1. Vulnerabilities in Cisco Products
[25/07/2014] Vulnerabilities were identified in the Cisco WebEx Meetings
Server, Cisco TelePresence Server Software and Cisco Security Manager. An
attacker could obtain sensitive information, conduct cross-site scripting
attacks and execute arbitrary code. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3301
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326
2. Vulnerabilities in IBM Products (T1021009, 00001851,
00001852, 1670298, 1678196)
[25/07/2014] Vulnerabilities were identified in the IBM Cloud Manager with
OpenStack, IBM InfoSphere Data Click and IBM Tivoli Workload Scheduler. An
attacker could obtain sensitive information, cause a denial of service
condition, conduct SQL injection, clickjacking, cross-site scripting and
cross-site forgery attacks, gain elevated privileges and compromise a vulnerable
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=isg3T1021009
URL:www-01.ibm.com/support/docview.wss?uid=isg400001851
URL:www-01.ibm.com/support/docview.wss?uid=isg400001852
URL:www-01.ibm.com/support/docview.wss?uid=swg21670298
URL:www-01.ibm.com/support/docview.wss?uid=swg21678196
URL:secunia.com/advisories/59672/
URL:secunia.com/advisories/59716/
URL:secunia.com/advisories/59912/
3. Vulnerability in CUPS
(94806)
[25/07/2014]
Vulnerability was identified in the CUPS. An
attacker could gain elevated privileges. This vulnerability affects versions
prior to 1.7.4 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94806
4. Vulnerability in BulletProof FTP Client
(VU#565580)
[25/07/2014] Vulnerability was identified in the BulletProof FTP Client.
An attacker could cause a buffer overflow and execute arbitrary code. This
vulnerability affects versions 2010 of the mentioned
product.
URL:www.kb.cert.org/vuls/id/565580
5. Vulnerability in TestRail
(VU#669804)
[25/07/2014] Vulnerability was identified in the TestRail. An attacker
could perform cross-site scripting attacks. This vulnerability affects version
3.1.1.3130 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.kb.cert.org/vuls/id/669804
6. Security Updates in Oracle Products (ELSA-2014-0917,
ELSA-2014-0919, ELSA-2014-0920, ELSA-2014-0924)
[25/07/2014] Oracle has released security update packages for fixing the
vulnerabilities identified in the nss, nspr, firefox, httpd and kernel packages
for Oracle Linux 5, 6 and 7. An attacker could conduct spoofing attacks, obtain
sensitive information, cause a denial of service condition, gain elevated
privileges and compromise a user's
system.
URL:linux.oracle.com/errata/ELSA-2014-0917.html
URL:linux.oracle.com/errata/ELSA-2014-0919.html
URL:linux.oracle.com/errata/ELSA-2014-0920.html
URL:linux.oracle.com/errata/ELSA-2014-0924.html
URL:secunia.com/advisories/60301/
URL:secunia.com/advisories/60393/
URL:secunia.com/advisories/60396/
URL:secunia.com/advisories/60402/
7. Security Updates in Red Hat Products
(RHSA-2014:0888-1)
[25/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm-rhev packages for Red Hat Enterprise Linux OpenStack Platform
3.0 and 4.0. Due to multiple errors, an attacker could cause buffer overflow and
execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-0888.html
8. Security Updates in Ubuntu GNU/Linux (USN-2284-1,
USN-2300-1, USN-2301-1)
[25/07/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux-ti-omap4, lzo2 and jinja2 packages for versions 12.04 LTS and 14.04
LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could gain elevated
privileges, cause a denial of service condition, obtain sensitive information,
execute arbitrary code and crash the
system.
URL:www.ubuntu.com/usn/usn-2284-1/
URL:www.ubuntu.com/usn/usn-2300-1/
URL:www.ubuntu.com/usn/usn-2301-1/
9. Security Updates in Slackware (SSA:2014-204-01,
SSA:2014-204-02, SSA:2014-204-03)
[25/07/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the httpd, mozilla-firefox and mozilla-thunderbird packages for multiple
versions of Slackware Linux. An attacker could cause a denial of service
condition and cause a buffer
overflow.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.355252
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.359820
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.616658
10.
Vulnerability in Cisco IOS XR
Software
[24/07/2014]
Vulnerability was identified in the Cisco IOS XR
Software. An attacker could cause a denial of service condition. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322
11.
Vulnerability in HP Network
Virtualization (c04374202)
[24/07/2014] Vulnerability was identified in the HP Network
Virtualization. An attacker could execute arbitrary code and obtain sensitive
information. This vulnerability affects version 8.6 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
URL:xforce.iss.net/xforce/xfdb/94782
URL:xforce.iss.net/xforce/xfdb/94783
12.
Vulnerabilities in IBM Products
(S1004803, S1004805, S1004807, S7003881, 1660394, 1678398, 1678399, 1678400,
1678544, 1678893)
[24/07/2014] Vulnerabilities were identified in the IBM Storage DS8870,
IBM Real-time Compression Appliances, IBM Content Classification, IBM InfoSphere
Classification Module, IBM QRadar Security Information and Event Manager (SIEM),
IBM Tivoli Directory Server, IBM Security Directory Server and IBM Cognos
Concert. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, obtain sensitive information and cause a
denial of service condition. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004803
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004805
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004807
URL:www.ibm.com/support/docview.wss?uid=ssg1S7003881
URL:www.ibm.com/support/docview.wss?uid=swg21660394
URL:www.ibm.com/support/docview.wss?uid=swg21678398
URL:www.ibm.com/support/docview.wss?uid=swg21678399
URL:www.ibm.com/support/docview.wss?uid=swg21678400
URL:www.ibm.com/support/docview.wss?uid=swg21678544
URL:www.ibm.com/support/docview.wss?uid=swg21678893
URL:secunia.com/advisories/58515/
URL:secunia.com/advisories/59908/
URL:secunia.com/advisories/59910/
URL:secunia.com/advisories/59951/
URL:secunia.com/advisories/59980/
URL:secunia.com/advisories/59983/
URL:secunia.com/advisories/59988/
13.
Vulnerability in Novell Identity Manager
(5189091)
[24/07/2014]
Vulnerability was identified in the Novell
Identity Manager. An attacker could gain elevated privileges, execute arbitrary
code, obtain sensitive information and cause a denial of service condition. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:download.novell.com/Download?buildid=c1XRCuRSy-8~
14.
Vulnerability in LPAR2RRD
(94784)
[24/07/2014]
Vulnerability was identified in the LPAR2RRD. An
attacker could execute arbitrary code. This vulnerability affects versions prior
to 3.5 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94784
15.
Security Updates in Oracle Products
(ELSA-2014-0907)
[24/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the java-1.6.0-openjdk packages for Oracle Linux 5 and 6. An attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code and compromise a user's
system.
URL:linux.oracle.com/errata/ELSA-2014-0907.html
URL:secunia.com/advisories/60270/
16.
Security Updates in Debian
(DSA-2984-1)
[24/07/2014] Debian has
released security update packages for fixing the vulnerability identified in the
acpi-support packages for multiple versions of Debian GNU/Linux. An attacker
could gain elevated privileges and execute arbitrary
code.
URL:www.debian.org/security/2014/dsa-2984
17.
Security Updates in SUSE
(SUSE-SU-2014:0928-1, SUSE-SU-2014:0931-1)
[24/07/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ppc64-diag and libtasn1 packages for SUSE Linux Enterprise 11. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00019.html
18.
Security Updates in Red Hat Products
(RHSA-2014:0920-1, RHSA-2014:0922-1, RHSA-2014:0924-1, RHSA-2014:0925-1,
RHSA-2014:0926-1)
[24/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the httpd and kernel packages for Red Hat Enterprise Linux 5 and 6, and the
httpd24-httpd packages for Red Hat Software Collections 1 for Red Hat Enterprise
Linux 6. Due to multiple errors, an attacker could obtain sensitive information,
execute arbitrary code, gain elevated privileges, cause a denial of service
condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-0920.html
URL:rhn.redhat.com/errata/RHSA-2014-0922.html
URL:rhn.redhat.com/errata/RHSA-2014-0924.html
URL:rhn.redhat.com/errata/RHSA-2014-0925.html
URL:rhn.redhat.com/errata/RHSA-2014-0926.html
19.
Security Updates in Ubuntu GNU/Linux
(usn-2298-1, usn-2299-1)
[24/07/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
oxide-qt and apache2 packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could obtain sensitive
information, execute arbitrary code, gain elevated privileges and cause a denial
of service
condition.
URL:www.ubuntu.com/usn/usn-2298-1/
URL:www.ubuntu.com/usn/usn-2299-1/
20.
Vulnerabilities in Mozilla Products (MFSA
2014-55, MFSA 2014-56, MFSA 2014-57, MFSA 2014-58, MFSA 2014-59, MFSA 2014-60,
MFSA 2014-61, MFSA 2014-62, MFSA 2014-63, MFSA 2014-64, MFSA 2014-65, MFSA
2014-66)
[23/07/2014]
Vulnerabilities were identified in Mozilla
Firefox, Firefox ESR, Thunderbird. An attacker could execute arbitrary code,
obtain sensitive information, cause a denial of service condition and crash the
application. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/security/announce/2014/mfsa2014-55.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-56.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-57.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-58.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-59.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-60.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-61.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-62.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-63.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-64.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-65.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-66.html
URL:www.mozilla.org/security/known-vulnerabilities/firefox.html
URL:www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
URL:www.mozilla.org/security/known-vulnerabilities/thunderbird.html
URL:www.hkcert.org/my_url/en/alert/14072301
URL:www.us-cert.gov/ncas/current-activity/2014/07/22/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and
21.
Vulnerabilities in Apache HTTP
Server
[23/07/2014]
Vulnerabilities were identified in the Apache
HTTP Server. An attacker could cause a denial of service condition and crash the
system. These vulnerabilities affect version 2.2.27 and possibly prior versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
URL:secunia.com/advisories/60274/
22.
Vulnerabilities in IBM Products
(S1004738, S1004747, S1004802, 1677247, 1678048, 1678123, 1678218, 1678364,
1678373)
[23/07/2014]
Vulnerabilities were identified in the IBM
Storwize V7000 Unified, IBM SmartCloud Provisioning 2.1 for IBM Provided
Software Virtual Appliance, IBM Tivoli Composite Application Manager for
Transactions, IBM FileNet System Monitor, IBM Enterprise Content Management
System Monitor, IBM License Metric Tool and IBM Tivoli Asset Discovery for
Distributed. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, obtain sensitive information and cause a
denial of service condition. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004738
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004747
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004802
URL:www.ibm.com/support/docview.wss?uid=swg21677247
URL:www.ibm.com/support/docview.wss?uid=swg21678048
URL:www.ibm.com/support/docview.wss?uid=swg21678123
URL:www.ibm.com/support/docview.wss?uid=swg21678218
URL:www.ibm.com/support/docview.wss?uid=swg21678364
URL:www.ibm.com/support/docview.wss?uid=swg21678373
URL:secunia.com/advisories/58924/
URL:secunia.com/advisories/59064/
URL:secunia.com/advisories/59271/
URL:secunia.com/advisories/59671/
URL:secunia.com/advisories/59950/
23.
Vulnerability in Symantec Endpoint
Protection Manager (94760)
[23/07/2014] Vulnerability was identified in the Symantec Endpoint
Protection Manager. An attacker could bypass security restriction and perform
brute-force attacks. This vulnerability affects versions 11 and 12.0 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/94760
24.
Vulnerability in Trend Micro
OfficeScan
[23/07/2014]
Vulnerability was identified in the Trend Micro
OfficeScan for Windows. An attacker could obtain sensitive information. This
vulnerability affects version 11 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5
25.
Vulnerabilities in Barracuda Products
(BNSEC-01176, BNSEC-02361)
[23/07/2014] Vulnerabilities were identified in the Barracuda Web Filter,
and Barracuda Networks Spam and Virus Firewall. An attacker could bypass
security restrictions and perform cross-site scripting attacks. There
vulnerabilities affect version 6.0.1 of the Barracuda Web Filter, and version
6.0.2 of the Barracuda Networks Spam and Virus Firewall. Security patches are
available to resolve these
vulnerabilities.
URL:www.barracuda.com/support/knowledgebase/501600000013m4O
URL:www.barracuda.com/support/knowledgebase/501600000013gvh
URL:xforce.iss.net/xforce/xfdb/94761
URL:xforce.iss.net/xforce/xfdb/94762
26.
Vulnerabilities in ZTE AC3633 and MTS
MBlaze Ultra Wi-Fi (94740, 94741 94742, 94743)
[23/07/2014] Vulnerabilities were identified in the ZTE AC3633 and MTS
MBlaze Ultra Wi-Fi. An attacker could bypass security restrictions and perform
cross-site scripting attacks. There vulnerabilities affect multiple versions of
the mentioned
products.
URL:xforce.iss.net/xforce/xfdb/94740
URL:xforce.iss.net/xforce/xfdb/94741
URL:xforce.iss.net/xforce/xfdb/94742
URL:xforce.iss.net/xforce/xfdb/94743
27.
Vulnerability in Moodle
(MDL-46223)
[23/07/2014] Vulnerability was identified in the Moodle. An attacker could
execute arbitrary code and perform cross-site scripting attacks. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:moodle.org/mod/forum/discuss.php?d=264273
URL:xforce.iss.net/xforce/xfdb/94724
28.
Vulnerabilities in phpMyAdmin
(PMASA-2014-6, PMASA-2014-7)
[23/07/2014] Vulnerabilities were identified in the phpMyAdmin. An
attacker could bypass certain security restrictions, execute arbitrary code and
perform code insertion attacks. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
URL:secunia.com/advisories/60191/
29.
Security Updates in Oracle Products
(ELSA-2014-3047, ELSA-2014-3048)
[23/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel packages for Oracle Linux 5 and 6. Due to multiple errors, an
attacker could bypass security restrictions and gain elevated
privileges.
URL:linux.oracle.com/errata/ELSA-2014-3047.html
URL:linux.oracle.com/errata/ELSA-2014-3048.html
URL:secunia.com/advisories/60220/
30.
Security Updates in Debian (DSA-2980-1,
DSA-2985-1)
[23/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the openjdk-6 and mysql-5.5 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-2980
URL:www.debian.org/security/2014/dsa-2985
31.
