Sunday, June 29, 2014
IT Security Alerts Weekly Digest (15 Jun ~ 21 Jun 2014)
1. Information Updates on Microsoft Security Advisory (2960358)
[20/06/2014] Microsoft has updated information on the Security Advisory for Microsoft .NET Framework. KB2960358 added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.
URL:technet.microsoft.com/library/security/2960358
2. Vulnerability in Cisco WebEx Meetings Server
[20/06/2014] Vulnerability was identified in the Cisco WebEx Meetings Server. An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296
URL:xforce.iss.net/xforce/xfdb/93871
3. Vulnerability in F5 ARX Series Products (SOL15320)
[20/06/2014] Vulnerability was identified in the bundled Apache HTTP Server in F5 ARX Series products. An attacker could cause a denial of service condition. This vulnerability affects versions 6.0.0 through 6.4.0 of the mentioned product.
URL:support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
URL:secunia.com/advisories/59219/
4. Vulnerabilities in IBM Products (1675818, 1675820, 1675821)
[20/06/2014] Vulnerabilities were identified in the IBM Tivoli Netcool System Service Monitors and IBM Tivoli Netcool Application Service Monitors. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21675818
URL:www.ibm.com/support/docview.wss?uid=swg21675820
URL:www.ibm.com/support/docview.wss?uid=swg21675821
URL:secunia.com/advisories/58615/
URL:secunia.com/advisories/59376/
5. Vulnerability in Novell Identity Manager (5187310)
[20/06/2014] Vulnerability was identified in the Novell Identity Manager. An attacker could execute arbitrary code. This vulnerability affects versions prior to 4.0.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=Gdv7rveQBiE~
6. Vulnerability in AlogoSec FireFlow (93839)
[20/06/2014] Vulnerability was identified in the AlogoSec FireFlow. An attacker could perform cross-site scripting attacks. This vulnerability affects version 6.3 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93839
7. Vulnerabilities in Parallels Plesk Panel
[20/06/2014] Vulnerabilities were identified in the Parallels Plesk Panel. An attacker could perform cross-site scripting attacks and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/14062001
URL:secunia.com/advisories/58819/
8. Vulnerabilities in KDE kdelibs (93875)
[20/06/2014] Vulnerabilities were identified in the KDE kdelibs. An attacker could bypass security restrictions. This vulnerability affects version 4.6 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93875
URL:www.securityfocus.com/bid/68113
9. Vulnerability in Linux Kernel (93870)
[20/06/2014] Vulnerability was identified in the Linux Kernel. An attacker could cause a denial of service condition. The affected version was not specified. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93870
10. Security Updates in Gentoo Linux (GLSA 201406-18)
[20/06/2014] Gentoo has released security update packages for fixing the vulnerability identified in the rxvt-unicode package for multiple versions of Gentoo Linux. An attacker could execute arbitrary code.
URL:www.gentoo.org/security/en/glsa/glsa-201406-18.xml
11. Security Updates in Red Hat Products (RHSA-2014:0770-1, RHSA-2014:0771-1, RHSA-2014:0772-1)
[20/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the foreman-proxy package for Red Hat OpenStack 3.0 and 4.0, and the kernel package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-0770.html
URL:rhn.redhat.com/errata/RHSA-2014-0771.html
URL:rhn.redhat.com/errata/RHSA-2014-0772.html
12. Security Updates in Ubuntu GNU/Linux (usn-2250-1)
[20/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the thunderbird package for versions 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2250-1/
13. Vulnerability in Apache Hive
[19/06/2014] Vulnerability was identified in the Apache Hive. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 0.13.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:cwiki.apache.org/confluence/download/attachments/40509928/hivecve_signed.txt
URL:secunia.com/advisories/59181/
14. Vulnerabilities in HP Executive Scorecard (c04341295)
[19/06/2014] Vulnerabilities were identified in the HP Executive Scorecard. An attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system. This vulnerability affects versions 9.40 and 9.41 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04341295
URL:secunia.com/advisories/59363/
15. Vulnerability in Novell Identity Manager (5187330)
[19/06/2014] Vulnerability was identified in the Novell Identity Manager. An attacker could execute arbitrary code. This vulnerability affects version 4.0.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=5XLmBl54_Rg~
16. Vulnerabilities in Juniper Networks NetScreen Firewalls (JSA10631, JSA10632)
[19/06/2014] Vulnerabilities were identified in the Juniper Networks NetScreen Firewalls. An attacker could cause a denial of service condition. These vulnerabilities affect versions prior to 6.3r17 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10631
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10632
URL:secunia.com/advisories/59026/
17. Vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance (93784)
[19/06/2014] Vulnerability was identified in the Trend Micro InterScan Messaging Security Virtual Appliance. An attacker could perform cross-site scripting attacks. This vulnerability affects version 8.5.1.1516 and possibly other versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:seclists.org/fulldisclosure/2014/May/164
URL:secunia.com/advisories/58491/
18. Vulnerability in Belkin N150 wireless routers
[19/06/2014] Vulnerability was identified in the Belkin N150 wireless routers. An attacker could obtain sensitive information. This vulnerability affects firmware versions prior to 1.00.08 of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.belkin.com/us/support-article?articleNum=109400
URL:www.kb.cert.org/vuls/id/774788
19. Vulnerabilities in Gitlab
[19/06/2014] Vulnerabilities were identified in the Gitlab. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 6.6.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.gitlab.com/2014/02/27/gitlab-ee-6-6-2-security-release/
URL:secunia.com/advisories/58903/
20. Vulnerabilities in EMC RSA BSAFE Toolkits (93831, 93832, 93833)
[19/06/2014] Vulnerabilities were identified in the EMC RSA BSAFE Toolkits. An attacker could obtain sensitive information. The affected version was not specified.
URL:xforce.iss.net/xforce/xfdb/93831
URL:xforce.iss.net/xforce/xfdb/93832
URL:xforce.iss.net/xforce/xfdb/93833
21. Vulnerability in OpenStack Neutron (93854)
[19/06/2014] Vulnerability was identified in the OpenStack Neutron. An attacker could cause a denial of service condition. This vulnerability affects versions 2013.2.3 and 2014.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93854
22. Security Updates in Debian (DSA-2963-1)
[19/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the lucene-solr package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could obtain sensitive information and execute arbitrary code.
URL:www.debian.org/security/2014/dsa-2963
23. Security Updates in Red Hat Products (RHSA-2014:0762-1, RHSA-2014:0763-1, RHSA-2014:0764-1)
[19/06/2014] Red Hat has released security update packages for fixing the vulnerability identified in the rubygem-openshift-origin-node package for Red Hat OpenShift Enterprise 1 and 2. An attacker could gain elevated privileges and execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2014-0762.html
URL:rhn.redhat.com/errata/RHSA-2014-0763.html
URL:rhn.redhat.com/errata/RHSA-2014-0764.html
24. Security Updates in Ubuntu GNU/Linux (usn-2248-1, usn-2249-1)
[19/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the cinder and heat packages for versions 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2248-1/
URL:www.ubuntu.com/usn/usn-2249-1/
25. Vulnerability in Microsoft Malware Protection Engine (2974294)
[18/06/2014] Vulnerability was identified in the Microsoft Malware Protection Engine. An attacker could cause a denial of service condition. This vulnerability affects versions prior to 1.1.10701.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:technet.microsoft.com/library/security/2974294
URL:www.hkcert.org/my_url/en/alert/14061801
URL:www.us-cert.gov/ncas/current-activity/2014/06/17/Microsoft-Releases-Security-Advisory-Microsoft-Malware-Protection
26. Information Updates on Microsoft Security Bulletins (2969262, 2967487)
[18/06/2014] Microsoft has updated information on the Security Bulletins for Microsoft Internet Explorer, Microsoft Windows, Microsoft Office and Microsoft Lync. (a) MS14-035 corrected the severity table and vulnerability information to add CVE-2014-2782 as a vulnerability addressed by this update. (b) MS14-036 clarified in the Update FAQ for Microsoft Office section what updates will be offered to systems that are running Microsoft Office 2010.
