "syscall" Buffer Overflow Vulnerability	28/09/09
Debian	Debian update for newt	28/09/09
Red Hat	Red Hat update for newt	28/09/09
IBM	IBM WebSphere Application Server Multiple Vulnerabilities	28/09/09
Sun Microsystems	e107 "Referer" Header Cross-Site Scripting Vulnerability	28/09/09
Sun Microsystems	Sun Solaris Samba ACL Security Bypass	28/09/09
Sun Microsystems	Sun Solaris 10 Samba ACL Security Bypass	28/09/09
Kaspersky Labs	Kaspersky Online Scanner Arbitrary Library Loading Vulnerability	28/09/09
IBM	IBM AIX "syscall" Buffer Overflow Vulnerability	28/09/09
Red Hat	Fedora update for xmp	28/09/09
IBM	IBM Lotus Connections "name" Cross-Site Scripting Vulnerability	28/09/09
Red Hat	Fedora update for proftpd	28/09/09
Red Hat	Fedora update for rubygem-actionpack and rubygem-activesupport	28/09/09
Debian	Debian update for cyrus-imapd-2.2 and kolab-cyrus-imapd	28/09/09
Debian	Debian update for dovecot	28/09/09
Cisco	Cisco IOS Multiple Vulnerabilities	28/09/09
Red Hat	Red Hat update for cyrus-imapd	28/09/09
Red Hat	Fedora update for cyrus-imapd	28/09/09
Cisco	Cisco Unified Communications Manager SIP Processing Denial of Service	28/09/09
Sun Microsystems	Sun Solaris Trusted Extensions Common Desktop Environment Vulnerability	28/09/09
Sun Microsystems	Sun Solaris XScreenSaver Information Disclosure Vulnerability	28/09/09
Sun Microsystems	Sun Solaris LibTIFF "LZWDecodeCompat()" Buffer Underflow Vulnerability	28/09/09
Sun Microsystems	Sun Solaris xscreensaver RandR Extension Information Disclosure	28/09/09
Sun Microsystems	Sun Solaris Cluster "clsetup" Privilege Escalation	28/09/09
Check Point	wget SSL Certificate NULL Character Processing Vulnerability	28/09/09
Check Point	Check Point Products TCP Implementation Denial of Service	28/09/09
HP	HP-UX Role-Based Access Control Unauthorised Access	28/09/09
Apple	Apple iTunes ".pls" Processing Buffer Overflow Vulnerability	28/09/09
Red Hat	Mambo Cross-Site Scripting and File Upload Vulnerabilities	28/09/09
Red Hat	Red Hat update for neon	28/09/09
Debian	Debian update for changetrack	28/09/09
Red Hat	Red Hat update for pidgin	28/09/09
HP	HP NonStop Server BIND Dynamic Update Denial of Service	28/09/09
Check Point	Check Point Connectra "vpid_prefix" Cross-Site Scripting	28/09/09
IBM	IBM WebSphere Application Server Multiple Vulnerabilities	28/09/09
Sun Microsystems	Sun Solaris iSCSI Management Commands Privilege Escalation	28/09/09
Apache Software Foundation	Apache mod_proxy_ftp FTP Command Injection	22/09/09
Red Hat	Fedora update for drupal	21/09/09
Gentoo	Gentoo update for nginx	21/09/09
Sun Microsystems	Sun StarOffice / StarSuite XML Parsing Multiple Vulnerabilities	21/09/09
IBM	IBM Lotus Notes RSS Widget Internet Zone Security Bypass	21/09/09
Adobe Systems	Adobe RoboHelp Server Unspecified Vulnerability	21/09/09
HP	MyBB Username Spoofing and SQL Injection Vulnerabilities	21/09/09
HP	HP ProCurve Identity Driven Manager Privilege Escalation Vulnerability	21/09/09
Red Hat	Fedora update for bugzilla	21/09/09
Red Hat	Fedora update for drupal-date	21/09/09
Debian	Debian update for wxwidgets	21/09/09
Gentoo	Gentoo update for dnsmasq	21/09/09
Red Hat	Red Hat update for freeradius	18/09/09
Novell	Novell GroupWise WebAccess "User.Theme.index" Cross-Site Scripting	18/09/09
Research In Motion	BlackBerry Desktop Software FlexNET Connect ActiveX Control Vulnerability	18/09/09
Research In Motion	BlackBerry Application Web Loader ActiveX Control Buffer Overflow	18/09/09