Security Updates in Red Hat Products
(RHSA-2014:0913-1, RHSA-2014:0915-1, RHSA-2014:0916-1, RHSA-2014:0917-1,
RHSA-2014:0918-1, RHSA-2014:0919-1)
[23/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel-rt packages for Red Hat Enterprise MRG v2 for Red Hat Enterprise
Linux 6, the nss, nspr, thunderbird and firefox packages for Red Hat Enterprise
Linux 5, 6 and 7. Due to multiple errors, an attacker could obtain sensitive
information, execute arbitrary code, gain elevated privileges and cause a denial
of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0913.html
URL:rhn.redhat.com/errata/RHSA-2014-0915.html
URL:rhn.redhat.com/errata/RHSA-2014-0916.html
URL:rhn.redhat.com/errata/RHSA-2014-0917.html
URL:rhn.redhat.com/errata/RHSA-2014-0918.html
URL:rhn.redhat.com/errata/RHSA-2014-0919.html
32.
Security Updates in Ubuntu GNU/Linux
(usn-2293-1)
[23/07/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
libtasn1-3, libtasn1-6, firefox, thunderbird and acpi-support packages for
versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could obtain sensitive information, execute arbitrary code,
gain elevated privileges and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2294-1/
URL:www.ubuntu.com/usn/usn-2295-1/
URL:www.ubuntu.com/usn/usn-2296-1/
URL:www.ubuntu.com/usn/usn-2297-1/
33.
Vulnerabilities in Apache HTTP
Server
[22/07/2014]
Vulnerabilities were identified in the Apache
HTTP Server. An attacker could cause a denial of service condition and crash the
system. These vulnerabilities affect versions prior to 2.4.10 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:httpd.apache.org/security/vulnerabilities_24.html
URL:www.hkcert.org/my_url/en/alert/14072202
URL:secunia.com/advisories/60170/
34.
Vulnerabilities in HP Products
(c04373818, c04281279)
[22/07/2014] Vulnerabilities were identified in the HP Data Protector, HP
StoreVirtual 4000 Storage and StoreVirtual VSA. An attacker could bypass
security restrictions, execute arbitrary code, obtain sensitive information and
gain elevated privileges. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04373818
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04281279-1
URL:secunia.com/advisories/60045/
URL:secunia.com/advisories/60052/
35.
Vulnerabilities in IBM Products
(T1021019, T1021020, S1004776, S1004777, S1004809, S1004822, S1004824, 1677381,
1677802, 1678373)
[22/07/2014] Vulnerabilities were identified in the IBM PowerKVM, IBM
Scale Out Network Attached Storage (SONAS), IBM SmartCloud Provisioning, IBM
Lotus Expeditor and IBM Tivoli Asset Discovery for Distributed. An attacker
could bypass security restrictions, gain elevated privileges, execute arbitrary
code, obtain sensitive information and cause a denial of service condition.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg3T1021019
URL:www.ibm.com/support/docview.wss?uid=isg3T1021020
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004776
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004777
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004809
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004822
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004824
URL:www.ibm.com/support/docview.wss?uid=swg21677381
URL:www.ibm.com/support/docview.wss?uid=swg21677802
URL:www.ibm.com/support/docview.wss?uid=swg21678373
URL:secunia.com/advisories/58736/
URL:secunia.com/advisories/58836/
URL:secunia.com/advisories/58924/
URL:secunia.com/advisories/59667/
URL:secunia.com/advisories/59906/
36.
Vulnerability in Huawei E355 wireless
broadband modems (VU#688812)
[22/07/2014] Vulnerability was identified in the Huawei E355 wireless
broadband modems. An attacker could execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects multiple versions of
the mentioned
products.
URL:www.kb.cert.org/vuls/id/688812
37.
Vulnerability in Tenable
Nessus
[22/07/2014]
Vulnerability was identified in the Tenable
Nessus Web UI. An attacker could obtain sensitive information. This
vulnerability affects versions 5.2.3 to 5.2.7 (Web UI 2.3.4) of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.tenable.com/security/tns-2014-05
URL:www.hkcert.org/my_url/en/alert/14072203
38.
Vulnerabilities in Synology DiskStation
Manager
[22/07/2014]
Vulnerabilities were identified in the Synology
DiskStation Manager. An attacker could obtain sensitive information, execute
arbitrary code, cause a denial of service condition and compromise a vulnerable
system. These vulnerabilities affects versions prior to 4.3-3827 Update 4 and
prior to 5.0-4493 Update 1 of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.synology.com/en-global/releaseNote/model/DS114
URL:www.hkcert.org/my_url/en/alert/14072201
URL:secunia.com/advisories/59810/
URL:secunia.com/advisories/60120/
39.
Vulnerabilities in LZO and
LZ4
[22/07/2014] Vulnerabilities were identified in the LZO and LZ4
compression libraries. An attacker could execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned
products.
URL:www.us-cert.gov/ncas/current-activity/2014/07/21/Vulnerabilities-LZO-and-LZ4-compression-libraries
40.
Security Updates in Oracle Products
(ELSA-2014-0865)
[22/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the Quagga and Lighttpd packages for Oracle Solaris 10 and 11,1. Due to multiple
errors, an attacker could bypass security restrictions, overflow a buffer,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_2236_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_lighthttpd
41.
Security Updates in Debian
(DSA-2983-1)
[22/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the drupal7 package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could cause a denial of service condition and perform
cross-site scripting
attacks.
URL:www.debian.org/security/2014/dsa-2983
42.
Security Updates in Red Hat Products
(RHSA-2014:0907-1, RHSA-2014:0908-1)
[22/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.6.0-openjdk and java-1.6.0-sun packages for Red Hat Enterprise
Linux 5, 6 and 7. Due to multiple errors, an attacker could obtain sensitive
information, execute arbitrary code, gain elevated privileges and cause a denial
of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0907.html
URL:rhn.redhat.com/errata/RHSA-2014-0908.html
43.
Security Updates in Ubuntu GNU/Linux
(usn-2293-1)
[22/07/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
cups packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. An attacker could obtain sensitive information and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2293-1/
44.
Vulnerability in Cisco Unified Customer
Voice Portalis (94662)
[21/07/2014] Vulnerability was identified in the Cisco Unified Customer
Voice Portalis. An attacker could bypass security restrictions and perform
cross-site scripting attacks. This vulnerability affects version 4.0 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/94662
45.
Vulnerability in Barracuda Networks
Message Archiver (BNSEC-00703)
[21/07/2014] Vulnerability was identified in the Barracuda Networks
Message Archiver. An attacker could bypass security restrictions and perform
cross-site scripting attacks. This vulnerability affects version 3.2 and
possibly earlier versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.barracuda.com/support/knowledgebase/501600000013lXe
URL:xforce.iss.net/xforce/xfdb/94699
46.
Vulnerability in EMC RecoverPoint
Appliance (94698)
[21/07/2014] Vulnerability was identified in the EMC RecoverPoint
Appliance. An attacker could bypass security restrictions and cause a denial of
service condition. This vulnerability affects version 4.1 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94698
47.
Vulnerability in ACME
(94707)
[21/07/2014]
Vulnerability was identified in the ACME. An
attacker could cause a denial of service condition and crash the system. The
affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/94707
48.
Vulnerability in Ruby
(94706)
[21/07/2014]
Vulnerability was identified in the Ruby. An
attacker could execute arbitrary code, cause a denial of service condition and
crash the system. This vulnerability affects version 2.1.2p168 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94706
49.
Vulnerability in OpenStack Compute (Nova)
(94664)
[21/07/2014]
Vulnerability was identified in the OpenStack
Compute (Nova). An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects versions 2014.1 and 2014.1.1
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94664
50.
Security Updates in Debian (DSA-2981-1,
DSA-2982-1)
[21/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the polarssl and ruby-activerecord-3.2 packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could cause a denial of service
condition, execute arbitrary code and perform code injection
attacks.
URL:www.debian.org/security/2014/dsa-2981
URL:www.debian.org/security/2014/dsa-2982
51.
Security Updates in Red Hat Products
(RHSA-2014:0902-1)
[21/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.7.0-oracle packages for Red Hat Enterprise Linux 5, 6 and 7. Due
to multiple errors, an attacker could obtain sensitive information, execute
arbitrary code, gain elevated privileges and cause a denial of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0902.html
URL:secunia.com/advisories/60137/
Sunday, July 27, 2014
Sunday, July 20, 2014
IT Security Alerts Weekly Digest (13 Jul ~ 19 Jul 2014)
1. Information
Updates on Microsoft Security Advisory (2982792)
[18/07/2014] Microsoft has updated information on the Security Advisory for the SSL certificates in Microsoft products. KB2982792 was revised to announce the availability of update 2982792 for supported editions of Windows Server 2003.
URL:technet.microsoft.com/library/security/2982792
2. Vulnerability in Cisco Unified Communications Domain Manager
[18/07/2014] Vulnerability was identified in the Cisco Unified Communications Domain Manager. An attacker could bypass security restrictions and perform spoofing attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3320
3. Vulnerabilities in HP Products (c04355129, c04363613, c04369484, c04343424)
[18/07/2014] Vulnerabilities were identified in the HP SiteScope, HP Operations Analytics, HP Intelligent Management Center (iMC), HP Branch Intelligent Management System (BIMS), HP IceWall SSO Dfw and HP IceWall MCRP. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04355129
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04363613
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04343424-1
URL:secunia.com/advisories/58875/
URL:secunia.com/advisories/59769/
URL:secunia.com/advisories/59818/
URL:secunia.com/advisories/60051/
4. Vulnerabilities in Citrix XenServer (CTX140984)
[18/07/2014] Vulnerabilities were identified in the Citrix XenServer. An attacker could obtain sensitive information and overflow a buffer. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.citrix.com/article/CTX140984
URL:xforce.iss.net/xforce/xfdb/94631
5. Vulnerabilities in Google Chrome
[18/07/2014] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 36.0.1985.125 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/07/stable-channel-update.html
URL:xforce.iss.net/xforce/xfdb/94629
6. Vulnerability in Alfresco (94638)
[18/07/2014] Vulnerability was identified in the Alfresco. An attacker could bypass security restrictions, gain elevated privileges and perform spoofing attacks. This vulnerability affects version 4.2.f of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/94638
7. Vulnerability in Boat Browser (94635)
[18/07/2014] Vulnerability was identified in the Boat Browser for Android. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 8.0 and 8.0.1 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/94635
8. Vulnerabilities in Drupal (SA-CORE-2014-003)
[18/07/2014] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, perform cross-site scripting attacks and cause a denial of service condition. These vulnerabilities affect versions prior to 6.32 for Drupal 6.x and versions prior to 7.29 for Drupal 7.x of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/SA-CORE-2014-003
URL:www.drupal.org/drupal-6.32-release-notes
URL:www.drupal.org/drupal-7.29-release-notes
URL:www.hkcert.org/my_url/en/alert/14071802
9. Security Updates in Oracle Products (ELSA-2014-0889, ELSA-2014-0890)
[18/07/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk package for Oracle Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system.
URL:linux.oracle.com/errata/ELSA-2014-0889.html
URL:linux.oracle.com/errata/ELSA-2014-0890.html
URL:secunia.com/advisories/60095/
10. Security Updates in Debian (DSA-2979-1)
[18/07/2014] Debian has released security update packages for fixing the vulnerabilities identified in the fail2ban package for multiple versions of Debian GNU/Linux. An attacker could cause a denial of service condition.
URL:www.debian.org/security/2014/dsa-2979
11. Security Updates in Red Hat Products (RHSA-2014:0899-1, RHSA-2014:0900-1)
[18/07/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the openstack-neutron packages for Red Hat Enterprise Linux OpenStack Platform 4.0, and kernel packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information and execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2014-0899.html
URL:rhn.redhat.com/errata/RHSA-2014-0900.html
12. Security Updates in SUSE (SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, openSUSE-SU-2014:0913-1)
[18/07/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux kernel packages for SUSE Linux Enterprise 11, the flash-player packages for openSUSE 11.4. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00017.html
13. Security Updates in Ubuntu GNU/Linux (usn-2281-1, usn-2282-1, usn-2283-1, usn-2284-1, usn-2285-1, usn-2286-1, usn-2287-1, usn-2288-1, usn-2289-1, usn-2290-1, usn-2291-1, usn-2292-1)
[18/07/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux-ec2, linux, linux-ti-omap4, inux-lts-quantal, linux-lts-raring, linux-lts-saucy, linux-lts-trusty, mysql-5.5 and liblwp-protocol-https-perl packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2281-1/
URL:www.ubuntu.com/usn/usn-2282-1/
URL:www.ubuntu.com/usn/usn-2283-1/
URL:www.ubuntu.com/usn/usn-2284-1/
URL:www.ubuntu.com/usn/usn-2285-1/
URL:www.ubuntu.com/usn/usn-2286-1/
URL:www.ubuntu.com/usn/usn-2287-1/
URL:www.ubuntu.com/usn/usn-2288-1/
URL:www.ubuntu.com/usn/usn-2289-1/
URL:www.ubuntu.com/usn/usn-2290-1/
URL:www.ubuntu.com/usn/usn-2291-1/
URL:www.ubuntu.com/usn/usn-2292-1/
14. Information Updates on Microsoft Security Bulletins (MS14-009, MS14-030, MS14-039)
[17/07/2014] Microsoft has updated information on the Security Bulletins for Microsoft .NET Framework and Microsoft Windows. (a) MS14-009 was updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes". (b) MS14-030 was updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes". (c) MS14-039 was updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
URL:technet.microsoft.com/library/security/ms14-009
URL:technet.microsoft.com/library/security/ms14-030
URL:technet.microsoft.com/library/security/ms14-039
15. Vulnerabilities in Cisco Products (ciscosa-20140716-cm)
[17/07/2014] Vulnerabilities were identified in multiple Cisco Wireless Residential Gateway products and Cisco Unified Contact Center Enterprise. An attacker could obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3323
URL:www.us-cert.gov/ncas/current-activity/2014/07/16/Cisco-Addresses-Wireless-Residential-Gateway-Vulnerability
16. Vulnerabilities in HP Products (c04367164, c04368264)
[17/07/2014] Vulnerabilities were identified in the HP NonStop and HP OneView. An attacker could gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04367164-1
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04368264-1
URL:secunia.com/advisories/59916/
URL:secunia.com/advisories/60049/
17. Vulnerabilities in IBM Products (00001841, 00001843, 1677448, 1677449, 1677451, 1677452)
[17/07/2014] Vulnerabilities were identified in the IBM Tivoli Composite Application Manager for Transactions Internet Service Monitoring and IBM OpenPages GRC Platform. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg400001841
URL:www.ibm.com/support/docview.wss?uid=isg400001843
URL:www.ibm.com/support/docview.wss?uid=swg21677448
URL:www.ibm.com/support/docview.wss?uid=swg21677449
URL:www.ibm.com/support/docview.wss?uid=swg21677451
URL:www.ibm.com/support/docview.wss?uid=swg21677452
URL:secunia.com/advisories/59130/
URL:secunia.com/advisories/59451/
URL:secunia.com/advisories/60057/
URL:secunia.com/advisories/60058/
18. Vulnerabilities in Novell iPrint Appliance (5188790, 5188810)
[17/07/2014] Vulnerabilities were identified in the Novell iPrint Appliance. An attacker could gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect version 1.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=CLWJNCtPI_U~
URL:download.novell.com/Download?buildid=ZuVlZaBiK4g~
19. Security Updates in Gentoo Linux (GLSA 201407-03, GLSA 201407-04)
[17/07/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the xen and GnuPG packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could execute arbitrary code and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201407-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201407-04.xml
20. Security Updates in Red Hat Products (RHSA-2014:0889-1, RHSA-2014:0890-1, RHSA-2014:0898-1)
[17/07/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk packages for Red Hat Enterprise Linux 5, 6 and 7, the Red Hat JBoss Enterprise Web Platform 5.2.0 packages for Red Hat Enterprise Linux 4, 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and perform advanced XXE attacks.
URL:rhn.redhat.com/errata/RHSA-2014-0889.html
URL:rhn.redhat.com/errata/RHSA-2014-0890.html
URL:rhn.redhat.com/errata/RHSA-2014-0898.html
21. Security Updates in SUSE (openSUSE-SU-2014:0903-1, SUSE-SU-2014:0904-1, SUSE-SU-2014:0905-1,SUSE-SU-2014:0908-1)
[17/07/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages for openSUSE 12.3 and 13.1, the lzo, Mozilla Firefox and Linux kernel packages for SUSE Linux Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00012.html
22. Security Updates in Ubuntu GNU/Linux (usn-2279-1, usn-2280-1)
[17/07/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the transmission and miniupnpc packages for versions 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2279-1/
URL:www.ubuntu.com/usn/usn-2280-1/
23. Vulnerabilities in Oracle Products
[16/07/2014] Vulnerabilities were identified in the Oracle Database, Oracle Fusion Applications and Middleware, Oracle Hyperion, Oracle E-Business Suite, Oracle Supply Chain Product Suite, Oracle PeopleSoft Enterprise, Oracle Siebel, Oracle Communications Applications, Oracle Retail Industry Suite, Oracle Java SE, Oracle and Sun Systems Products Suite, Oracle Linux and Virtualization Products and Oracle MySQL Product Suite. An attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products.
URL:www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2125_https_to
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2126_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0099_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0119_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnu_libtasn1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnutls
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_lighttpd
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
URL:www.hkcert.org/my_url/en/alert/14071601
URL:www.hkcert.org/my_url/en/alert/14071602
URL:www.hkcert.org/my_url/en/alert/14071603
URL:www.us-cert.gov/ncas/current-activity/2014/07/15/Oracle-Releases-July-2014-Security-Advisory
24. Vulnerability in Cisco IOS XR Software
[16/07/2014] Vulnerability was identified in the Cisco IOS XR Software. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321
URL:xforce.iss.net/xforce/xfdb/94487
25. Vulnerabilities in HP Products (c04349175, c04357076, c04368523, 94490, 94492)
[16/07/2014] Vulnerabilities were identified in the HP Smart Update Manager, HP Universal CMDB, HP Software Operation Orchestration, HP Intelligent Management Center and HP Branch Intelligent Management System. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04349175
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04357076
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04368523-1
URL:xforce.iss.net/xforce/xfdb/94490
URL:xforce.iss.net/xforce/xfdb/94492
URL:secunia.com/advisories/58912/
URL:secunia.com/advisories/59342/
URL:secunia.com/advisories/59895/
26. Vulnerabilities in IBM Products (S1004745, 1677298, 1677299, 1677300, 1677301, 1677304, 1677306, 1677335, 1678183)
[16/07/2014] Vulnerabilities were identified in the IBM SAN Volume Controller, IBM Storwize, IBM Flex System, IBM InfoSphere Master Data Management - Collaborative Edition, IBM InfoSphere Master Data Management Server for Product Information Management, IBM Tivoli Provisioning Manager and IBM Rational Systems Tester. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004745
URL:www.ibm.com/support/docview.wss?uid=swg21677298
URL:www.ibm.com/support/docview.wss?uid=swg21677299
URL:www.ibm.com/support/docview.wss?uid=swg21677300
URL:www.ibm.com/support/docview.wss?uid=swg21677301
URL:www.ibm.com/support/docview.wss?uid=swg21677304
URL:www.ibm.com/support/docview.wss?uid=swg21677306
URL:www.ibm.com/support/docview.wss?uid=swg21677335
URL:www.ibm.com/support/docview.wss?uid=swg21678183
URL:secunia.com/advisories/57809/
URL:secunia.com/advisories/59662/
URL:secunia.com/advisories/59717/
URL:secunia.com/advisories/59839/
27. Vulnerability in IPython's Notebook server (94497)
[16/07/2014] Vulnerability was identified in the IPython's Notebook server. An attacker could gain elevated privileges and execute arbitrary code. This vulnerability affects version 0.12 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/94497
28. Security Updates in Red Hat Products (RHSA-2014:0883-1, RHSA-2014:0885-1)
[16/07/2014] Red Hat has released security update packages for fixing the vulnerability identified in the JBoss Enterprise Application Platform 5.2.0 and 6.2.4 packages for Red Hat Enterprise Linux 4, 5 and 6. An attacker could bypass security restrictions and execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2014-0883.html
URL:rhn.redhat.com/errata/RHSA-2014-0885.html
29. Security Updates in SUSE (SUSE-SU-2014:0897-1, SUSE-SU-2014:0902-1)
[16/07/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player and struts packages for SUSE Linux Enterprise 11, SUSE Manager Server and SUSE Manager 1.7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00008.html
30. Security Updates in Ubuntu GNU/Linux (usn-2277-1, usn-2278-1)
[16/07/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libav and file packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. An attacker could gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2277-1/
URL:www.ubuntu.com/usn/usn-2278-1/
31. Vulnerability in IBM Rational Application Developer (1675938)
[15/07/2014] Vulnerability was identified in the IBM Rational Application Developer. An attacker could bypass security restrictions, obtain sensitive information and perform man-in-the-middle attacks. This vulnerability affects versions 9.0.1 and earlier of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21675938
URL:secunia.com/advisories/59037/
32. Vulnerability in Kaseya's agent driver (VU#204988)
[15/07/2014] Vulnerability was identified in the Kaseya's agent driver. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/204988
33. Vulnerability in OpenVPN PrivateTunnel (94482)
[15/07/2014] Vulnerability was identified in the OpenVPN PrivateTunnel. An attacker could gain elevated privileges and execute arbitrary code. This vulnerability affects version 2.3.8 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/94482
34. Vulnerability in Cloudflare (94479)
[15/07/2014] Vulnerability was identified in the Cloudflare golz4 package. An attacker could execute arbitrary code. The affected version was not specified. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/94479
35. Security Updates in Debian (DSA-2978-1)
[15/07/2014] Debian has released security update packages for fixing the vulnerability identified in the libxml2 package for multiple versions of Debian GNU/Linux. An attacker could cause a denial of service condition.
URL:www.debian.org/security/2014/dsa-2978
36. Security Updates in Red Hat Products (RHSA-2014:0876-1, RHSA-2014:0877-1)
[15/07/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the ruby193-rubygem-activerecord and ror40-rubygem-activerecord packages for Red Hat Software Collections 1 for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could perform code injection attacks.
URL:rhn.redhat.com/errata/RHSA-2014-0876.html
URL:rhn.redhat.com/errata/RHSA-2014-0877.html
37. Vulnerabilities in IBM Products (1674539, 1675881, 1677527, 1677695, 1677913, 1678231)
[14/07/2014] Vulnerabilities were identified in the IBM WebSphere Business Events, IBM WebSphere ILOG JRules, IBM WebSphere Operational Decision Management, IBM Operational Decision Manager, IBM Algo Credit Limit, IBM InfoSphere Guardium, IBM Initiate Master Data Service, IBM InfoSphere Master Data Management, IBM WebSphere Appliance Management Center and IBM Rational Lifecycle Integration Adapters. An attacker could obtain sensitive information, bypass security restrictions, conduct cross-site request forgery and cross-site scripting attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21674539
URL:www-01.ibm.com/support/docview.wss?uid=swg21675881
URL:www-01.ibm.com/support/docview.wss?uid=swg21677527
URL:www-01.ibm.com/support/docview.wss?uid=swg21677695
URL:www-01.ibm.com/support/docview.wss?uid=swg21677913
URL:www-01.ibm.com/support/docview.wss?uid=swg21678231
URL:secunia.com/advisories/59023/
URL:secunia.com/advisories/59296/
URL:secunia.com/advisories/59413/
URL:secunia.com/advisories/59669/
URL:secunia.com/advisories/59872/
URL:secunia.com/advisories/59873/
38. Vulnerability in Cisco Adaptive Security Appliance
[14/07/2014] Vulnerability was identified in the Cisco Adaptive Security Appliance. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6691
39. Vulnerabilities in Apache Traffic Server
[14/07/2014] Vulnerabilities were identified in the Apache Traffic Server. An attacker could perform symlink attacks and manipulate arbitrary files. These vulnerabilities affect version 4.2.2 and possibly other versions of the mentioned product.
URL:secunia.com/advisories/58998/
40. Vulnerabilities in Datum Systems satellite modem devices (VU#917348)
[14/07/2014] Vulnerabilities were identified in the Datum Systems satellite modem devices. An attacker could gain full control of the devices and obtain sensitive information. These vulnerabilities affect PSM-4500 and PSM-500 series of the mentioned products.
URL:www.kb.cert.org/vuls/id/917348
41. Security Updates in Oracle Products (ELSA-2014-0865)
[14/07/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the tomcat6 package for Oracle Linux. Due to multiple errors, an attacker could bypass security restrictions and obtain sensitive information.
URL:linux.oracle.com/errata/ELSA-2014-0865.html
URL:secunia.com/advisories/59849/
42. Security Updates in Debian (DSA-2976-1, DSA-2977-1)
[14/07/2014] Debian has released security update packages for fixing the vulnerabilities identified in the eglibc and libav packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions and execute arbitrary code.
URL:www.debian.org/security/2014/dsa-2976
URL:www.debian.org/security/2014/dsa-2977
43. Security Updates in Mandriva (MDVSA-2014:136, MDVSA-2014:137, MDVSA-2014:138)
[14/07/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the samba, apache-mod_wsgi and asterisk packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and cause a denial of service condition.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:136/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:137/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:138/
44. Security Updates in Slackware (SSA:2014-192-01)
[14/07/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the php packages for multiple versions of Slackware Linux. The security impacts caused by the vulnerabilities were not specified.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.413705
[18/07/2014] Microsoft has updated information on the Security Advisory for the SSL certificates in Microsoft products. KB2982792 was revised to announce the availability of update 2982792 for supported editions of Windows Server 2003.
URL:technet.microsoft.com/library/security/2982792
2. Vulnerability in Cisco Unified Communications Domain Manager
[18/07/2014] Vulnerability was identified in the Cisco Unified Communications Domain Manager. An attacker could bypass security restrictions and perform spoofing attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3320
3. Vulnerabilities in HP Products (c04355129, c04363613, c04369484, c04343424)
[18/07/2014] Vulnerabilities were identified in the HP SiteScope, HP Operations Analytics, HP Intelligent Management Center (iMC), HP Branch Intelligent Management System (BIMS), HP IceWall SSO Dfw and HP IceWall MCRP. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04355129
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04363613
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04343424-1
URL:secunia.com/advisories/58875/
URL:secunia.com/advisories/59769/
URL:secunia.com/advisories/59818/
URL:secunia.com/advisories/60051/
4. Vulnerabilities in Citrix XenServer (CTX140984)
[18/07/2014] Vulnerabilities were identified in the Citrix XenServer. An attacker could obtain sensitive information and overflow a buffer. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.citrix.com/article/CTX140984
URL:xforce.iss.net/xforce/xfdb/94631
5. Vulnerabilities in Google Chrome
[18/07/2014] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 36.0.1985.125 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/07/stable-channel-update.html
URL:xforce.iss.net/xforce/xfdb/94629
6. Vulnerability in Alfresco (94638)
[18/07/2014] Vulnerability was identified in the Alfresco. An attacker could bypass security restrictions, gain elevated privileges and perform spoofing attacks. This vulnerability affects version 4.2.f of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/94638
7. Vulnerability in Boat Browser (94635)
[18/07/2014] Vulnerability was identified in the Boat Browser for Android. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 8.0 and 8.0.1 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/94635
8. Vulnerabilities in Drupal (SA-CORE-2014-003)
[18/07/2014] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, perform cross-site scripting attacks and cause a denial of service condition. These vulnerabilities affect versions prior to 6.32 for Drupal 6.x and versions prior to 7.29 for Drupal 7.x of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/SA-CORE-2014-003
URL:www.drupal.org/drupal-6.32-release-notes
URL:www.drupal.org/drupal-7.29-release-notes
URL:www.hkcert.org/my_url/en/alert/14071802
9. Security Updates in Oracle Products (ELSA-2014-0889, ELSA-2014-0890)
[18/07/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk package for Oracle Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system.
URL:linux.oracle.com/errata/ELSA-2014-0889.html
URL:linux.oracle.com/errata/ELSA-2014-0890.html
URL:secunia.com/advisories/60095/
10. Security Updates in Debian (DSA-2979-1)
[18/07/2014] Debian has released security update packages for fixing the vulnerabilities identified in the fail2ban package for multiple versions of Debian GNU/Linux. An attacker could cause a denial of service condition.
URL:www.debian.org/security/2014/dsa-2979
11. Security Updates in Red Hat Products (RHSA-2014:0899-1, RHSA-2014:0900-1)
[18/07/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the openstack-neutron packages for Red Hat Enterprise Linux OpenStack Platform 4.0, and kernel packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information and execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2014-0899.html
URL:rhn.redhat.com/errata/RHSA-2014-0900.html
12. Security Updates in SUSE (SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, openSUSE-SU-2014:0913-1)
[18/07/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux kernel packages for SUSE Linux Enterprise 11, the flash-player packages for openSUSE 11.4. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00017.html
13. Security Updates in Ubuntu GNU/Linux (usn-2281-1, usn-2282-1, usn-2283-1, usn-2284-1, usn-2285-1, usn-2286-1, usn-2287-1, usn-2288-1, usn-2289-1, usn-2290-1, usn-2291-1, usn-2292-1)
[18/07/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux-ec2, linux, linux-ti-omap4, inux-lts-quantal, linux-lts-raring, linux-lts-saucy, linux-lts-trusty, mysql-5.5 and liblwp-protocol-https-perl packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2281-1/
URL:www.ubuntu.com/usn/usn-2282-1/
URL:www.ubuntu.com/usn/usn-2283-1/
URL:www.ubuntu.com/usn/usn-2284-1/
URL:www.ubuntu.com/usn/usn-2285-1/
URL:www.ubuntu.com/usn/usn-2286-1/
URL:www.ubuntu.com/usn/usn-2287-1/
URL:www.ubuntu.com/usn/usn-2288-1/
URL:www.ubuntu.com/usn/usn-2289-1/
URL:www.ubuntu.com/usn/usn-2290-1/
URL:www.ubuntu.com/usn/usn-2291-1/
URL:www.ubuntu.com/usn/usn-2292-1/
14. Information Updates on Microsoft Security Bulletins (MS14-009, MS14-030, MS14-039)
[17/07/2014] Microsoft has updated information on the Security Bulletins for Microsoft .NET Framework and Microsoft Windows. (a) MS14-009 was updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes". (b) MS14-030 was updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes". (c) MS14-039 was updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
URL:technet.microsoft.com/library/security/ms14-009
URL:technet.microsoft.com/library/security/ms14-030
URL:technet.microsoft.com/library/security/ms14-039
15. Vulnerabilities in Cisco Products (ciscosa-20140716-cm)
[17/07/2014] Vulnerabilities were identified in multiple Cisco Wireless Residential Gateway products and Cisco Unified Contact Center Enterprise. An attacker could obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3323
URL:www.us-cert.gov/ncas/current-activity/2014/07/16/Cisco-Addresses-Wireless-Residential-Gateway-Vulnerability
16. Vulnerabilities in HP Products (c04367164, c04368264)
[17/07/2014] Vulnerabilities were identified in the HP NonStop and HP OneView. An attacker could gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04367164-1
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04368264-1
URL:secunia.com/advisories/59916/
URL:secunia.com/advisories/60049/
17. Vulnerabilities in IBM Products (00001841, 00001843, 1677448, 1677449, 1677451, 1677452)
[17/07/2014] Vulnerabilities were identified in the IBM Tivoli Composite Application Manager for Transactions Internet Service Monitoring and IBM OpenPages GRC Platform. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg400001841
URL:www.ibm.com/support/docview.wss?uid=isg400001843
URL:www.ibm.com/support/docview.wss?uid=swg21677448
URL:www.ibm.com/support/docview.wss?uid=swg21677449
URL:www.ibm.com/support/docview.wss?uid=swg21677451
URL:www.ibm.com/support/docview.wss?uid=swg21677452
URL:secunia.com/advisories/59130/
URL:secunia.com/advisories/59451/
URL:secunia.com/advisories/60057/
URL:secunia.com/advisories/60058/
18. Vulnerabilities in Novell iPrint Appliance (5188790, 5188810)
[17/07/2014] Vulnerabilities were identified in the Novell iPrint Appliance. An attacker could gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect version 1.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=CLWJNCtPI_U~
URL:download.novell.com/Download?buildid=ZuVlZaBiK4g~
19. Security Updates in Gentoo Linux (GLSA 201407-03, GLSA 201407-04)
[17/07/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the xen and GnuPG packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could execute arbitrary code and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201407-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201407-04.xml
20. Security Updates in Red Hat Products (RHSA-2014:0889-1, RHSA-2014:0890-1, RHSA-2014:0898-1)
[17/07/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk packages for Red Hat Enterprise Linux 5, 6 and 7, the Red Hat JBoss Enterprise Web Platform 5.2.0 packages for Red Hat Enterprise Linux 4, 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and perform advanced XXE attacks.
URL:rhn.redhat.com/errata/RHSA-2014-0889.html
URL:rhn.redhat.com/errata/RHSA-2014-0890.html
URL:rhn.redhat.com/errata/RHSA-2014-0898.html
21. Security Updates in SUSE (openSUSE-SU-2014:0903-1, SUSE-SU-2014:0904-1, SUSE-SU-2014:0905-1,SUSE-SU-2014:0908-1)
[17/07/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages for openSUSE 12.3 and 13.1, the lzo, Mozilla Firefox and Linux kernel packages for SUSE Linux Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00012.html
22. Security Updates in Ubuntu GNU/Linux (usn-2279-1, usn-2280-1)
[17/07/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the transmission and miniupnpc packages for versions 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2279-1/
URL:www.ubuntu.com/usn/usn-2280-1/
23. Vulnerabilities in Oracle Products
[16/07/2014] Vulnerabilities were identified in the Oracle Database, Oracle Fusion Applications and Middleware, Oracle Hyperion, Oracle E-Business Suite, Oracle Supply Chain Product Suite, Oracle PeopleSoft Enterprise, Oracle Siebel, Oracle Communications Applications, Oracle Retail Industry Suite, Oracle Java SE, Oracle and Sun Systems Products Suite, Oracle Linux and Virtualization Products and Oracle MySQL Product Suite. An attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products.
