Alert Details

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

Cisco has published updates for 12.1E version of IOS for a vulnerability originally published September 2011.

The Cisco IOS Software network address translation (NAT) feature contains multiple (DoS) vulnerabilities in the translation of the following protocols: NetMeeting Directory (Lightweight Directory Access Protocol, LDAP), Session Initiation Protocol. (Multiple vulnerabilities), H.323 protocol.

More info.

There is a public report identifying an unallocated Unicode string vulnerability with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink (SL) service (slssvc), which is part of the System Platform software suite. According to this report, the vulnerability allows an attacker to remotely crash older versions of the slssvc service by sending a long and unallocated Unicode string.

Invensys has provided directions for mitigation of this vulnerability, and will provide an upgrade path to unaffected versions of the software.

More info.

Apple has released an update for OS X.  This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

More info.

Also, Apple has released an update that runs a malware removal tool that will remove the most common variants of the Flashback malware.

More info.

Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) uses an ActiveX control on client systems to perform port forwarding operations.  A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser.  The affected ActiveX control is distributed to endpoint systems by Cisco ASA.  However, the impact of successful exploitation of this vulnerability is to the endpoint system only and does not compromise Cisco ASA devices.

More info.

A vulnerability has been identified in Adobe Photoshop CS5, which can be exploited by malicious people to compromise a user's system.  Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file.

More info.

Multiple vulnerabilities have been reported in QuickTime, which can be exploited by malicious people to compromise a user's system.

More info.

A vulnerability with unknown impact has been reported in IBM WebSphere Application Server for z/OS.

More info.

RealPlayer contains vulnerabilities that may allow remote code execution.

More info.

A vulnerability has been reported in Hitachi COBOL GUI Run Time System and Hitachi COBOL Server GUI Run Time System, which can be exploited by malicious people to compromise a user's system.
More info.

Also, Two vulnerabilities have been reported in Hitachi IT Operations Director, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

More info.

Google has released an update for Chrome that corrects several security vulnerabilities.

More info.