1. Vulnerabilities in HP System Management Homepage
(c04345210)
[27/06/2014] Vulnerabilities were identified in the HP System Management
Homepage. An attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information, execute arbitrary code and cause a
denial of service condition. These vulnerabilities affect versions 7.3.2 and
earlier for Linux and Windows of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04345210
URL:secunia.com/advisories/59514/
2. Vulnerabilities in IBM Products (N1020163, 1675626,
1676375, 1676688, 1676793, MIGR-5095754,
MIGR-5095756)
[27/06/2014] Vulnerabilities were identified in the IBM i, IBM Rational
ClearCase, IBM Lotus Quickr for WebSphere Portal, IBM Marketing Platform, IBM
Tivoli Workload Scheduler for Applications, IBM FastSetup and IBM Upward
Integration Modules (UIM) for VMware vSphere and Microsoft System Center. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, gain elevated privileges, cause a denial of service
condition and compromise a vulnerable system. These vulnerabilities affects
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=nas8N1020163
URL:www.ibm.com/support/docview.wss?uid=swg21675626
URL:www.ibm.com/support/docview.wss?uid=swg21676375
URL:www.ibm.com/support/docview.wss?uid=swg21676688
URL:www.ibm.com/support/docview.wss?uid=swg21676793
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
URL:secunia.com/advisories/58337/
URL:secunia.com/advisories/58742/
URL:secunia.com/advisories/58851/
URL:secunia.com/advisories/58945/
URL:secunia.com/advisories/59306/
URL:secunia.com/advisories/59477/
URL:secunia.com/advisories/59518/
3. Vulnerabilities in Novell Products (5187530, 5187531,
5187532, 5187533, 7015264)
[27/06/2014] Vulnerabilities were identified in the Novell Identity
Manager, Novell Identity Manager Roles Based Provisioning Module, Novell NetIQ
Identity Manager Roles Based Provisioning Module and Novell Open Enterprise
Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=2zVeFSiHUtI~
URL:download.novell.com/Download?buildid=6_QDR8MKvFQ~
URL:download.novell.com/Download?buildid=lEL_Xm13SbE~
URL:download.novell.com/Download?buildid=MsOUtQILyLA~
URL:www.novell.com/support/kb/doc.php?id=7015264
URL:secunia.com/advisories/59495/
4. Vulnerability in Symantec Data Insight
(SYM14-012)
[27/06/2014] Vulnerability was identified in the Symantec Data Insight. An
attacker could perform cross-site scripting attacks. This vulnerability affects
versions prior to 4.5 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20140625_00
URL:secunia.com/advisories/59538/
5. Vulnerability in WordPress
(93956)
[27/06/2014]
Vulnerability was identified in WordPress. An
attacker could execute arbitrary code on the system. This vulnerability affects
multiple versions of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/93956
6. Vulnerability in Xen
(XSA-101)
[27/06/2014]
Vulnerability was identified in the Xen. An
attacker could obtain sensitive information. This vulnerability affects version
4.4 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xen.xensource.com/
URL:xforce.iss.net/xforce/xfdb/93962
7. Security Updates in Oracle Linux (ELSA-2014-0788,
ELSA-2014-0790)
[27/06/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the mod_wsgi and dovecot packages for Oracle Linux 6. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information and
cause a denial of service
condition.
URL:linux.oracle.com/errata/ELSA-2014-0788.html
URL:linux.oracle.com/errata/ELSA-2014-0790.html
URL:secunia.com/advisories/59537/
URL:secunia.com/advisories/59536/
8. Security Updates in Gentoo Linux (GLSA 201406-22, GLSA
201406-23, GLSA 201406-24, GLSA 201406-25)
[27/06/2014] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the nas, denyhost, dnsmasq and asterisk packages for multiple versions of Gentoo
Linux. Due to multiple errors, an attacker could gain elevated privileges,
execute arbitrary code and cause a denial of service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201406-22.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-23.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-24.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-25.xml
9. Security Updates in Red Hat Products
(RHSA-2014:0798-1, RHSA-2014:0799-1, RHSA-2014:0800-1,
RHSA-2014:0801-1)
[27/06/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Red Hat JBoss Enterprise Application Platform for Red Hat Enterprise
Linux 5 and 6, and kernel packages for Red Hat Enterprise Linux 5 and 6. Due to
multiple errors, an attacker could obtain sensitive information, execute
arbitrary code, gain elevated privileges and cause a denial of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0798.html
URL:rhn.redhat.com/errata/RHSA-2014-0799.html
URL:rhn.redhat.com/errata/RHSA-2014-0800.html
URL:rhn.redhat.com/errata/RHSA-2014-0801.html
10.
Security Updates in Ubuntu GNU/Linux
(usn-2257-1, usn-2258-1)
[27/06/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the samba, gnupg and gnupg2 packages for versions 10.04 LTS, 12.04 LTS, 13.10
and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could
obtain sensitive information and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2257-1/
URL:www.ubuntu.com/usn/usn-2258-1/
11.
Vulnerabilities in IBM Products (1675266,
1675898, 1675973, 1676035, 1676071, 1676401, 1676644)
[26/06/2014] Vulnerabilities were identified in the IBM Records Manager,
IBM Content Manager Records Enabler, IBM Content Analytics, IBM OmniFind
Enterprise Edition, IBM Forms Viewer, IBM API Management, IBM Tivoli Network
Manager IP Edition, IBM DB2 Query Management Facility for WebSphere and IBM
MessageSight Server. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform spoofing attacks, cause a
denial of service condition and compromise a vulnerable system. These
vulnerabilities affects multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21675266
URL:www.ibm.com/support/docview.wss?uid=swg21675898
URL:www.ibm.com/support/docview.wss?uid=swg21675973
URL:www.ibm.com/support/docview.wss?uid=swg21676035
URL:www.ibm.com/support/docview.wss?uid=swg21676071
URL:www.ibm.com/support/docview.wss?uid=swg21676401
URL:www.ibm.com/support/docview.wss?uid=swg21676644
URL:secunia.com/advisories/58974/
URL:secunia.com/advisories/58976/
URL:secunia.com/advisories/59305/
URL:secunia.com/advisories/59441/
URL:secunia.com/advisories/59450/
URL:secunia.com/advisories/59464/
URL:secunia.com/advisories/59480/
12.
Vulnerabilities in F-Secure Products
(FSC-2014-6)
[26/06/2014] Vulnerabilities were identified in F-Secure Server Security,
F-Secure Email Server Security, F-Secure PSB Server Security, F-Secure PSB Email
Server Security, F-Secure Messaging Security Gateway, F-Secure Protection
Service for Email, F-Secure Key for Windows and Mac OS X, F-Secure Search,
F-Secure Safe Profile server, F-Secure Safe Avenue server and F-Secure Freedome
for Android. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve the
vulnerabilities in F-Secure Email and Server Security and F-Secure Server
Security.
URL:www.f-secure.com/en/web/labs_global/fsc-2014-6
URL:secunia.com/advisories/59223/
13.
Vulnerabilities in Novell Messenger
(7015271)
[26/06/2014]
Vulnerabilities were identified in the Novell
Messenger. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.novell.com/support/kb/doc.php?id=7015271
URL:secunia.com/advisories/59310/
14.
Vulnerabilities in Avant
Browser
[26/06/2014]
Vulnerabilities were identified in the Avant
Browser. An attacker could execute arbitrary code and compromise a vulnerable
system. These vulnerabilities affect versions prior to 2014 build 6 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.avantbrowser.com/new.aspx
URL:secunia.com/advisories/59393/
15.
Vulnerability in Linux
Kernel
[26/06/2014]
Vulnerability was identified in the Linux
Kernel. An attacker could obtain sensitive information. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a31ad380bed817aa25f8830ad23e1a0480fef797
URL:xforce.iss.net/xforce/xfdb/93944
16.
Security Updates in Debian
(DSA-2967-1)
[26/06/2014] Debian has
released security update packages for fixing the vulnerability identified in the
gnupg package for multiple versions of Debian GNU/Linux. An attacker could cause
a denial of service
condition.
URL:www.debian.org/security/2014/dsa-2967
17.
Security Updates in FreeBSD
(FreeBSD-SA-14:15.iconv, FreeBSD-SA-14:16.file)
[26/06/2014] FreeBSD has released security update packages for fixing the
vulnerabilities identified in the libc/iconv and file packages for multiple
versions of FreeBSD. Due to multiple errors, an attacker could execute arbitrary
code, gain elevated privileges and cause a denial of service
condition.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc
18.
Security Updates in Red Hat Products
(RHSA-2014:0788-1, RHSA-2014:0789-1, RHSA-2014:0790-1, RHSA-2014:0791-1,
RHSA-2014:0792-1, RHSA-2014:0793-1)
[26/06/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the mod_wsgi packages for Red Hat Enterprise Linux 6, dovecot packages for
Red Hat Enterprise Linux 6 and 7, the python27-mod_wsgi and python33-mod_wsgi
packages for Red Hat Software Collections 1 for Red Hat Enterprise Linux 6, and
the Red Hat JBoss Enterprise Web and Application Platform for Red Hat Enterprise
Linux 4, 5, and 6. Due to multiple errors, an attacker could obtain sensitive
information, execute arbitrary code, gain elevated privileges and cause a denial
of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0788.html
URL:rhn.redhat.com/errata/RHSA-2014-0789.html
URL:rhn.redhat.com/errata/RHSA-2014-0790.html
URL:rhn.redhat.com/errata/RHSA-2014-0791.html
URL:rhn.redhat.com/errata/RHSA-2014-0792.html
URL:rhn.redhat.com/errata/RHSA-2014-0793.html
19.
Security Updates in SUSE
(openSUSE-SU-2014:0840-1, SUSE-SU-2014:0847-1,
SUSE-SU-2014:0848-1)
[26/06/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel package for openSUSE 13.1, the novell-ui-base and novell-qtgui
packages for SUSE Linux Enterprise 11, and the openstack-keystone package for
SUSE Cloud 3. Due to multiple errors, an attacker could execute arbitrary code,
gain elevated privileges and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
20.
Security Updates in Ubuntu GNU/Linux
(usn-2254-2, usn-2255-1, usn-2256-1)
[26/06/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the php5, neutron and swift packages for versions 13.10 and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code,
obtain sensitive information, gain elevated privileges and cause a denial of
service
condition.
URL:www.ubuntu.com/usn/usn-2254-2/
URL:www.ubuntu.com/usn/usn-2255-1/
URL:www.ubuntu.com/usn/usn-2256-1/
21.
Vulnerabilities in BlackBerry Products
(KB36051)
[25/06/2014]
Vulnerabilities were identified in the
BlackBerry 10 OS, Universal Device Service component of BES10, BlackBerry Link,
BBM for Android and iPhone, WorkConnect component of Secure Work Space for iOS
and Android. An attacker could bypass security restrictions, execute arbitrary
code, obtain sensitive information, cause a denial of service condition and
compromise a vulnerable system. These vulnerabilities affect multiple versions
of the mentioned
products.
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36051&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36051
22.
Vulnerability in Cisco IOS
Software
[25/06/2014]
Vulnerability was identified in the Cisco IOS
Software. An attacker could cause a denial of service condition. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3299
23.