URL:www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2125_https_to
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2126_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0099_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0119_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnu_libtasn1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnutls
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_lighttpd
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
URL:www.hkcert.org/my_url/en/alert/14071601
URL:www.hkcert.org/my_url/en/alert/14071602
URL:www.hkcert.org/my_url/en/alert/14071603
URL:www.us-cert.gov/ncas/current-activity/2014/07/15/Oracle-Releases-July-2014-Security-Advisory
24. Vulnerability in Cisco IOS XR Software
[16/07/2014] Vulnerability was identified in the Cisco IOS XR Software. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321
URL:xforce.iss.net/xforce/xfdb/94487
25. Vulnerabilities in HP Products (c04349175, c04357076, c04368523, 94490, 94492)
[16/07/2014] Vulnerabilities were identified in the HP Smart Update Manager, HP Universal CMDB, HP Software Operation Orchestration, HP Intelligent Management Center and HP Branch Intelligent Management System. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04349175
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04357076
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04368523-1
URL:xforce.iss.net/xforce/xfdb/94490
URL:xforce.iss.net/xforce/xfdb/94492
URL:secunia.com/advisories/58912/
URL:secunia.com/advisories/59342/
URL:secunia.com/advisories/59895/
26. Vulnerabilities in IBM Products (S1004745, 1677298, 1677299, 1677300, 1677301, 1677304, 1677306, 1677335, 1678183)
[16/07/2014] Vulnerabilities were identified in the IBM SAN Volume Controller, IBM Storwize, IBM Flex System, IBM InfoSphere Master Data Management - Collaborative Edition, IBM InfoSphere Master Data Management Server for Product Information Management, IBM Tivoli Provisioning Manager and IBM Rational Systems Tester. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive information and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004745
URL:www.ibm.com/support/docview.wss?uid=swg21677298
URL:www.ibm.com/support/docview.wss?uid=swg21677299
URL:www.ibm.com/support/docview.wss?uid=swg21677300
URL:www.ibm.com/support/docview.wss?uid=swg21677301
URL:www.ibm.com/support/docview.wss?uid=swg21677304
URL:www.ibm.com/support/docview.wss?uid=swg21677306
URL:www.ibm.com/support/docview.wss?uid=swg21677335
URL:www.ibm.com/support/docview.wss?uid=swg21678183
URL:secunia.com/advisories/57809/
URL:secunia.com/advisories/59662/
URL:secunia.com/advisories/59717/
URL:secunia.com/advisories/59839/
27. Vulnerability in IPython's Notebook server (94497)
[16/07/2014] Vulnerability was identified in the IPython's Notebook server. An attacker could gain elevated privileges and execute arbitrary code. This vulnerability affects version 0.12 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/94497
28. Security Updates in Red Hat Products (RHSA-2014:0883-1, RHSA-2014:0885-1)
[16/07/2014] Red Hat has released security update packages for fixing the vulnerability identified in the JBoss Enterprise Application Platform 5.2.0 and 6.2.4 packages for Red Hat Enterprise Linux 4, 5 and 6. An attacker could bypass security restrictions and execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2014-0883.html
URL:rhn.redhat.com/errata/RHSA-2014-0885.html
29. Security Updates in SUSE (SUSE-SU-2014:0897-1, SUSE-SU-2014:0902-1)
[16/07/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player and struts packages for SUSE Linux Enterprise 11, SUSE Manager Server and SUSE Manager 1.7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00008.html
30. Security Updates in Ubuntu GNU/Linux (usn-2277-1, usn-2278-1)
[16/07/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libav and file packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. An attacker could gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2277-1/
URL:www.ubuntu.com/usn/usn-2278-1/
31. Vulnerability in IBM Rational Application Developer (1675938)
[15/07/2014] Vulnerability was identified in the IBM Rational Application Developer. An attacker could bypass security restrictions, obtain sensitive information and perform man-in-the-middle attacks. This vulnerability affects versions 9.0.1 and earlier of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21675938
URL:secunia.com/advisories/59037/
32. Vulnerability in Kaseya's agent driver (VU#204988)
[15/07/2014] Vulnerability was identified in the Kaseya's agent driver. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/204988
33. Vulnerability in OpenVPN PrivateTunnel (94482)
[15/07/2014] Vulnerability was identified in the OpenVPN PrivateTunnel. An attacker could gain elevated privileges and execute arbitrary code. This vulnerability affects version 2.3.8 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/94482
34. Vulnerability in Cloudflare (94479)
[15/07/2014] Vulnerability was identified in the Cloudflare golz4 package. An attacker could execute arbitrary code. The affected version was not specified. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/94479
35. Security Updates in Debian (DSA-2978-1)
[15/07/2014] Debian has released security update packages for fixing the vulnerability identified in the libxml2 package for multiple versions of Debian GNU/Linux. An attacker could cause a denial of service condition.
URL:www.debian.org/security/2014/dsa-2978
36. Security Updates in Red Hat Products (RHSA-2014:0876-1, RHSA-2014:0877-1)
[15/07/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the ruby193-rubygem-activerecord and ror40-rubygem-activerecord packages for Red Hat Software Collections 1 for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could perform code injection attacks.
URL:rhn.redhat.com/errata/RHSA-2014-0876.html
URL:rhn.redhat.com/errata/RHSA-2014-0877.html
37. Vulnerabilities in IBM Products (1674539, 1675881, 1677527, 1677695, 1677913, 1678231)
[14/07/2014] Vulnerabilities were identified in the IBM WebSphere Business Events, IBM WebSphere ILOG JRules, IBM WebSphere Operational Decision Management, IBM Operational Decision Manager, IBM Algo Credit Limit, IBM InfoSphere Guardium, IBM Initiate Master Data Service, IBM InfoSphere Master Data Management, IBM WebSphere Appliance Management Center and IBM Rational Lifecycle Integration Adapters. An attacker could obtain sensitive information, bypass security restrictions, conduct cross-site request forgery and cross-site scripting attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21674539
URL:www-01.ibm.com/support/docview.wss?uid=swg21675881
URL:www-01.ibm.com/support/docview.wss?uid=swg21677527
URL:www-01.ibm.com/support/docview.wss?uid=swg21677695
URL:www-01.ibm.com/support/docview.wss?uid=swg21677913
URL:www-01.ibm.com/support/docview.wss?uid=swg21678231
URL:secunia.com/advisories/59023/
URL:secunia.com/advisories/59296/
URL:secunia.com/advisories/59413/
URL:secunia.com/advisories/59669/
URL:secunia.com/advisories/59872/
URL:secunia.com/advisories/59873/
38. Vulnerability in Cisco Adaptive Security Appliance
[14/07/2014] Vulnerability was identified in the Cisco Adaptive Security Appliance. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6691
39. Vulnerabilities in Apache Traffic Server
[14/07/2014] Vulnerabilities were identified in the Apache Traffic Server. An attacker could perform symlink attacks and manipulate arbitrary files. These vulnerabilities affect version 4.2.2 and possibly other versions of the mentioned product.
URL:secunia.com/advisories/58998/
40. Vulnerabilities in Datum Systems satellite modem devices (VU#917348)
[14/07/2014] Vulnerabilities were identified in the Datum Systems satellite modem devices. An attacker could gain full control of the devices and obtain sensitive information. These vulnerabilities affect PSM-4500 and PSM-500 series of the mentioned products.
URL:www.kb.cert.org/vuls/id/917348
41. Security Updates in Oracle Products (ELSA-2014-0865)
[14/07/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the tomcat6 package for Oracle Linux. Due to multiple errors, an attacker could bypass security restrictions and obtain sensitive information.
URL:linux.oracle.com/errata/ELSA-2014-0865.html
URL:secunia.com/advisories/59849/
42. Security Updates in Debian (DSA-2976-1, DSA-2977-1)
[14/07/2014] Debian has released security update packages for fixing the vulnerabilities identified in the eglibc and libav packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions and execute arbitrary code.
URL:www.debian.org/security/2014/dsa-2976
URL:www.debian.org/security/2014/dsa-2977
43. Security Updates in Mandriva (MDVSA-2014:136, MDVSA-2014:137, MDVSA-2014:138)
[14/07/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the samba, apache-mod_wsgi and asterisk packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and cause a denial of service condition.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:136/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:137/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:138/
44. Security Updates in Slackware (SSA:2014-192-01)
[14/07/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the php packages for multiple versions of Slackware Linux. The security impacts caused by the vulnerabilities were not specified.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.413705
Subscribe to:
Posts (Atom)