URL:technet.microsoft.com/library/security/ms14-035
URL:technet.microsoft.com/library/security/ms14-036
27. Vulnerability in F5 ARX Data Manager (SOL15310)
[18/06/2014] Vulnerability was identified in the F5 ARX Data Manager. An attacker could execute arbitrary code. This vulnerability affects versions 3.0.0 through 3.1.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/300/sol15310.html
URL:www.kb.cert.org/vuls/id/210884
28. Vulnerabilities in IBM Products (1671544, 1674905, 1675343, 1675689, 1675972, 1676110)
[18/06/2014] Vulnerabilities were identified in the IBM GSKit, IBM Rational DOORS, IBM Tivoli Application Dependency Discovery Manager, IBM Multi-Enterprise Integration Gateway, IBM Tivoli Integrated Portal, IBM Tivoli Storage Productivity Center, IBM WEB interface for Content Management and IBM InfoSphere Identity Insight. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21671544
URL:www.ibm.com/support/docview.wss?uid=swg21674905
URL:www.ibm.com/support/docview.wss?uid=swg21675343
URL:www.ibm.com/support/docview.wss?uid=swg21675689
URL:www.ibm.com/support/docview.wss?uid=swg21675972
URL:www.ibm.com/support/docview.wss?uid=swg21676110
URL:secunia.com/advisories/57477/
URL:secunia.com/advisories/58710/
URL:secunia.com/advisories/58947/
URL:secunia.com/advisories/59106/
URL:secunia.com/advisories/59118/
URL:secunia.com/advisories/59250/
29. Vulnerabilities in Novell Products (5187150, 7010867)
[18/06/2014] Vulnerabilities were identified in the Novell NetIQ Access Manager and Novell Open Enterprise Server 11. An attacker could bypass security restrictions, traverse directories, perform cross-site scripting attacks and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=JDgXUx7Fg-w~
URL:www.novell.com/support/kb/doc.php?id=7010867
URL:secunia.com/advisories/59113/
30. Vulnerabilities in Symantec Web Gateway (SYM14-010)
[18/06/2014] Vulnerabilities were identified in the Symantec Web Gateway. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. These vulnerabilities affect versions prior to 5.2.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
URL:www.kb.cert.org/vuls/id/719172
URL:xforce.iss.net/xforce/xfdb/93818
URL:xforce.iss.net/xforce/xfdb/93819
URL:xforce.iss.net/xforce/xfdb/93820
URL:xforce.iss.net/xforce/xfdb/93821
URL:secunia.com/advisories/59281/
31. Vulnerability in GNU C Library (93784)
[18/06/2014] Vulnerability was identified in the GNU C Library. An attacker could execute arbitrary code on the system. This vulnerability affects version 2.19 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93784
32. Security Updates in Oracle Solaris
[18/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the libXtsol, LibTIFF, WAN Boot, OpenSSL and Bind packages for Oracle Solaris 8, 9, 10 and 11.1. Due to multiple errors, an attacker could bypass security restrictions, overflow a buffer, obtain sensitive information and cause a denial of service condition.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0397_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0591_buffer_errors1
33. Security Updates in Debian (DSA-2962-1)
[18/06/2014] Debian has released security update packages for fixing the vulnerability identified in the nspr package for multiple versions of Debian GNU/Linux. An attacker could execute arbitrary code.
URL:www.debian.org/security/2014/dsa-2962
34. Security Updates in Gentoo Linux (GLSA 201406-17)
[18/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201406-17.xml
35. Security Updates in SUSE (SUSE-SU-2014:0806-1, SUSE-SU-2014:0807-1, openSUSE-SU-2014:0798-1, openSUSE-SU-2014:0799-1 )
[18/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player and linux kernel packages for SUSE Linux Enterprise 11, and the flash-player package for openSUSE 11.4, 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site-scripting attacks, cause a denial of service condition and compromise a user's system.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00022.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00029.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00030.html
URL:secunia.com/advisories/59304
36. Security Updates in Ubuntu GNU/Linux (usn-2214-3, usn-2246-1, usn-2247-1)
[18/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libxml2, apt and OpenStack nova packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2214-3/
URL:www.ubuntu.com/usn/usn-2246-1/
URL:www.ubuntu.com/usn/usn-2247-1/
37. Vulnerability in Apache Continuum
[17/06/2014] Vulnerability was identified in the Apache Continuum. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 1.3.1 through 1.4.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:continuum.apache.org/security.html
URL:secunia.com/advisories/59209/
38. Vulnerability in Cisco Product
[17/06/2014] Vulnerability was identified in the Cisco Adaptive Security Appliance (ASA) Software. An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2151
39. Vulnerabilities in Novell Products (5184170, 5184172, 5184173, 5184174, 5184175 5187050)
[17/06/2014] Vulnerabilities were identified in the Novell eDirectory, Novell NetIQ eDirectory and Novell Filr. An attacker could bypass security restrictions and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=CugpfhQ-7lM~
URL:download.novell.com/Download?buildid=La-1NmYxKNM~
URL:download.novell.com/Download?buildid=mvIy6f0xgh8~
URL:download.novell.com/Download?buildid=V1WjO7ephTg~
URL:download.novell.com/Download?buildid=w0C5wM3x7Kg~
URL:download.novell.com/Download?buildid=xCwYSGC5aB0~
40. Vulnerabilities in IBM Products (1673620, 1674448, 1674812, 1675415, 1675454, 1675470, 1675472)
[17/06/2014] Vulnerabilities were identified in the IBM InfoSphere Information Services Catalog web application, IBM InfoSphere Information Server, IBM InfoSphere Information Server Information Services Director, IBM InfoSphere Information Server Business Glossary, IBM InfoSphere Information Server Metadata Workbench, IBM InfoSphere Data Click and IBM Curam Social Program Management. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21673620
URL:www.ibm.com/support/docview.wss?uid=swg21674448
URL:www.ibm.com/support/docview.wss?uid=swg21674812
URL:www.ibm.com/support/docview.wss?uid=swg21675415
URL:www.ibm.com/support/docview.wss?uid=swg21675454
URL:www.ibm.com/support/docview.wss?uid=swg21675470
URL:www.ibm.com/support/docview.wss?uid=swg21675472
URL:secunia.com/advisories/59228/
URL:secunia.com/advisories/59252/
URL:secunia.com/advisories/59253/
URL:secunia.com/advisories/59256/
URL:secunia.com/advisories/59257/
URL:secunia.com/advisories/59259/
41. Vulnerability in Oracle Database
[17/06/2014] Vulnerability was identified in the Oracle Database. An attacker could gain elevated privileges and execute arbitrary code. This vulnerability affects versions 11.2.0.1.0, 11.2.0.4.5, 12.1.0.1.0 and 12.1.0.1.9 of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/14061701
42. Vulnerability in Huawei eSap Platform (Huawei-SA-20140616-01-eSap)
[17/06/2014] Vulnerability was identified in the Huawei eSap software platform. An attacker could a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345171.htm
43. Vulnerability in Core FTP (93754)
[17/06/2014] Vulnerability was identified in the Core FTP. An attacker could execute arbitrary code and cause a denial of service condition. This vulnerability affects version 2.2 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93754
44. Vulnerability in Parallels Plesk Panel (93793)
[17/06/2014] Vulnerability was identified in the Parallels Plesk Panel. An attacker could obtain sensitive information. This vulnerability affects version 11.0.9 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93793
45. Vulnerability in PowerDNS (93800)
[17/06/2014] Vulnerability was identified in the PowerDNS. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93800
46. Vulnerability in Spring Framework (93774)
[17/06/2014] Vulnerability was identified in the Spring Framework. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 3.2.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93774
47. Vulnerability in OpenStack Keystone (93791)
[17/06/2014] Vulnerability was identified in the OpenStack Keystone. An attacker could gain elevated privileges. This vulnerability affects version 2014.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93791
48. Vulnerability in ZeroCMS (93785)
[17/06/2014] Vulnerability was identified in the ZeroCMS. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects version 1.0 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93785
49. Vulnerability in PHP
[17/06/2014] Vulnerability was identified in the PHP. An attacker could execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:github.com/php/php-src/commit/4f73394fdd95d3165b4391e1b0dedd57fced8c3b
URL:secunia.com/advisories/58683/
50. Security Updates in Oracle Linux (ELSA-2014-0740, ELSA-2014-0740-1, ELSA-2014-0747)
[17/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and python-jinja2 packages for Oracle Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and gain elevated privileges.
URL:linux.oracle.com/errata/ELSA-2014-0740.html
URL:linux.oracle.com/errata/ELSA-2014-0740-1.html
URL:oss.oracle.com/pipermail/el-errata/2014-June/004192.html
URL:secunia.com/advisories/58780/
URL:secunia.com/advisories/58783/
51. Security Updates in Debian (DSA-2960-1, DSA-2961-1)
[17/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the icedove and php5 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.debian.org/security/2014/dsa-2960
URL:www.debian.org/security/2014/dsa-2961
52. Security Updates in Gentoo Linux (GLSA 201406-16)
[17/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the cups-filters package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could gain elevated privileges and execute arbitrary code.
URL:www.gentoo.org/security/en/glsa/glsa-201406-16.xml
53. Security Updates in SUSE (openSUSE-SU-2014:0797-1, SUSE-SU-2014:0800-1)
[17/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Mozilla Firefox, Mozilla Thunderbird and Mozilla Netscape Portable Runtime (NSPR) packages for openSUSE 11.4, the GnuTLS package for SUSE CORE 9. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a user's system.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00020.html
URL:secunia.com/advisories/59229/
54. Vulnerability in Novell Sentinel (5186771)
[16/06/2014] Vulnerability was identified in the Novell Sentinel. An attacker could bypass security restrictions, traverse directories and execute arbitrary code. This vulnerability affects versions prior to 7.2.0.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=-SNDQrCun2A~
55. Vulnerabilities in IBM Products
[16/06/2014] Vulnerabilities were identified in the IBM AIX and IBM Virtual I/O Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
URL:secunia.com/advisories/58714/
56. Vulnerabilities in Huawei Products (Huawei-SA-20140613-OpenSSL)
[16/06/2014] Vulnerabilities were identified in multiple Huawei products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
57. Vulnerability in SEIL routers (93771)
[16/06/2014] Vulnerability was identified in the SEIL routers. An attacker could cause a denial of service condition. This vulnerability affects firmware version 1.80 ja of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93771
58. Vulnerabilities in Openfiler (93761, 93762, 93763, 93764)
[16/06/2014] Vulnerabilities were identified in the Openfiler. An attacker could obtain sensitive information and execute arbitrary code. These vulnerabilities affect version 2.99 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93761
URL:xforce.iss.net/xforce/xfdb/93762
URL:xforce.iss.net/xforce/xfdb/93763
URL:xforce.iss.net/xforce/xfdb/93764
59. Vulnerabilities in PHP
[16/06/2014] Vulnerabilities were identified in the PHP. An attacker could execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions 5.3 and 5.4.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
URL:xforce.iss.net/xforce/xfdb/93769
60. Security Updates in Debian (DSA-2959-1)
[16/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the chromium-browser package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.debian.org/security/2014/dsa-2959
61. Security Updates in Gentoo Linux (GLSA 201406-09, GLSA 201406-10, GLSA 201406-11, GLSA 201406-12, GLSA 201406-13, GLSA 201406-14, GLSA 201406-15)
[16/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the gnutls, lighttpd, libXfont, freeradius, memcached, opera and kdirstat packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201406-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-10.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-11.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-12.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-13.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-14.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-15.xml
62. Security Updates in Mandriva (MDVSA-2014:124, MDVSA-2014:125)
[16/06/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the kernel and Mozilla Netscape Portable Runtime (NSPR) packages for version MBS1 and MES5 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:124/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:125/
63. Security Updates in SUSE (openSUSE-SU-2014:0782-1, openSUSE-SU-2014:0783-1, SUSE-SU-2014:0788-2, SUSE-SU-2014:0796-1)
[16/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the GnuTLS and Linux Kernel packages for SUSE Linux Enterprise 10 and 11, the apache2-mod_wsgi and chromium packages for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform spoofing and cross-site scripting attacks, cause a denial of service condition and compromise a user's system.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00022.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
URL:secunia.com/advisories/59155/
URL:secunia.com/advisories/59159/
IT Security Alerts Weekly Digest (22 Jun ~ 28 Jun 2014)
1. Vulnerabilities in HP System Management Homepage
(c04345210)
[27/06/2014] Vulnerabilities were identified in the HP System Management Homepage. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions 7.3.2 and earlier for Linux and Windows of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04345210
URL:secunia.com/advisories/59514/
2. Vulnerabilities in IBM Products (N1020163, 1675626, 1676375, 1676688, 1676793, MIGR-5095754, MIGR-5095756)
[27/06/2014] Vulnerabilities were identified in the IBM i, IBM Rational ClearCase, IBM Lotus Quickr for WebSphere Portal, IBM Marketing Platform, IBM Tivoli Workload Scheduler for Applications, IBM FastSetup and IBM Upward Integration Modules (UIM) for VMware vSphere and Microsoft System Center. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=nas8N1020163
URL:www.ibm.com/support/docview.wss?uid=swg21675626
URL:www.ibm.com/support/docview.wss?uid=swg21676375
URL:www.ibm.com/support/docview.wss?uid=swg21676688
URL:www.ibm.com/support/docview.wss?uid=swg21676793
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
URL:secunia.com/advisories/58337/
URL:secunia.com/advisories/58742/
URL:secunia.com/advisories/58851/
URL:secunia.com/advisories/58945/
URL:secunia.com/advisories/59306/
URL:secunia.com/advisories/59477/
URL:secunia.com/advisories/59518/
3. Vulnerabilities in Novell Products (5187530, 5187531, 5187532, 5187533, 7015264)
[27/06/2014] Vulnerabilities were identified in the Novell Identity Manager, Novell Identity Manager Roles Based Provisioning Module, Novell NetIQ Identity Manager Roles Based Provisioning Module and Novell Open Enterprise Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=2zVeFSiHUtI~
URL:download.novell.com/Download?buildid=6_QDR8MKvFQ~
URL:download.novell.com/Download?buildid=lEL_Xm13SbE~
URL:download.novell.com/Download?buildid=MsOUtQILyLA~
URL:www.novell.com/support/kb/doc.php?id=7015264
URL:secunia.com/advisories/59495/
4. Vulnerability in Symantec Data Insight (SYM14-012)
[27/06/2014] Vulnerability was identified in the Symantec Data Insight. An attacker could perform cross-site scripting attacks. This vulnerability affects versions prior to 4.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20140625_00
URL:secunia.com/advisories/59538/
5. Vulnerability in WordPress (93956)
[27/06/2014] Vulnerability was identified in WordPress. An attacker could execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93956
6. Vulnerability in Xen (XSA-101)
[27/06/2014] Vulnerability was identified in the Xen. An attacker could obtain sensitive information. This vulnerability affects version 4.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xen.xensource.com/
URL:xforce.iss.net/xforce/xfdb/93962
7. Security Updates in Oracle Linux (ELSA-2014-0788, ELSA-2014-0790)
[27/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the mod_wsgi and dovecot packages for Oracle Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-0788.html
URL:linux.oracle.com/errata/ELSA-2014-0790.html
URL:secunia.com/advisories/59537/
URL:secunia.com/advisories/59536/
8. Security Updates in Gentoo Linux (GLSA 201406-22, GLSA 201406-23, GLSA 201406-24, GLSA 201406-25)
[27/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the nas, denyhost, dnsmasq and asterisk packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201406-22.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-23.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-24.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-25.xml
9. Security Updates in Red Hat Products (RHSA-2014:0798-1, RHSA-2014:0799-1, RHSA-2014:0800-1, RHSA-2014:0801-1)
[27/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the Red Hat JBoss Enterprise Application Platform for Red Hat Enterprise Linux 5 and 6, and kernel packages for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-0798.html
URL:rhn.redhat.com/errata/RHSA-2014-0799.html
URL:rhn.redhat.com/errata/RHSA-2014-0800.html
URL:rhn.redhat.com/errata/RHSA-2014-0801.html
10. Security Updates in Ubuntu GNU/Linux (usn-2257-1, usn-2258-1)
[27/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the samba, gnupg and gnupg2 packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could obtain sensitive information and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2257-1/
URL:www.ubuntu.com/usn/usn-2258-1/
11. Vulnerabilities in IBM Products (1675266, 1675898, 1675973, 1676035, 1676071, 1676401, 1676644)
[26/06/2014] Vulnerabilities were identified in the IBM Records Manager, IBM Content Manager Records Enabler, IBM Content Analytics, IBM OmniFind Enterprise Edition, IBM Forms Viewer, IBM API Management, IBM Tivoli Network Manager IP Edition, IBM DB2 Query Management Facility for WebSphere and IBM MessageSight Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21675266
URL:www.ibm.com/support/docview.wss?uid=swg21675898
URL:www.ibm.com/support/docview.wss?uid=swg21675973
URL:www.ibm.com/support/docview.wss?uid=swg21676035
URL:www.ibm.com/support/docview.wss?uid=swg21676071
URL:www.ibm.com/support/docview.wss?uid=swg21676401
URL:www.ibm.com/support/docview.wss?uid=swg21676644
URL:secunia.com/advisories/58974/
URL:secunia.com/advisories/58976/
URL:secunia.com/advisories/59305/
URL:secunia.com/advisories/59441/
URL:secunia.com/advisories/59450/
URL:secunia.com/advisories/59464/
URL:secunia.com/advisories/59480/
12. Vulnerabilities in F-Secure Products (FSC-2014-6)
[26/06/2014] Vulnerabilities were identified in F-Secure Server Security, F-Secure Email Server Security, F-Secure PSB Server Security, F-Secure PSB Email Server Security, F-Secure Messaging Security Gateway, F-Secure Protection Service for Email, F-Secure Key for Windows and Mac OS X, F-Secure Search, F-Secure Safe Profile server, F-Secure Safe Avenue server and F-Secure Freedome for Android. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerabilities in F-Secure Email and Server Security and F-Secure Server Security.
URL:www.f-secure.com/en/web/labs_global/fsc-2014-6
URL:secunia.com/advisories/59223/
13. Vulnerabilities in Novell Messenger (7015271)
[26/06/2014] Vulnerabilities were identified in the Novell Messenger. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.novell.com/support/kb/doc.php?id=7015271
URL:secunia.com/advisories/59310/
14. Vulnerabilities in Avant Browser
[26/06/2014] Vulnerabilities were identified in the Avant Browser. An attacker could execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 2014 build 6 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.avantbrowser.com/new.aspx
URL:secunia.com/advisories/59393/
15. Vulnerability in Linux Kernel
[26/06/2014] Vulnerability was identified in the Linux Kernel. An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a31ad380bed817aa25f8830ad23e1a0480fef797
URL:xforce.iss.net/xforce/xfdb/93944
16. Security Updates in Debian (DSA-2967-1)
[26/06/2014] Debian has released security update packages for fixing the vulnerability identified in the gnupg package for multiple versions of Debian GNU/Linux. An attacker could cause a denial of service condition.
URL:www.debian.org/security/2014/dsa-2967
17. Security Updates in FreeBSD (FreeBSD-SA-14:15.iconv, FreeBSD-SA-14:16.file)
[26/06/2014] FreeBSD has released security update packages for fixing the vulnerabilities identified in the libc/iconv and file packages for multiple versions of FreeBSD. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc
18. Security Updates in Red Hat Products (RHSA-2014:0788-1, RHSA-2014:0789-1, RHSA-2014:0790-1, RHSA-2014:0791-1, RHSA-2014:0792-1, RHSA-2014:0793-1)
[26/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the mod_wsgi packages for Red Hat Enterprise Linux 6, dovecot packages for Red Hat Enterprise Linux 6 and 7, the python27-mod_wsgi and python33-mod_wsgi packages for Red Hat Software Collections 1 for Red Hat Enterprise Linux 6, and the Red Hat JBoss Enterprise Web and Application Platform for Red Hat Enterprise Linux 4, 5, and 6. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-0788.html
URL:rhn.redhat.com/errata/RHSA-2014-0789.html
URL:rhn.redhat.com/errata/RHSA-2014-0790.html
URL:rhn.redhat.com/errata/RHSA-2014-0791.html
URL:rhn.redhat.com/errata/RHSA-2014-0792.html
URL:rhn.redhat.com/errata/RHSA-2014-0793.html
19. Security Updates in SUSE (openSUSE-SU-2014:0840-1, SUSE-SU-2014:0847-1, SUSE-SU-2014:0848-1)
[26/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel package for openSUSE 13.1, the novell-ui-base and novell-qtgui packages for SUSE Linux Enterprise 11, and the openstack-keystone package for SUSE Cloud 3. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
20. Security Updates in Ubuntu GNU/Linux (usn-2254-2, usn-2255-1, usn-2256-1)
[26/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the php5, neutron and swift packages for versions 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, obtain sensitive information, gain elevated privileges and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2254-2/
URL:www.ubuntu.com/usn/usn-2255-1/
URL:www.ubuntu.com/usn/usn-2256-1/
21. Vulnerabilities in BlackBerry Products (KB36051)
[25/06/2014] Vulnerabilities were identified in the BlackBerry 10 OS, Universal Device Service component of BES10, BlackBerry Link, BBM for Android and iPhone, WorkConnect component of Secure Work Space for iOS and Android. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products.
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36051&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36051
22. Vulnerability in Cisco IOS Software
[25/06/2014] Vulnerability was identified in the Cisco IOS Software. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3299
23. Vulnerabilities in IBM Products (T1020952, T1020976, IT02314, 1390112, 1674128, 1675266, 1676389, 1676410, 1676496, 1676501, 1676615, 1676706, 1676708, 1676833, 1676879, 1676889, 7042296)
[25/06/2014] Vulnerabilities were identified in the IBM SmartCloud Entry, IBM WebSphere DataPower SOA Appliances, IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services, IBM FileNet Legacy Content Search Engine, IBM Records Manager, IBM Content Manager Records Enabler, IBM Security Privileged Identity Manager Virtual Appliance, IBM DataQuant for WebSphere, IBM WebSphere MQ, Support Pac MAT1, Support Pac MA9B, IBM Worklight Consumer Edition, IBM Watson Explorer/InfoSphere Data Explorer, IBM Sterling Order Management, IBM Sterling Selling and Fulfillment Foundation, IBM Sterling Field Sales, IBM Sterling Web Channel, IBM WebSphere Cast Iron Solution, IBM Security Network Intrusion Prevention System and IBM Security Network Enterprise Scanner. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products.
URL:www.ibm.com/support/docview.wss?uid=isg3T1020952
URL:www.ibm.com/support/docview.wss?uid=isg3T1020976
URL:www.ibm.com/support/docview.wss?uid=swg1IT02314
URL:www.ibm.com/support/docview.wss?uid=swg21390112
URL:www.ibm.com/support/docview.wss?uid=swg21674128
URL:www.ibm.com/support/docview.wss?uid=swg21675266
URL:www.ibm.com/support/docview.wss?uid=swg21676389
URL:www.ibm.com/support/docview.wss?uid=swg21676410
URL:www.ibm.com/support/docview.wss?uid=swg21676496
URL:www.ibm.com/support/docview.wss?uid=swg21676501
URL:www.ibm.com/support/docview.wss?uid=swg21676615
URL:www.ibm.com/support/docview.wss?uid=swg21676706
URL:www.ibm.com/support/docview.wss?uid=swg21676708
URL:www.ibm.com/support/docview.wss?uid=swg21676833
URL:www.ibm.com/support/docview.wss?uid=swg21676879
URL:www.ibm.com/support/docview.wss?uid=swg21676889
URL:www.ibm.com/support/docview.wss?uid=swg27042296
URL:secunia.com/advisories/59178/
URL:secunia.com/advisories/59184/
URL:secunia.com/advisories/59287/
URL:secunia.com/advisories/59381/
URL:secunia.com/advisories/59430/
URL:secunia.com/advisories/59435/
URL:secunia.com/advisories/59442/
URL:secunia.com/advisories/59443/
URL:secunia.com/advisories/59445/
URL:secunia.com/advisories/59446/
URL:secunia.com/advisories/59449/
URL:secunia.com/advisories/59453/
URL:secunia.com/advisories/59457/
URL:secunia.com/advisories/59465/
URL:secunia.com/advisories/59466/
URL:secunia.com/advisories/59478/
URL:secunia.com/advisories/59479/
URL:secunia.com/advisories/59483/
URL:secunia.com/advisories/59485/
24. Vulnerabilities in McAfee Products (SB10075)
[25/06/2014] Vulnerabilities were identified in the McAfee Third-Party Consumer Module: LastPass/SafeKey, McAfee Advanced Threat Defense/Network Threat Response, McAfee ePolicy Orchestrator, McAfee Agent for Mac, McAfee Firewall Enterprise, McAfee Firewall Enterprise Control Center, McAfee Real Time for ePO, McAfee Security for App Store - Cloud, McAfee Web Gateway, McAfee Security Information and Event Management/Nitro Mobile Cloud, and McAfee SaaS Account Management. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kc.mcafee.com/corporate/index?page=content&id=SB10075
URL:www.hkcert.org/my_url/en/alert/14062501
URL:secunia.com/advisories/59162/
25. Vulnerabilities in Xerox FreeFlow Print Server (XRX14-004)
[25/06/2014] Vulnerabilities were identified in the Xerox FreeFlow Print Server. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.xerox.com/download/security/security-bulletin/b2f13-4fbfcf66f7822/cert_XRX14-004_v1-01.pdf
URL:secunia.com/advisories/59227/
26. Vulnerability in Ericom Products (ERM-2014-610)
[25/06/2014] Vulnerability was identified in the Ericom AccessNow Server and Ericom Blaze Serve. An attacker could execute arbitrary code and compromise a vulnerable system. This vulnerability affects versions prior to 3.3.1.4095 of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.ericom.com/security-ERM-2014-610.asp
URL:secunia.com/advisories/58803/
27. Vulnerability in ZyXEL P660RT2 EE router (93924)
[25/06/2014] Vulnerability was identified in the ZyXEL P660RT2 EE router. An attacker could perform cross-site scripting attacks. This vulnerability affects firmware version 3.40 (AXN.1) of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93924
28. Vulnerability in Samba
[25/06/2014] Vulnerability was identified in the Samba. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.samba.org/samba/security/CVE-2014-3493
URL:xforce.iss.net/xforce/xfdb/93928
29. Vulnerability in GnuPG
[25/06/2014] Vulnerability was identified in the GnuPG. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
URL:xforce.iss.net/xforce/xfdb/93935
30. Security Updates in Oracle Solaris
[25/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the OpenSSL package for Oracle Solaris 11.1. Due to multiple errors, an attacker could bypass security restrictions, overflow a buffer, obtain sensitive information and cause a denial of service condition.
URL:blogs.oracle.com/sunsecurity/entry/cve_2010_5298_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0198_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of
31. Security Updates in Slackware (SSA:2014-175-01, SSA:2014-175-02, SSA:2014-175-03, SSA:2014-175-04, SSA:2014-175-05)
[25/06/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the gnupg2, samba, seamonkey, gnupg and bind packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.426195
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.435311
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.493247
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.503216
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391
32. Security Updates in SUSE (SUSE-SU-2014:0824-3, SUSE-SU-2014:0837-1, SUSE-SU-2014:0838-1, SUSE-SU-2014:0837-2)
[25/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel, rxvt-unicode and MozillaFirefox packages for SUSE Linux Enterprise 11. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00028.html
33. Security Updates in Ubuntu GNU/Linux (usn-2232-3)
[25/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl package for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, obtain sensitive information, gain elevated privileges and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2232-3/
34. Vulnerabilities in IBM Products (1675956, 1676356, 1676373, 1676403, 1676529, 1676672)
[24/06/2014] Vulnerabilities were identified in the IBM Jazz Team Server based Applications, IBM Rational Application Developer for WebSphere Software, IBM IMS Enterprise Suite, IBM Initiate Master Data Service, IBM InfoSphere Master Data Management Server, IBM InfoSphere Master Data Management Standard/Advanced Edition, IBM Security Network Protection (XGS) and IBM MessageSight. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21675956
URL:www.ibm.com/support/docview.wss?uid=swg21676356
URL:www.ibm.com/support/docview.wss?uid=swg21676373
URL:www.ibm.com/support/docview.wss?uid=swg21676403
URL:www.ibm.com/support/docview.wss?uid=swg21676529
URL:www.ibm.com/support/docview.wss?uid=swg21676672
URL:secunia.com/advisories/59194/
URL:secunia.com/advisories/59232/
URL:secunia.com/advisories/59240/
URL:secunia.com/advisories/59436/
URL:secunia.com/advisories/59437/
URL:secunia.com/advisories/59440/
35. Vulnerabilities in Novell Products (5187410, 5187430, 5187450, 5187510)
[24/06/2014] Vulnerabilities were identified in the Novell Messenger, Novell Identity Manager and Novell NetIQ Identity Manager Roles Based Provisioning Module. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing and cross-site scripting attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=LPl8JVNYPmk~
URL:download.novell.com/Download?buildid=QH01IUZGcs8~
URL:download.novell.com/Download?buildid=v3pQ2Ai0khw~
URL:download.novell.com/Download?buildid=xVAUBQahnSc~
36. Vulnerability in Symantec Products (SYM14-011)
[24/06/2014] Vulnerability was identified in the Symantec Encryption Desktop Professional and Symantec PGP Desktop. An attacker could gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00
URL:xforce.iss.net/xforce/xfdb/93915
37. Vulnerability in SpamTitan (VU#849500)
[24/06/2014] Vulnerability was identified in the SpamTitan. An attacker could perform cross-site scripting attacks. This vulnerability affects versions prior to 6.04 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/849500
38. Vulnerabilities in Intelligent Platform Management Interface
[24/06/2014] Vulnerabilities were identified in the Intelligent Platform Management Interface. An attacker could compromise the system and obtain sensitive information. These vulnerabilities affect any system connected to the Internet running the IPMI.
URL:www.us-cert.gov/ncas/current-activity/2014/06/23/Risks-Exposing-Intelligent-Platform-Management-Interface-IPMI
39. Vulnerability in Google Android (93916)
[24/06/2014] Vulnerability was identified in the Google Android. An attacker could cause a denial of service condition and crash the application. This vulnerability affects versions 4.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93916
40. Vulnerability in Webmin Usermin (93908)
[24/06/2014] Vulnerability was identified in the Webmin Usermin. An attacker could execute arbitrary code on the system. This vulnerability affects versions prior to 1.600 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93908
41. Vulnerabilities in Linux cups-filters (93909, 93910)
[24/06/2014] Vulnerabilities were identified in the Linux cups-filters. An attacker could execute arbitrary code and crash the application. These vulnerabilities affect versions prior to 1.0.53 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/93909
URL:xforce.iss.net/xforce/xfdb/93910
42. Vulnerabilities in Linux Kernel (93913, 93914)
[24/06/2014] Vulnerabilities were identified in the Linux Kernel. An attacker could cause a denial of service condition. These vulnerabilities affect version 2.6.32.63 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93913
URL:xforce.iss.net/xforce/xfdb/93914
43. Security Updates in Oracle Solaris
[24/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the NSS, OpenSSL and WAN Boot packages for Oracle Solaris 8, 9, 10 and 11.1. Due to multiple errors, an attacker could bypass security restrictions, overflow a buffer, obtain sensitive information and cause a denial of service condition.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0076_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0221_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl3
44. Security Updates in Debian (DSA-2966-1)
[24/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the samba package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:www.debian.org/security/2014/dsa-2966
45. Security Updates in SUSE (SUSE-SU-2014:0824-2, openSUSE-SU-2014:0819-1)
[24/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox package for SUSE Linux Enterprise 10 and 11, the MozillaFirefox and mozilla-nspr packages for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could execute arbitrary code and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00024.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00040.html
URL:secunia.com/advisories/59425/
URL:secunia.com/advisories/59486/
46. Security Updates in Red Hat Products (RHSA-2014:0783-1)
[24/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the httpd security packages for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. An attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-0783.html
47. Security Updates in Ubuntu GNU/Linux (usn-2253-1, usn-2254-1)
[24/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libreoffice and php5 packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2253-1/
URL:www.ubuntu.com/usn/usn-2254-1/
48. Vulnerabilities in IBM Products (1675992, 1676062, 1676093, 1676226, 1676419)
[23/06/2014] Vulnerabilities were identified in the IBM Lotus Symphony, IBM SmartCloud Orchestrator, IBM Cognos Incentive Compensation Management, IBM Lotus Foundations Start and IBM Tivoli Management Framework. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerabilities in the IBM Lotus Symphony, IBM Cognos Incentive Compensation Management, IBM Lotus Foundations Start and IBM Tivoli Management Framework.
URL:www.ibm.com/support/docview.wss?uid=swg21675992
URL:www.ibm.com/support/docview.wss?uid=swg21676062
URL:www.ibm.com/support/docview.wss?uid=swg21676093
URL:www.ibm.com/support/docview.wss?uid=swg21676226
URL:www.ibm.com/support/docview.wss?uid=swg21676419
URL:secunia.com/advisories/58801/
URL:secunia.com/advisories/58939/
URL:secunia.com/advisories/59027/
URL:secunia.com/advisories/59151/
URL:secunia.com/advisories/59300/
49. Security Updates in Gentoo Linux (GLSA 201406-19, GLSA 201406-20, GLSA 201406-21)
[23/06/2014] Gentoo has released security update packages for fixing the vulnerability identified in the nss, nginx and curl packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could cause a denial of service condition, execute arbitrary code and perform man-in-the-middle attacks.
URL:www.gentoo.org/security/en/glsa/glsa-201406-19.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-20.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-21.xml
50. Security Updates in Ubuntu GNU/Linux (usn-2251-1, usn-2252-1)
[23/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux and linux-ec2 packages for versions 10.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2251-1/
URL:www.ubuntu.com/usn/usn-2252-1/
51. Security Updates in Debian (DSA-2964-1, DSA-2965-1)
[23/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the iodine and tiff packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a heap-based buffer overflow and execute arbitrary code.
URL:www.debian.org/security/2014/dsa-2964
URL:www.debian.org/security/2014/dsa-2965
52. Security Updates in SUSE (SUSE-SU-2014:0824-1)
[23/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Mozilla Firefox package for SUSE Linux Enterprise Software Development Kit 11 SP3, SUSE Linux Enterprise Desktop 11 SP3, and SUSE Linux Enterprise Server 10 SP3 LTSS and 11 SP3. Due to multiple errors, an attacker could execute arbitrary code and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html
[27/06/2014] Vulnerabilities were identified in the HP System Management Homepage. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions 7.3.2 and earlier for Linux and Windows of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04345210
URL:secunia.com/advisories/59514/
2. Vulnerabilities in IBM Products (N1020163, 1675626, 1676375, 1676688, 1676793, MIGR-5095754, MIGR-5095756)
[27/06/2014] Vulnerabilities were identified in the IBM i, IBM Rational ClearCase, IBM Lotus Quickr for WebSphere Portal, IBM Marketing Platform, IBM Tivoli Workload Scheduler for Applications, IBM FastSetup and IBM Upward Integration Modules (UIM) for VMware vSphere and Microsoft System Center. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=nas8N1020163
URL:www.ibm.com/support/docview.wss?uid=swg21675626
URL:www.ibm.com/support/docview.wss?uid=swg21676375
URL:www.ibm.com/support/docview.wss?uid=swg21676688
URL:www.ibm.com/support/docview.wss?uid=swg21676793
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
URL:secunia.com/advisories/58337/
URL:secunia.com/advisories/58742/
URL:secunia.com/advisories/58851/
URL:secunia.com/advisories/58945/
URL:secunia.com/advisories/59306/
URL:secunia.com/advisories/59477/
URL:secunia.com/advisories/59518/
3. Vulnerabilities in Novell Products (5187530, 5187531, 5187532, 5187533, 7015264)
[27/06/2014] Vulnerabilities were identified in the Novell Identity Manager, Novell Identity Manager Roles Based Provisioning Module, Novell NetIQ Identity Manager Roles Based Provisioning Module and Novell Open Enterprise Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=2zVeFSiHUtI~
URL:download.novell.com/Download?buildid=6_QDR8MKvFQ~
URL:download.novell.com/Download?buildid=lEL_Xm13SbE~
URL:download.novell.com/Download?buildid=MsOUtQILyLA~
URL:www.novell.com/support/kb/doc.php?id=7015264
URL:secunia.com/advisories/59495/
4. Vulnerability in Symantec Data Insight (SYM14-012)
[27/06/2014] Vulnerability was identified in the Symantec Data Insight. An attacker could perform cross-site scripting attacks. This vulnerability affects versions prior to 4.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20140625_00
URL:secunia.com/advisories/59538/
5. Vulnerability in WordPress (93956)
[27/06/2014] Vulnerability was identified in WordPress. An attacker could execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93956
6. Vulnerability in Xen (XSA-101)
[27/06/2014] Vulnerability was identified in the Xen. An attacker could obtain sensitive information. This vulnerability affects version 4.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xen.xensource.com/
URL:xforce.iss.net/xforce/xfdb/93962
7. Security Updates in Oracle Linux (ELSA-2014-0788, ELSA-2014-0790)
[27/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the mod_wsgi and dovecot packages for Oracle Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-0788.html
URL:linux.oracle.com/errata/ELSA-2014-0790.html
URL:secunia.com/advisories/59537/
URL:secunia.com/advisories/59536/
8. Security Updates in Gentoo Linux (GLSA 201406-22, GLSA 201406-23, GLSA 201406-24, GLSA 201406-25)
[27/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the nas, denyhost, dnsmasq and asterisk packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201406-22.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-23.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-24.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-25.xml
9. Security Updates in Red Hat Products (RHSA-2014:0798-1, RHSA-2014:0799-1, RHSA-2014:0800-1, RHSA-2014:0801-1)
[27/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the Red Hat JBoss Enterprise Application Platform for Red Hat Enterprise Linux 5 and 6, and kernel packages for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-0798.html
URL:rhn.redhat.com/errata/RHSA-2014-0799.html
URL:rhn.redhat.com/errata/RHSA-2014-0800.html
URL:rhn.redhat.com/errata/RHSA-2014-0801.html
10. Security Updates in Ubuntu GNU/Linux (usn-2257-1, usn-2258-1)
[27/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the samba, gnupg and gnupg2 packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could obtain sensitive information and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2257-1/
URL:www.ubuntu.com/usn/usn-2258-1/
11. Vulnerabilities in IBM Products (1675266, 1675898, 1675973, 1676035, 1676071, 1676401, 1676644)
[26/06/2014] Vulnerabilities were identified in the IBM Records Manager, IBM Content Manager Records Enabler, IBM Content Analytics, IBM OmniFind Enterprise Edition, IBM Forms Viewer, IBM API Management, IBM Tivoli Network Manager IP Edition, IBM DB2 Query Management Facility for WebSphere and IBM MessageSight Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21675266
URL:www.ibm.com/support/docview.wss?uid=swg21675898
URL:www.ibm.com/support/docview.wss?uid=swg21675973
URL:www.ibm.com/support/docview.wss?uid=swg21676035
URL:www.ibm.com/support/docview.wss?uid=swg21676071
URL:www.ibm.com/support/docview.wss?uid=swg21676401
URL:www.ibm.com/support/docview.wss?uid=swg21676644
URL:secunia.com/advisories/58974/
URL:secunia.com/advisories/58976/
URL:secunia.com/advisories/59305/
URL:secunia.com/advisories/59441/
URL:secunia.com/advisories/59450/
URL:secunia.com/advisories/59464/
URL:secunia.com/advisories/59480/
12. Vulnerabilities in F-Secure Products (FSC-2014-6)
[26/06/2014] Vulnerabilities were identified in F-Secure Server Security, F-Secure Email Server Security, F-Secure PSB Server Security, F-Secure PSB Email Server Security, F-Secure Messaging Security Gateway, F-Secure Protection Service for Email, F-Secure Key for Windows and Mac OS X, F-Secure Search, F-Secure Safe Profile server, F-Secure Safe Avenue server and F-Secure Freedome for Android. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerabilities in F-Secure Email and Server Security and F-Secure Server Security.