Research In Motion	RIM TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability	18/09/09
NetBSD	NetBSD x86 IRET Pre-Commit Failure Privilege Escalation	18/09/09
Debian	Debian update for icu	17/09/09
SuSE	SUSE Update for Multiple Packages	17/09/09
Debian	Debian update for openssl	17/09/09
Siemens	Gigaset SE361 WLAN Denial of Service Vulnerability	17/09/09
Sun Microsystems	Sun StarOffice / StarSuite Word Document Table Parsing Vulnerabilities	16/09/09
Red Hat	Fedora update for nginx	16/09/09
Google	Google Chrome Security Bypass and Cross-Site Scripting	16/09/09
Debian	Debian update for rails	16/09/09
VMware	VMware Workstation 5 VMnc Codec Multiple Vulnerabilities	16/09/09
HP	HP-UX bootpd Denial of Service Vulnerability	16/09/09
Red Hat	Red Hat update for kernel	16/09/09
Gentoo	Gentoo update for lynx	16/09/09
Red Hat	Fedora update for dovecot	15/09/09
Red Hat	Fedora update for kdelibs	15/09/09
Apple	Apple Xsan Admin Connection URL Username/Password Disclosure	15/09/09
Debian	Debian update for nginx	15/09/09
HP	HP StorageWorks Products Remote Management Interface Denial of Service	15/09/09
Sun Microsystems	Sun Solaris 9 Ghostscript Multiple Vulnerabilities	15/09/09
Debian	Debian update for nagios2	15/09/09
Sun Microsystems	Sun Solaris Pidgin Buffer Overflow Vulnerability	15/09/09
Debian	Debian update for iceweasel	15/09/09
Debian	Debian update for xulrunner	15/09/09
Slackware Linux	Slackware update for mozilla-firefox	15/09/09
Red Hat	Fedora update for ocaml-camlimages	14/09/09
Red Hat	Fedora update for postgresql	14/09/09
Red Hat	Fedora update for firefox and xulrunner	14/09/09
Mozilla Organization	Bugzilla Information Disclosure Weakness and SQL Injection Vulnerabilities	14/09/09
Red Hat	Fedora update for puppet	14/09/09
Red Hat	Fedora update for firefox and xulrunner	14/09/09
Red Hat	Fedora update for ikiwiki	14/09/09
Sun Microsystems	Sun Solaris "w" Utility Privilege Escalation	14/09/09
Sun Microsystems	Sun Solaris 8 "w" Utility Privilege Escalation	14/09/09
Gentoo	Xerver HTTP Server Restricted Extensions Security Bypass	14/09/09
Gentoo	Gentoo update for irssi	14/09/09
Gentoo	Gentoo update for znc	14/09/09
Gentoo	Gentoo update for horde	14/09/09
Gentoo	Gentoo update for htmldoc	14/09/09
Gentoo	Gentoo update for wireshark	14/09/09
Debian	Debian update for devscripts	11/09/09
Apple	Apple Mac OS X Security Update Fixes Multiple Vulnerabilities	11/09/09
IBM	IBM WebSphere Application Server Denial of Service and Information Disclosure	11/09/09
IBM	IBM WebSphere Application Server Denial of Service and Information Disclosure	11/09/09
Apple	Apple QuickTime Multiple Vulnerabilities	11/09/09
IBM	IBM WebSphere MQ Multiple Vulnerabilities	11/09/09
IBM	IBM Lotus Notes / Domino Keyview XLS Processing Buffer Overflow	11/09/09
Debian	Debian update for nagios2	11/09/09
Red Hat	Red Hat update for firefox	11/09/09
Red Hat	Red Hat update for seamonkey	11/09/09
Red Hat	Fedora update for libsilc	11/09/09
Apple	Apple iPhone / iPod touch Multiple Vulnerabilities	11/09/09
Microsoft	Windows 2000 / XP TCP/IP Window Size Denial of Service Vulnerabilities	11/09/09
Postgresql	PostgreSQL "RESET SESSION AUTHORIZATION" Privilege Escalation	10/09/09
Gentoo	Gentoo update for clamAV	10/09/09
Postgresql	PostgreSQL Multiple Vulnerabilities	10/09/09
Gentoo	Gentoo update for apr and apr-util	10/09/09
Gentoo	Gentoo update for screenie	10/09/09