Vulnerabilities in IBM Products
(T1020952, T1020976, IT02314, 1390112, 1674128, 1675266, 1676389, 1676410,
1676496, 1676501, 1676615, 1676706, 1676708, 1676833, 1676879, 1676889,
7042296)
[25/06/2014]
Vulnerabilities were identified in the IBM
SmartCloud Entry, IBM WebSphere DataPower SOA Appliances, IBM FileNet Content
Manager, IBM Content Foundation, IBM FileNet Content Federation Services, IBM
FileNet Legacy Content Search Engine, IBM Records Manager, IBM Content Manager
Records Enabler, IBM Security Privileged Identity Manager Virtual Appliance, IBM
DataQuant for WebSphere, IBM WebSphere MQ, Support Pac MAT1, Support Pac MA9B,
IBM Worklight Consumer Edition, IBM Watson Explorer/InfoSphere Data Explorer,
IBM Sterling Order Management, IBM Sterling Selling and Fulfillment Foundation,
IBM Sterling Field Sales, IBM Sterling Web Channel, IBM WebSphere Cast Iron
Solution, IBM Security Network Intrusion Prevention System and IBM Security
Network Enterprise Scanner. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, perform spoofing attacks,
cause a denial of service condition and compromise a vulnerable system. These
vulnerabilities affects multiple versions of the mentioned
products.
URL:www.ibm.com/support/docview.wss?uid=isg3T1020952
URL:www.ibm.com/support/docview.wss?uid=isg3T1020976
URL:www.ibm.com/support/docview.wss?uid=swg1IT02314
URL:www.ibm.com/support/docview.wss?uid=swg21390112
URL:www.ibm.com/support/docview.wss?uid=swg21674128
URL:www.ibm.com/support/docview.wss?uid=swg21675266
URL:www.ibm.com/support/docview.wss?uid=swg21676389
URL:www.ibm.com/support/docview.wss?uid=swg21676410
URL:www.ibm.com/support/docview.wss?uid=swg21676496
URL:www.ibm.com/support/docview.wss?uid=swg21676501
URL:www.ibm.com/support/docview.wss?uid=swg21676615
URL:www.ibm.com/support/docview.wss?uid=swg21676706
URL:www.ibm.com/support/docview.wss?uid=swg21676708
URL:www.ibm.com/support/docview.wss?uid=swg21676833
URL:www.ibm.com/support/docview.wss?uid=swg21676879
URL:www.ibm.com/support/docview.wss?uid=swg21676889
URL:www.ibm.com/support/docview.wss?uid=swg27042296
URL:secunia.com/advisories/59178/
URL:secunia.com/advisories/59184/
URL:secunia.com/advisories/59287/
URL:secunia.com/advisories/59381/
URL:secunia.com/advisories/59430/
URL:secunia.com/advisories/59435/
URL:secunia.com/advisories/59442/
URL:secunia.com/advisories/59443/
URL:secunia.com/advisories/59445/
URL:secunia.com/advisories/59446/
URL:secunia.com/advisories/59449/
URL:secunia.com/advisories/59453/
URL:secunia.com/advisories/59457/
URL:secunia.com/advisories/59465/
URL:secunia.com/advisories/59466/
URL:secunia.com/advisories/59478/
URL:secunia.com/advisories/59479/
URL:secunia.com/advisories/59483/
URL:secunia.com/advisories/59485/
24.
Vulnerabilities in McAfee Products
(SB10075)
[25/06/2014]
Vulnerabilities were identified in the McAfee
Third-Party Consumer Module: LastPass/SafeKey, McAfee Advanced Threat
Defense/Network Threat Response, McAfee ePolicy Orchestrator, McAfee Agent for
Mac, McAfee Firewall Enterprise, McAfee Firewall Enterprise Control Center,
McAfee Real Time for ePO, McAfee Security for App Store - Cloud, McAfee Web
Gateway, McAfee Security Information and Event Management/Nitro Mobile Cloud,
and McAfee SaaS Account Management. An attacker could bypass security
restrictions, execute arbitrary code, obtain sensitive information, cause a
denial of service condition and compromise a vulnerable system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:kc.mcafee.com/corporate/index?page=content&id=SB10075
URL:www.hkcert.org/my_url/en/alert/14062501
URL:secunia.com/advisories/59162/
25.
