Multiple vulnerabilities have been identified in the Optim E-Business Console making the product vulnerable to phishing attacks, the interception of credentials and the bypass of login entirely. Fixes are available now.

A vulnerability in the portal module of WebEx Social could allow an authenticated, remote attacker to inject JavaScript in links attached to posts. The vulnerability is due to insufficient server-side validation and sanitization of user supplied input. An update is available via the common support channels.

The IBM WebSphere Application Server WS-Security could allow a network attacker to spoof message signatures. By sending a specially-crafted SOAP message, a network attacker could exploit this vulnerability to execute code. Fixes are available now.

Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack. If an attack is successful, full credentials will be revealed and thus full access to the VPN from an outside attacker would be possible. Fortinet points out that solutions have been available since April 2012.

Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Cisco has released free software updates that address this vulnerability.

Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). A buffer overflow flaw was found in Openswan, allowing attackers in the local network a Denial-of-Service (DoS) or root compromise under certrain circumstances. Updated packages are available now.

For BIG-IP systems or Enterprise Manager systems using the MySQL database, very many MySQL vulnerabilities may allow local users to gain knowledge of sensitive information, manipulate certain data, or cause a Denial-of-Service (DoS). Upgrades address these issues.

The kernel is the basis of a linux os. These packages show more than 30 vulnerabilities. Most of them can be exploited by local users only, but they might e.g. lead to root compromise. Updated packages are available.

Many vulernabilities have been found in java-1.6.0-ibm and java-1.7.0-ibm. Exploiting them might allow several attack vectors, resulting in e.g. remote code execution. Updated packages are available now.

New versions of the mail program Thunderbird are available now. They fix several vulnerabilities that might e.g. allow remote code, execution, remote Denial-of-Service (DoS) or Cross-Site Scripting (XSS) attacks.

New versions of Firefox are available now. They fix several vulnerabilities that might e.g. allow remote code, execution, remote Denial-of-Service (DoS) or Cross-Site Scripting (XSS) attacks.

The IBM InfoSphere Information Server doesn't update the session identifier after a successful authentication. This can lead to session fixation attacks. An attacker could exploit this vulnerability to gain unauthorized access to the application by acting as the session created by a regular user. Fixes are available now.

The IBM JRE embedded in the InfoSphere Data Replication Dashboard has security vulnerabilities that affect SSL connections to the dashboard web server. Further unspecified vulnerabilities allow remote attackers to affect availability via vectors that are related to JSSE. Fixes are available now.

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. These updates address 27 vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe has released security updates for Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.280 and earlier versions for Linux, Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x. These updates address 13 vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server. Adobe is aware of reports that four vulnerabilities are being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons