Apple Security Advisory 2012-11-07-1 - QuickTime version 7.7.3 is now available and addresses multiple buffer overflows, memory corruption, and use after free vulnerabilities.
95366d789e2d5c28d406a06fd1ca4fc0cb19baf1959db6188a58334716e79283
Zoner Photo Studio 15 builds 2 and 3 suffer from a stack-based buffer overflow vulnerability. Full proof of concept code included.
562915b74a8fedb12889e09ea4190964fe550f41396e218b3d54305d5f1f93d6
AWCM version 2.2 appears to suffer from cookie forgery and direct access vulnerabilities.
04b5cf86d1ba1376d915fcb77b40e90026665f961d78136e789d3c4736371974
Ubuntu Security Notice 1628-1 - Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.
ed0e1302e786f48be680646fe32bbe1d52e2b672014c7237009d99ba58c39be1
Ubuntu Security Notice 1627-1 - It was discovered that the mod_negotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that the Apache HTTP Server was vulnerable to the "CRIME" SSL data compression attack. Although this issue had been mitigated on the client with newer web browsers, this update also disables SSL data compression on the server. A new SSLCompression directive for Apache has been backported that may be used to re-enable SSL data compression in certain environments.
78d859b0127ad9a08e2ef3ebae386c916040fc5754b3a2ee8a2f5eea27ac423a
Gentoo Linux Security Advisory 201211-1 - Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion. Versions less than 1.2.11 are affected.
73ec59ae980b4d7e5b8fa8eebfffdf5f421714d1583295709c6a59e187bc7d7b
Red Hat Security Advisory 2012-1438-01 - Red Hat has updated the support life cycle for Red Hat Enterprise Virtualization version 2, extending the end of life for version 2 from November 3rd 2012 until March 1st 2013. During this period customers are recommended to upgrade their existing Red Hat Enterprise Virtualization 2.x installations to version 3.0. The upgrade from RHEV Manager version 2.2 running on Microsoft Windows to Red Hat Enterprise Virtualization Manager 3.0 running on Red Hat Enterprise Linux is fully supported and requires no downtime, during the upgrade all virtual machines will continue to run without loss of service.
212e08104136bf4e609a172a8779b5fdea80264d89222727cce40116942ed820
Ubuntu Security Notice 1626-1 - Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
1448e620a78c5a2839b913c68bbbbc9d60ee54b306e4ffb6d1910709c13f079e
Secunia Security Advisory - Ubuntu has issued an update for icedtea-web. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
f784289779c1aa8b509e0dc04d3575fc5406c7b925a5b6b65a2dc9854dfeaabb
Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
46bc4bf47bbedf66953d0bcc2e507cc024ae22a15e7a9e05015e56318f37f495
Secunia Security Advisory - Tavis Ormandy has reported multiple vulnerabilities in Sophos Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
b08a7c2470ab6518631923185870143cd4ca98e17ae244daa22662ea9f1a6633
Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
f32a7cff1a5ea2b280124f9c3aa29d08b22a1caf3d327b88923e47f1112120db
Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
2b181913a6c418a696dcf40b51389cbe10896b91e410f0d0ea693dc8c75d5b6f
Secunia Security Advisory - A security issue has been reported in the CiviCRM module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.
d4ae4124a4cdc1cab017118ad5c53fdb91d9af3debd714751afe1903d7b7c8f3
Secunia Security Advisory - A security issue has been reported in Payflow SDK, which can be exploited by malicious people to conduct spoofing attacks.
d0a6f8da0f1d3999ba6ffb37320622208cdd30e6e1596eb0c9c7fd2993cd95fc
Secunia Security Advisory - Ben Sheppard has discovered a vulnerability in the Script Runner plugin for Atlassian JIRA, which can be exploited by malicious people to conduct cross-site request forgery attacks.
367794adc9956b8178337e42d8c8185d28a3b54c3b39c7a5ff64d492adbf73b3
Secunia Security Advisory - A security issue has been reported in Moneris eSelectPlus PHP API, which can be exploited by malicious people to conduct spoofing attacks.
53839467b353aba7d0d3800439bb8b9cd1b8a187ba31f5959be9d38b7fa65d1e
Secunia Security Advisory - A security issue has been reported in PayPal SDK, which can be exploited by malicious people to conduct spoofing attacks.
caaa69e00c794bb80e4ff079a046d30a72c32a722593f4fc38ca0227434b8b40
Secunia Security Advisory - A security issue has been reported in Magento, which can be exploited by malicious people to conduct spoofing attacks.
3cedcec8ac3d15a534c53f667cf9856f8bf9fb9dba81614394c5538d03041b4f
Secunia Security Advisory - Gentoo has issued an update for MantisBT. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, conduct script insertion attacks, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
51c7d7e1cc6108aac2fd75a1c28e429cddec8e9f2034e20f68e2d1fa958497d3
Secunia Security Advisory - A security issue has been reported in Trillian, which can be exploited by malicious people to conduct spoofing attacks.
33b9d44c93809623d4864826b4ffdf59cef36b20b75794269db37cd79e432a8c
Secunia Security Advisory - A security issue has been reported in Amazon Web Services SDK, which can be exploited by malicious people to conduct spoofing attacks.
14f57dcfaf77409d9c21dabcf2bb8cbd0b244ecbc04e1c597af7ff1f2c4ec108
AVerCaster Pro RS3400 version 3.1.20 suffers from a directory traversal vulnerability.
b508c4fec94e9084eb272e6fbe458f5ca65f454a44df359df2078610c204cb42
Drupal Webform CiviCRM Integration third party module version 7.x suffers from an access bypass vulnerability.
b76b03e4b8ce8562a35fd0ad76b0df92b97e07f3fb7533e3042532c7b5bb2f1a
Drupal OM Maximenu third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
bd782ee3b000a7eb249c3d223977f90a2f65b0ee1c3fdd952e68b041fdf969f6