Vulnerabilities in Xerox FreeFlow Print
Server (XRX14-004)
[25/06/2014] Vulnerabilities were identified in the Xerox FreeFlow Print
Server. An attacker could bypass security restrictions, execute arbitrary code,
obtain sensitive information, cause a denial of service condition and compromise
a vulnerable system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.xerox.com/download/security/security-bulletin/b2f13-4fbfcf66f7822/cert_XRX14-004_v1-01.pdf
URL:secunia.com/advisories/59227/
26.
Vulnerability in Ericom Products
(ERM-2014-610)
[25/06/2014] Vulnerability was identified in the Ericom AccessNow Server
and Ericom Blaze Serve. An attacker could execute arbitrary code and compromise
a vulnerable system. This vulnerability affects versions prior to 3.3.1.4095 of
the mentioned products. Security patches are available to resolve this
vulnerability.
URL:www.ericom.com/security-ERM-2014-610.asp
URL:secunia.com/advisories/58803/
27.
Vulnerability in ZyXEL P660RT2 EE router
(93924)
[25/06/2014]
Vulnerability was identified in the ZyXEL
P660RT2 EE router. An attacker could perform cross-site scripting attacks. This
vulnerability affects firmware version 3.40 (AXN.1) of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/93924
28.
Vulnerability in
Samba
[25/06/2014]
Vulnerability was identified in the Samba. An
attacker could cause a denial of service condition. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.samba.org/samba/security/CVE-2014-3493
URL:xforce.iss.net/xforce/xfdb/93928
29.
Vulnerability in
GnuPG
[25/06/2014]
Vulnerability was identified in the GnuPG. An
attacker could cause a denial of service condition. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
URL:xforce.iss.net/xforce/xfdb/93935
30.
Security Updates in Oracle
Solaris
[25/06/2014]
Oracle has released security update packages for
fixing the vulnerabilities identified in the OpenSSL package for Oracle Solaris
11.1. Due to multiple errors, an attacker could bypass security restrictions,
overflow a buffer, obtain sensitive information and cause a denial of service
condition.
URL:blogs.oracle.com/sunsecurity/entry/cve_2010_5298_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0198_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of
31.
Security Updates in Slackware
(SSA:2014-175-01, SSA:2014-175-02, SSA:2014-175-03, SSA:2014-175-04,
SSA:2014-175-05)
[25/06/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the gnupg2, samba, seamonkey, gnupg and bind packages for multiple versions
of Slackware Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.426195
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.435311
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.493247
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.503216
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391
32.
Security Updates in SUSE
(SUSE-SU-2014:0824-3, SUSE-SU-2014:0837-1, SUSE-SU-2014:0838-1,
SUSE-SU-2014:0837-2)
[25/06/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel, rxvt-unicode and MozillaFirefox packages for SUSE Linux
Enterprise 11. Due to multiple errors, an attacker could execute arbitrary code,
gain elevated privileges and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00028.html
33.
Security Updates in Ubuntu GNU/Linux
(usn-2232-3)
[25/06/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openssl package for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary
code, obtain sensitive information, gain elevated privileges and cause a denial
of service
condition.
URL:www.ubuntu.com/usn/usn-2232-3/
34.
Vulnerabilities in IBM Products (1675956,
1676356, 1676373, 1676403, 1676529, 1676672)
[24/06/2014] Vulnerabilities were identified in the IBM Jazz Team Server
based Applications, IBM Rational Application Developer for WebSphere Software,
IBM IMS Enterprise Suite, IBM Initiate Master Data Service, IBM InfoSphere
Master Data Management Server, IBM InfoSphere Master Data Management
Standard/Advanced Edition, IBM Security Network Protection (XGS) and IBM
MessageSight. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, perform spoofing attacks, cause a denial of
service condition and compromise a vulnerable system. These vulnerabilities
affects multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21675956
URL:www.ibm.com/support/docview.wss?uid=swg21676356
URL:www.ibm.com/support/docview.wss?uid=swg21676373
URL:www.ibm.com/support/docview.wss?uid=swg21676403
URL:www.ibm.com/support/docview.wss?uid=swg21676529
URL:www.ibm.com/support/docview.wss?uid=swg21676672
URL:secunia.com/advisories/59194/
URL:secunia.com/advisories/59232/
URL:secunia.com/advisories/59240/
URL:secunia.com/advisories/59436/
URL:secunia.com/advisories/59437/
URL:secunia.com/advisories/59440/
35.
Vulnerabilities in Novell Products
(5187410, 5187430, 5187450, 5187510)
[24/06/2014] Vulnerabilities were identified in the Novell Messenger,
Novell Identity Manager and Novell NetIQ Identity Manager Roles Based
Provisioning Module. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform spoofing and cross-site
scripting attacks, cause a denial of service condition and compromise a
vulnerable system. These vulnerabilities affects multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=LPl8JVNYPmk~
URL:download.novell.com/Download?buildid=QH01IUZGcs8~
URL:download.novell.com/Download?buildid=v3pQ2Ai0khw~
URL:download.novell.com/Download?buildid=xVAUBQahnSc~
36.
Vulnerability in Symantec Products
(SYM14-011)
[24/06/2014] Vulnerability was identified in the Symantec Encryption
Desktop Professional and Symantec PGP Desktop. An attacker could gain elevated
privileges and execute arbitrary code. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00
URL:xforce.iss.net/xforce/xfdb/93915
37.
Vulnerability in SpamTitan
(VU#849500)
[24/06/2014] Vulnerability was identified in the SpamTitan. An attacker
could perform cross-site scripting attacks. This vulnerability affects versions
prior to 6.04 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/849500
38.
Vulnerabilities in Intelligent Platform
Management Interface
[24/06/2014] Vulnerabilities were identified in the Intelligent Platform
Management Interface. An attacker could compromise the system and obtain
sensitive information. These vulnerabilities affect any system connected to the
Internet running the
IPMI.
URL:www.us-cert.gov/ncas/current-activity/2014/06/23/Risks-Exposing-Intelligent-Platform-Management-Interface-IPMI
39.
Vulnerability in Google Android
(93916)
[24/06/2014]
Vulnerability was identified in the Google
Android. An attacker could cause a denial of service condition and crash the
application. This vulnerability affects versions 4.3 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/93916
40.
Vulnerability in Webmin Usermin
(93908)
[24/06/2014]
Vulnerability was identified in the Webmin
Usermin. An attacker could execute arbitrary code on the system. This
vulnerability affects versions prior to 1.600 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/93908
41.
Vulnerabilities in Linux cups-filters
(93909, 93910)
[24/06/2014] Vulnerabilities were identified in the Linux cups-filters. An
attacker could execute arbitrary code and crash the application. These
vulnerabilities affect versions prior to 1.0.53 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/93909
URL:xforce.iss.net/xforce/xfdb/93910
42.
Vulnerabilities in Linux Kernel (93913,
93914)
[24/06/2014]
Vulnerabilities were identified in the Linux
Kernel. An attacker could cause a denial of service condition. These
vulnerabilities affect version 2.6.32.63 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/93913
URL:xforce.iss.net/xforce/xfdb/93914
43.
Security Updates in Oracle
Solaris
[24/06/2014]
Oracle has released security update packages for
fixing the vulnerabilities identified in the NSS, OpenSSL and WAN Boot packages
for Oracle Solaris 8, 9, 10 and 11.1. Due to multiple errors, an attacker could
bypass security restrictions, overflow a buffer, obtain sensitive information
and cause a denial of service
condition.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0076_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0221_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl3
44.
Security Updates in Debian
(DSA-2966-1)
[24/06/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the samba package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could obtain sensitive information, execute arbitrary code
and cause a denial of service
condition.
URL:www.debian.org/security/2014/dsa-2966
45.
Security Updates in SUSE
(SUSE-SU-2014:0824-2, openSUSE-SU-2014:0819-1)
[24/06/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox package for SUSE Linux Enterprise 10 and 11, the
MozillaFirefox and mozilla-nspr packages for openSUSE 12.3 and 13.1. Due to
multiple errors, an attacker could execute arbitrary code and cause a denial of
service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00024.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00040.html
URL:secunia.com/advisories/59425/
URL:secunia.com/advisories/59486/
46.
Security Updates in Red Hat Products
(RHSA-2014:0783-1)
[24/06/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the httpd security packages for Red Hat JBoss Web Server 2.0.1 for Red Hat
Enterprise Linux 5 and 6. An attacker could obtain sensitive information,
execute arbitrary code, gain elevated privileges and cause a denial of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0783.html
47.
Security Updates in Ubuntu GNU/Linux
(usn-2253-1, usn-2254-1)
[24/06/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libreoffice and php5 packages for versions 10.04 LTS, 12.04 LTS, 13.10 and
14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute
arbitrary code, gain elevated privileges and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2253-1/
URL:www.ubuntu.com/usn/usn-2254-1/
48.
Vulnerabilities in IBM Products (1675992,
1676062, 1676093, 1676226, 1676419)
[23/06/2014] Vulnerabilities were identified in the IBM Lotus Symphony,
IBM SmartCloud Orchestrator, IBM Cognos Incentive Compensation Management, IBM
Lotus Foundations Start and IBM Tivoli Management Framework. An attacker could
bypass security restrictions, obtain sensitive information, cause a denial of
service condition and compromise a vulnerable system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve the vulnerabilities in the IBM Lotus Symphony, IBM Cognos
Incentive Compensation Management, IBM Lotus Foundations Start and IBM Tivoli
Management
Framework.
URL:www.ibm.com/support/docview.wss?uid=swg21675992
URL:www.ibm.com/support/docview.wss?uid=swg21676062
URL:www.ibm.com/support/docview.wss?uid=swg21676093
URL:www.ibm.com/support/docview.wss?uid=swg21676226
URL:www.ibm.com/support/docview.wss?uid=swg21676419
URL:secunia.com/advisories/58801/
URL:secunia.com/advisories/58939/
URL:secunia.com/advisories/59027/
URL:secunia.com/advisories/59151/
URL:secunia.com/advisories/59300/
49.
Security Updates in Gentoo Linux (GLSA
201406-19, GLSA 201406-20, GLSA 201406-21)
[23/06/2014] Gentoo has
released security update packages for fixing the vulnerability identified in the
nss, nginx and curl packages for multiple versions of Gentoo Linux. Due to
multiple errors, an attacker could cause a denial of service condition, execute
arbitrary code and perform man-in-the-middle
attacks.
URL:www.gentoo.org/security/en/glsa/glsa-201406-19.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-20.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-21.xml
50.
Security Updates in Ubuntu GNU/Linux
(usn-2251-1, usn-2252-1)
[23/06/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux and linux-ec2 packages for versions 10.04 LTS of Ubuntu GNU/Linux. Due
to multiple errors, an attacker could cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2251-1/
URL:www.ubuntu.com/usn/usn-2252-1/
51.
Security Updates in Debian (DSA-2964-1,
DSA-2965-1)
[23/06/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the iodine and tiff packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, cause a
heap-based buffer overflow and execute arbitrary
code.
URL:www.debian.org/security/2014/dsa-2964
URL:www.debian.org/security/2014/dsa-2965
52.
Security Updates in SUSE
(SUSE-SU-2014:0824-1)
[23/06/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Firefox package for SUSE Linux Enterprise Software Development Kit
11 SP3, SUSE Linux Enterprise Desktop 11 SP3, and SUSE Linux Enterprise Server
10 SP3 LTSS and 11 SP3. Due to multiple errors, an attacker could execute
arbitrary code and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html
No comments:
Post a Comment