URL:www.f-secure.com/en/web/labs_global/fsc-2014-6
URL:secunia.com/advisories/59223/
13. Vulnerabilities in Novell Messenger (7015271)
[26/06/2014] Vulnerabilities were identified in the Novell Messenger. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.novell.com/support/kb/doc.php?id=7015271
URL:secunia.com/advisories/59310/
14. Vulnerabilities in Avant Browser
[26/06/2014] Vulnerabilities were identified in the Avant Browser. An attacker could execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 2014 build 6 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.avantbrowser.com/new.aspx
URL:secunia.com/advisories/59393/
15. Vulnerability in Linux Kernel
[26/06/2014] Vulnerability was identified in the Linux Kernel. An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a31ad380bed817aa25f8830ad23e1a0480fef797
URL:xforce.iss.net/xforce/xfdb/93944
16. Security Updates in Debian (DSA-2967-1)
[26/06/2014] Debian has released security update packages for fixing the vulnerability identified in the gnupg package for multiple versions of Debian GNU/Linux. An attacker could cause a denial of service condition.
URL:www.debian.org/security/2014/dsa-2967
17. Security Updates in FreeBSD (FreeBSD-SA-14:15.iconv, FreeBSD-SA-14:16.file)
[26/06/2014] FreeBSD has released security update packages for fixing the vulnerabilities identified in the libc/iconv and file packages for multiple versions of FreeBSD. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc
18. Security Updates in Red Hat Products (RHSA-2014:0788-1, RHSA-2014:0789-1, RHSA-2014:0790-1, RHSA-2014:0791-1, RHSA-2014:0792-1, RHSA-2014:0793-1)
[26/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the mod_wsgi packages for Red Hat Enterprise Linux 6, dovecot packages for Red Hat Enterprise Linux 6 and 7, the python27-mod_wsgi and python33-mod_wsgi packages for Red Hat Software Collections 1 for Red Hat Enterprise Linux 6, and the Red Hat JBoss Enterprise Web and Application Platform for Red Hat Enterprise Linux 4, 5, and 6. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-0788.html
URL:rhn.redhat.com/errata/RHSA-2014-0789.html
URL:rhn.redhat.com/errata/RHSA-2014-0790.html
URL:rhn.redhat.com/errata/RHSA-2014-0791.html
URL:rhn.redhat.com/errata/RHSA-2014-0792.html
URL:rhn.redhat.com/errata/RHSA-2014-0793.html
19. Security Updates in SUSE (openSUSE-SU-2014:0840-1, SUSE-SU-2014:0847-1, SUSE-SU-2014:0848-1)
[26/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel package for openSUSE 13.1, the novell-ui-base and novell-qtgui packages for SUSE Linux Enterprise 11, and the openstack-keystone package for SUSE Cloud 3. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
20. Security Updates in Ubuntu GNU/Linux (usn-2254-2, usn-2255-1, usn-2256-1)
[26/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the php5, neutron and swift packages for versions 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, obtain sensitive information, gain elevated privileges and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2254-2/
URL:www.ubuntu.com/usn/usn-2255-1/
URL:www.ubuntu.com/usn/usn-2256-1/
21. Vulnerabilities in BlackBerry Products (KB36051)
[25/06/2014] Vulnerabilities were identified in the BlackBerry 10 OS, Universal Device Service component of BES10, BlackBerry Link, BBM for Android and iPhone, WorkConnect component of Secure Work Space for iOS and Android. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products.
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36051&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36051
22. Vulnerability in Cisco IOS Software
[25/06/2014] Vulnerability was identified in the Cisco IOS Software. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3299
23. Vulnerabilities in IBM Products (T1020952, T1020976, IT02314, 1390112, 1674128, 1675266, 1676389, 1676410, 1676496, 1676501, 1676615, 1676706, 1676708, 1676833, 1676879, 1676889, 7042296)
[25/06/2014] Vulnerabilities were identified in the IBM SmartCloud Entry, IBM WebSphere DataPower SOA Appliances, IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services, IBM FileNet Legacy Content Search Engine, IBM Records Manager, IBM Content Manager Records Enabler, IBM Security Privileged Identity Manager Virtual Appliance, IBM DataQuant for WebSphere, IBM WebSphere MQ, Support Pac MAT1, Support Pac MA9B, IBM Worklight Consumer Edition, IBM Watson Explorer/InfoSphere Data Explorer, IBM Sterling Order Management, IBM Sterling Selling and Fulfillment Foundation, IBM Sterling Field Sales, IBM Sterling Web Channel, IBM WebSphere Cast Iron Solution, IBM Security Network Intrusion Prevention System and IBM Security Network Enterprise Scanner. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products.
URL:www.ibm.com/support/docview.wss?uid=isg3T1020952
URL:www.ibm.com/support/docview.wss?uid=isg3T1020976
URL:www.ibm.com/support/docview.wss?uid=swg1IT02314
URL:www.ibm.com/support/docview.wss?uid=swg21390112
URL:www.ibm.com/support/docview.wss?uid=swg21674128
URL:www.ibm.com/support/docview.wss?uid=swg21675266
URL:www.ibm.com/support/docview.wss?uid=swg21676389
URL:www.ibm.com/support/docview.wss?uid=swg21676410
URL:www.ibm.com/support/docview.wss?uid=swg21676496
URL:www.ibm.com/support/docview.wss?uid=swg21676501
URL:www.ibm.com/support/docview.wss?uid=swg21676615
URL:www.ibm.com/support/docview.wss?uid=swg21676706
URL:www.ibm.com/support/docview.wss?uid=swg21676708
URL:www.ibm.com/support/docview.wss?uid=swg21676833
URL:www.ibm.com/support/docview.wss?uid=swg21676879
URL:www.ibm.com/support/docview.wss?uid=swg21676889
URL:www.ibm.com/support/docview.wss?uid=swg27042296
URL:secunia.com/advisories/59178/
URL:secunia.com/advisories/59184/
URL:secunia.com/advisories/59287/
URL:secunia.com/advisories/59381/
URL:secunia.com/advisories/59430/
URL:secunia.com/advisories/59435/
URL:secunia.com/advisories/59442/
URL:secunia.com/advisories/59443/
URL:secunia.com/advisories/59445/
URL:secunia.com/advisories/59446/
URL:secunia.com/advisories/59449/
URL:secunia.com/advisories/59453/
URL:secunia.com/advisories/59457/
URL:secunia.com/advisories/59465/
URL:secunia.com/advisories/59466/
URL:secunia.com/advisories/59478/
URL:secunia.com/advisories/59479/
URL:secunia.com/advisories/59483/
URL:secunia.com/advisories/59485/
24. Vulnerabilities in McAfee Products (SB10075)
[25/06/2014] Vulnerabilities were identified in the McAfee Third-Party Consumer Module: LastPass/SafeKey, McAfee Advanced Threat Defense/Network Threat Response, McAfee ePolicy Orchestrator, McAfee Agent for Mac, McAfee Firewall Enterprise, McAfee Firewall Enterprise Control Center, McAfee Real Time for ePO, McAfee Security for App Store - Cloud, McAfee Web Gateway, McAfee Security Information and Event Management/Nitro Mobile Cloud, and McAfee SaaS Account Management. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kc.mcafee.com/corporate/index?page=content&id=SB10075
URL:www.hkcert.org/my_url/en/alert/14062501
URL:secunia.com/advisories/59162/
25. Vulnerabilities in Xerox FreeFlow Print Server (XRX14-004)
[25/06/2014] Vulnerabilities were identified in the Xerox FreeFlow Print Server. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.xerox.com/download/security/security-bulletin/b2f13-4fbfcf66f7822/cert_XRX14-004_v1-01.pdf
URL:secunia.com/advisories/59227/
26. Vulnerability in Ericom Products (ERM-2014-610)
[25/06/2014] Vulnerability was identified in the Ericom AccessNow Server and Ericom Blaze Serve. An attacker could execute arbitrary code and compromise a vulnerable system. This vulnerability affects versions prior to 3.3.1.4095 of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.ericom.com/security-ERM-2014-610.asp
URL:secunia.com/advisories/58803/
27. Vulnerability in ZyXEL P660RT2 EE router (93924)
[25/06/2014] Vulnerability was identified in the ZyXEL P660RT2 EE router. An attacker could perform cross-site scripting attacks. This vulnerability affects firmware version 3.40 (AXN.1) of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93924
28. Vulnerability in Samba
[25/06/2014] Vulnerability was identified in the Samba. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.samba.org/samba/security/CVE-2014-3493
URL:xforce.iss.net/xforce/xfdb/93928
29. Vulnerability in GnuPG
[25/06/2014] Vulnerability was identified in the GnuPG. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
URL:xforce.iss.net/xforce/xfdb/93935
30. Security Updates in Oracle Solaris
[25/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the OpenSSL package for Oracle Solaris 11.1. Due to multiple errors, an attacker could bypass security restrictions, overflow a buffer, obtain sensitive information and cause a denial of service condition.