Gentoo	Gentoo update for openswan	10/09/09
Gentoo	Gentoo update for aMule	10/09/09
Gentoo	Gentoo update for cmus	10/09/09
Gentoo	Gentoo update for gccxml	10/09/09
Gentoo	Gentoo update for tkman	10/09/09
Debian	Debian update for xapian-omega	10/09/09
Gentoo	Gentoo lmbench Insecure Temporary Files	10/09/09
Sun Microsystems	Sun Solaris lx Branded Zones Denial of Service	10/09/09
Sun Microsystems	Sun Solaris TCP Implementation Denial of Service Vulnerabilities	10/09/09
Mozilla Organization	Mozilla Firefox Multiple Vulnerabilities	10/09/09
Mozilla Organization	Mozilla Firefox Temporary File Download Manipulation Security Issue	10/09/09
Red Hat	Fedora update for kdelibs3	09/09/09
Red Hat	Fedora update for cyrus-imapd	09/09/09
Cisco	Cisco Products TCP Implementation Denial of Service Vulnerabilities	09/09/09
Sun Microsystems	Sun Solaris SNMP Daemon Denial of Service Vulnerability	09/09/09
Sun Microsystems	Sun Solaris Print Job Denial of Service	09/09/09
IBM	IBM HTTP Server Multiple Vulnerabilities	09/09/09
IBM	IBM WebSphere MQ Multiple Vulnerabilities	09/09/09
Red Hat	Red Hat update for xmlsec1	09/09/09
Red Hat	Red Hat update for fetchmail	09/09/09
Microsoft	Microsoft Windows SMB Processing Array Indexing Vulnerability	09/09/09
Microsoft	Microsoft Windows SMB Processing Array Indexing Vulnerability	09/09/09
Microsoft	Microsoft JScript Scripting Engine Memory Corruption Vulnerability	09/09/09
Microsoft	Windows Server 2008 Wireless LAN AutoConfig Service Code Execution	09/09/09
Microsoft	Microsoft Windows Vista Wireless LAN AutoConfig Service Code Execution	09/09/09
Microsoft	Microsoft Windows Media Format Two Code Execution Vulnerabilities	09/09/09
Microsoft	Microsoft Windows TCP/IP Implementation Multiple Vulnerabilities	09/09/09
Microsoft	Windows Server 2003 TCP/IP Window Size Denial of Service Vulnerabilities	09/09/09
Microsoft	Windows 2000 TCP/IP Window Size Denial of Service Vulnerabilities	09/09/09
Microsoft	Microsoft Windows DHTML Editing ActiveX Control Vulnerability	09/09/09
Microsoft	Microsoft Windows SMB Processing Array Indexing Vulnerability	09/09/09
Debian	SILC Toolkit / SILC Server Incorrect Format Specifier Memory Corruption	09/09/09
Debian	Debian update for silc-client and silc-toolkit	09/09/09
Mozilla Organization	Mozilla Thunderbird / SeaMonkey Network Security Services Vulnerabilities	08/09/09
SAP	SAP Business One License Manager Buffer Overflow	08/09/09
Debian	Debian update for cyrus-imapd-2.2	08/09/09
Slackware Linux	Cyrus IMAP Server Sieve Buffer Overflow Vulnerability	08/09/09
Slackware Linux	Slackware update for seamonkey	08/09/09
OpenOffice.org	OpenOffice.org Word Document Table Parsing Vulnerabilities	08/09/09
Red Hat	Fedora update for wordpress	08/09/09
Debian	Debian update for openoffice.org	07/09/09
Gentoo	Gentoo update for libvorbis	07/09/09
IBM	IBM Lotus Domino Web Access Cross-Site Scripting Vulnerability	07/09/09
IBM	IBM Tivoli Identity Manager Script Insertion Vulnerability	07/09/09
VMware	VMware Workstation Movie Decoder VMnc Codec Two Vulnerabilities	07/09/09
Sun Microsystems	Sun Solaris Adobe Reader and Acrobat Multiple Vulnerabilities	07/09/09
Sun Microsystems	Sun Solaris Adobe Reader Multiple Vulnerabilities	07/09/09
Sun Microsystems	Sun libxml2 DTD Parsing Denial of Service Vulnerabilities	07/09/09
Sun Microsystems	Sun Solaris TCP/IP Networking Stack Denial of Service	07/09/09
Red Hat	Red Hat update for openoffice.org	05/09/09
