@RISK: The Consensus Security Vulnerability Alert
Volume: X, Issue: 2
January 1, 2011
Current Newsletters
@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).
Summary of the vulnerabilities reported this week:
-
- Category
- # of Updates & Vulnerabilities
-
- Summary of Updates and Vulnerabilities in this Consensus
-
- Platform Number of Updates and Vulnerabilities
-
- ------------------------ -------------------------------------
-
- Windows
- 1
-
- Third Party Windows Apps
- 1
-
- Linux
- 1
-
- Cross Platform
- 10 (#1)
-
- Web Application - Cross Site Scripting
- 1
-
- Web Application - SQL Injection
- 2
-
- Web Application
- 5
-
- Network Device
- 1
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process
Widely Deployed Software
- (1) Medium: IBM Tivoli Storage Manager Client Remote Script Execution Affected: Novell iPrint Client 5.52 Description: Novell iPrint is a technology that allows access to search printers and install drivers from a web browser. Novell has re
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 2, 2011
Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10747 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________
- - CVE: Not Available Platform: Windows Title: Microsoft Windows Fax Cover Page Editor Remote Code Execution Description: Microsoft Windows Server is exposed to a remote code execution issue that affects the Windows Fax Cover Page Editor component Windows Se
(c) 2011. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner. Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/
Check Them Out!
Instructors have excellent hands on real life experience.
-Terry Kuxhaus, State of South Dakota
- SANS Site Network
- Current Site
Training- Choose a different site Help
Certification
College
Internet Storm Center
Security Awareness
Computer Forensics
IT Audit
Software Security
Penetration Testing