URL:blogs.oracle.com/sunsecurity/entry/cve_2010_5298_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0198_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of
31. Security Updates in Slackware (SSA:2014-175-01, SSA:2014-175-02, SSA:2014-175-03, SSA:2014-175-04, SSA:2014-175-05)
[25/06/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the gnupg2, samba, seamonkey, gnupg and bind packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.426195
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.435311
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.493247
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.503216
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391
32. Security Updates in SUSE (SUSE-SU-2014:0824-3, SUSE-SU-2014:0837-1, SUSE-SU-2014:0838-1, SUSE-SU-2014:0837-2)
[25/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel, rxvt-unicode and MozillaFirefox packages for SUSE Linux Enterprise 11. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00028.html
33. Security Updates in Ubuntu GNU/Linux (usn-2232-3)
[25/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl package for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, obtain sensitive information, gain elevated privileges and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2232-3/
34. Vulnerabilities in IBM Products (1675956, 1676356, 1676373, 1676403, 1676529, 1676672)
[24/06/2014] Vulnerabilities were identified in the IBM Jazz Team Server based Applications, IBM Rational Application Developer for WebSphere Software, IBM IMS Enterprise Suite, IBM Initiate Master Data Service, IBM InfoSphere Master Data Management Server, IBM InfoSphere Master Data Management Standard/Advanced Edition, IBM Security Network Protection (XGS) and IBM MessageSight. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21675956
URL:www.ibm.com/support/docview.wss?uid=swg21676356
URL:www.ibm.com/support/docview.wss?uid=swg21676373
URL:www.ibm.com/support/docview.wss?uid=swg21676403
URL:www.ibm.com/support/docview.wss?uid=swg21676529
URL:www.ibm.com/support/docview.wss?uid=swg21676672
URL:secunia.com/advisories/59194/
URL:secunia.com/advisories/59232/
URL:secunia.com/advisories/59240/
URL:secunia.com/advisories/59436/
URL:secunia.com/advisories/59437/
URL:secunia.com/advisories/59440/
35. Vulnerabilities in Novell Products (5187410, 5187430, 5187450, 5187510)
[24/06/2014] Vulnerabilities were identified in the Novell Messenger, Novell Identity Manager and Novell NetIQ Identity Manager Roles Based Provisioning Module. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing and cross-site scripting attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=LPl8JVNYPmk~
URL:download.novell.com/Download?buildid=QH01IUZGcs8~
URL:download.novell.com/Download?buildid=v3pQ2Ai0khw~
URL:download.novell.com/Download?buildid=xVAUBQahnSc~
36. Vulnerability in Symantec Products (SYM14-011)
[24/06/2014] Vulnerability was identified in the Symantec Encryption Desktop Professional and Symantec PGP Desktop. An attacker could gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00
URL:xforce.iss.net/xforce/xfdb/93915
37. Vulnerability in SpamTitan (VU#849500)
[24/06/2014] Vulnerability was identified in the SpamTitan. An attacker could perform cross-site scripting attacks. This vulnerability affects versions prior to 6.04 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/849500
38. Vulnerabilities in Intelligent Platform Management Interface
[24/06/2014] Vulnerabilities were identified in the Intelligent Platform Management Interface. An attacker could compromise the system and obtain sensitive information. These vulnerabilities affect any system connected to the Internet running the IPMI.
URL:www.us-cert.gov/ncas/current-activity/2014/06/23/Risks-Exposing-Intelligent-Platform-Management-Interface-IPMI
39. Vulnerability in Google Android (93916)
[24/06/2014] Vulnerability was identified in the Google Android. An attacker could cause a denial of service condition and crash the application. This vulnerability affects versions 4.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93916
40. Vulnerability in Webmin Usermin (93908)
[24/06/2014] Vulnerability was identified in the Webmin Usermin. An attacker could execute arbitrary code on the system. This vulnerability affects versions prior to 1.600 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/93908
41. Vulnerabilities in Linux cups-filters (93909, 93910)
[24/06/2014] Vulnerabilities were identified in the Linux cups-filters. An attacker could execute arbitrary code and crash the application. These vulnerabilities affect versions prior to 1.0.53 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/93909
URL:xforce.iss.net/xforce/xfdb/93910
42. Vulnerabilities in Linux Kernel (93913, 93914)
[24/06/2014] Vulnerabilities were identified in the Linux Kernel. An attacker could cause a denial of service condition. These vulnerabilities affect version 2.6.32.63 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/93913
URL:xforce.iss.net/xforce/xfdb/93914
43. Security Updates in Oracle Solaris
[24/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the NSS, OpenSSL and WAN Boot packages for Oracle Solaris 8, 9, 10 and 11.1. Due to multiple errors, an attacker could bypass security restrictions, overflow a buffer, obtain sensitive information and cause a denial of service condition.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0076_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0221_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl3
44. Security Updates in Debian (DSA-2966-1)
[24/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the samba package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:www.debian.org/security/2014/dsa-2966
45. Security Updates in SUSE (SUSE-SU-2014:0824-2, openSUSE-SU-2014:0819-1)
[24/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox package for SUSE Linux Enterprise 10 and 11, the MozillaFirefox and mozilla-nspr packages for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could execute arbitrary code and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00024.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00040.html
URL:secunia.com/advisories/59425/
URL:secunia.com/advisories/59486/
46. Security Updates in Red Hat Products (RHSA-2014:0783-1)
[24/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the httpd security packages for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. An attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-0783.html
47. Security Updates in Ubuntu GNU/Linux (usn-2253-1, usn-2254-1)
[24/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libreoffice and php5 packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2253-1/
URL:www.ubuntu.com/usn/usn-2254-1/
48. Vulnerabilities in IBM Products (1675992, 1676062, 1676093, 1676226, 1676419)
[23/06/2014] Vulnerabilities were identified in the IBM Lotus Symphony, IBM SmartCloud Orchestrator, IBM Cognos Incentive Compensation Management, IBM Lotus Foundations Start and IBM Tivoli Management Framework. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerabilities in the IBM Lotus Symphony, IBM Cognos Incentive Compensation Management, IBM Lotus Foundations Start and IBM Tivoli Management Framework.
URL:www.ibm.com/support/docview.wss?uid=swg21675992
URL:www.ibm.com/support/docview.wss?uid=swg21676062
URL:www.ibm.com/support/docview.wss?uid=swg21676093
URL:www.ibm.com/support/docview.wss?uid=swg21676226
URL:www.ibm.com/support/docview.wss?uid=swg21676419
URL:secunia.com/advisories/58801/
URL:secunia.com/advisories/58939/
URL:secunia.com/advisories/59027/
URL:secunia.com/advisories/59151/
URL:secunia.com/advisories/59300/
49. Security Updates in Gentoo Linux (GLSA 201406-19, GLSA 201406-20, GLSA 201406-21)
[23/06/2014] Gentoo has released security update packages for fixing the vulnerability identified in the nss, nginx and curl packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could cause a denial of service condition, execute arbitrary code and perform man-in-the-middle attacks.
URL:www.gentoo.org/security/en/glsa/glsa-201406-19.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-20.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-21.xml
50. Security Updates in Ubuntu GNU/Linux (usn-2251-1, usn-2252-1)
[23/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux and linux-ec2 packages for versions 10.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2251-1/
URL:www.ubuntu.com/usn/usn-2252-1/
51. Security Updates in Debian (DSA-2964-1, DSA-2965-1)
[23/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the iodine and tiff packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a heap-based buffer overflow and execute arbitrary code.
URL:www.debian.org/security/2014/dsa-2964
URL:www.debian.org/security/2014/dsa-2965
52. Security Updates in SUSE (SUSE-SU-2014:0824-1)
[23/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Mozilla Firefox package for SUSE Linux Enterprise Software Development Kit 11 SP3, SUSE Linux Enterprise Desktop 11 SP3, and SUSE Linux Enterprise Server 10 SP3 LTSS and 11 SP3. Due to multiple errors, an attacker could execute arbitrary code and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html
Subscribe to:
Posts (Atom)