Apple	Apple Mac OS X update for Java	04/09/09
Microsoft	Microsoft IIS FTP Server Recursive Listing Denial of Service	04/09/09
Red Hat	Fedora update for xemacs	04/09/09
Red Hat	Fedora update for fetchmail	04/09/09
Red Hat	Fedora update for openoffice.org	04/09/09
Novell	Novell ZENWorks Asset Management Multiple Vulnerabilities	04/09/09
Novell	Novell ZENworks Configuration Management Multiple Vulnerabilities	04/09/09
Novell	Novell eDirectory Multiple Vulnerabilities	04/09/09
Samba Team	Samba Multiple Vulnerabilities	04/09/09
IBM	IBM Tivoli Directory Server Unspecified Denial of Service Vulnerabilities	04/09/09
SAP	SAP NetWeaver Multiple Vulnerabilities	04/09/09
Cisco	Linksys WRT54GL Unspecified Buffer Overflow Vulnerability	04/09/09
IBM	IBM Lotus Domino Server Unspecified Denial of Service	04/09/09
SAP	Crystal Reports Server Unspecified Vulnerabilities	04/09/09
McAfee	McAfee Email and Web Security Appliance Information Disclosure	04/09/09
MySQL	MySQL Unspecified Buffer Overflow Vulnerability	04/09/09
Sun Microsystems	Sun Java System Active Server Pages Multiple Vulnerabilities	04/09/09
HP	HP Operations Manager Unspecified Vulnerability	04/09/09
HP	HP Operations Dashboard Portal Unspecified Vulnerability	04/09/09
Kaspersky Labs	Kaspersky Online Scanner Unspecified Vulnerability	04/09/09
HP	HP Performance Insight Multiple Unspecified Vulnerabilities	04/09/09
Novell	Novell iPrint Client Unspecified Buffer Overflow Vulnerability	04/09/09
Apache Software Foundation	Apache mod_proxy_ftp EPSV Denial of Service Vulnerability	04/09/09
Adobe Systems	Adobe RoboHelp Server Unspecified Vulnerability	04/09/09
D-Link Systems	FreeRADIUS Unspecified Denial of Service Vulnerability	04/09/09
D-Link Systems	freeSSHd Unspecified Denial of Service Vulnerability	04/09/09
D-Link Systems	D-Link DIR-400 Wireless Router Unspecified Buffer Overflow	04/09/09
Debian	Debian update for mysql-dfsg-5.0	03/09/09
Red Hat	Fedora update for qt	03/09/09
Sun Microsystems	Sun Solaris Adobe Flash Player Multiple Vulnerabilities	03/09/09
Red Hat	Fedora update for mapserver	03/09/09
Sun Microsystems	Sun Solaris Adobe Flash Player Multiple Vulnerabilities	03/09/09
Debian	Debian update for devscripts	03/09/09
Red Hat	Red Hat update for openssl	03/09/09
Red Hat	Red Hat update for cman	03/09/09
Red Hat	Red Hat update for openssh	03/09/09
Red Hat	Red Hat update for nfs-utils	03/09/09
Red Hat	Red Hat update for mysql	03/09/09
Red Hat	Red Hat update for gdm	03/09/09
Red Hat	Red Hat update for ecryptfs-utils	03/09/09
Red Hat	Red Hat update for gfs2-utils	03/09/09
Red Hat	Red Hat update for kernel	03/09/09
Red Hat	Red Hat update for lftp	02/09/09
Debian	Debian update for dnsmasq	02/09/09
Red Hat	Fedora update for httpd	02/09/09
Red Hat	Red Hat update for kernel-rt	01/09/09
Opera Software	Opera Multiple Vulnerabilities	01/09/09
Red Hat	Fedora update for htmldoc	01/09/09
Debian	Debian update for ikiwiki	01/09/09
Red Hat	Fedora update for firebird	01/09/09
Red Hat	Fedora update for irssi	01/09/09
Microsoft	Microsoft Internet Information Services FTP Server NLST Buffer Overflow	01/09/09
OpenOffice.org	OpenOffice.org Word Document Table Parsing Vulnerabilities	01/09/09
IBM	IBM WebSphere Application Server Denial of Service	01/09/09
Red Hat	Red Hat update for dnsmasq	01/09/09

Centre for Critical Infrastructure Protection (CCIP)

Centre for Critical Infrastructure Protection

September 2009