Alert Details

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

Unknown vulnerabilities have been identified in Novell Sentinel, with unknown impact.

More info.

Siemens has discovered a vulnerability in the client library of the database system COMOS which might allow attackers to escalate their privileges for database access. The attacker would need local access as authenticated user to exploit the vulnerability.

More info.

A flash player vulnerability has been identified in the Chrome browser that allows malicious flash files to take control of the video and audio from the webcams.  This vulnerability was corrected in Sep. 2011, but has found it's way back into Chrome.  Google plans on releasing a fix this week.

More info.

everal vulnerabilities have been resolved in the Basic Services component of IBM Tivoli Monitoring. These vulnerabilities could have potentially caused a denial of service or Cross Site Scripting (XSS) exposure.

More info.

Oracle has published a Critical Patch Update for Java, which contains 40 new security fixes for Oracle Java SE.  37 of these vulnerabilities may be remotely exploitable without authentication.
This Critical Patch Update includes a fix to the Javadoc Tool. API documentation in HTML format generated by the Javadoc tool that contains a right frame may be vulnerable to frame injection when hosted on a web server. Sites hosting such pages should re-generate the API documentation using the latest Javadoc tool and replace the current pages with the re-generated Javadoc output

More info.

A vulnerability processing TCP traffic on Cisco ASA CX could allow an unauthenticated, remote attacker to cause a reload of the affected device.

More info.

A DLL in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x server does not properly validate all external input. This could potentially result in a buffer overflow and remote code execution with application privileges on the server that is hosting the management console. 

More info.

Some WebSphere Commerce data may be encrypted using an encryption algorithm that is susceptible to a padding oracle attack which may allow for the disclosure of user personal data.

More info.

Multiple vulnerabilities have been reported in Apache XML Security, which can be exploited by malicious people to conduct spoofing attacks, cause a DoS (Denial of Service), and compromise an application using the library.
More info.

Multiple vulnerabilities have been reported in Sybase EAServer, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
More info.