1. Vulnerabilities in Cisco Products
[25/07/2014] Vulnerabilities were identified in the Cisco WebEx Meetings
Server, Cisco TelePresence Server Software and Cisco Security Manager. An
attacker could obtain sensitive information, conduct cross-site scripting
attacks and execute arbitrary code. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3301
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326
2. Vulnerabilities in IBM Products (T1021009, 00001851,
00001852, 1670298, 1678196)
[25/07/2014] Vulnerabilities were identified in the IBM Cloud Manager with
OpenStack, IBM InfoSphere Data Click and IBM Tivoli Workload Scheduler. An
attacker could obtain sensitive information, cause a denial of service
condition, conduct SQL injection, clickjacking, cross-site scripting and
cross-site forgery attacks, gain elevated privileges and compromise a vulnerable
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=isg3T1021009
URL:www-01.ibm.com/support/docview.wss?uid=isg400001851
URL:www-01.ibm.com/support/docview.wss?uid=isg400001852
URL:www-01.ibm.com/support/docview.wss?uid=swg21670298
URL:www-01.ibm.com/support/docview.wss?uid=swg21678196
URL:secunia.com/advisories/59672/
URL:secunia.com/advisories/59716/
URL:secunia.com/advisories/59912/
3. Vulnerability in CUPS
(94806)
[25/07/2014]
Vulnerability was identified in the CUPS. An
attacker could gain elevated privileges. This vulnerability affects versions
prior to 1.7.4 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94806
4. Vulnerability in BulletProof FTP Client
(VU#565580)
[25/07/2014] Vulnerability was identified in the BulletProof FTP Client.
An attacker could cause a buffer overflow and execute arbitrary code. This
vulnerability affects versions 2010 of the mentioned
product.
URL:www.kb.cert.org/vuls/id/565580
5. Vulnerability in TestRail
(VU#669804)
[25/07/2014] Vulnerability was identified in the TestRail. An attacker
could perform cross-site scripting attacks. This vulnerability affects version
3.1.1.3130 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.kb.cert.org/vuls/id/669804
6. Security Updates in Oracle Products (ELSA-2014-0917,
ELSA-2014-0919, ELSA-2014-0920, ELSA-2014-0924)
[25/07/2014] Oracle has released security update packages for fixing the
vulnerabilities identified in the nss, nspr, firefox, httpd and kernel packages
for Oracle Linux 5, 6 and 7. An attacker could conduct spoofing attacks, obtain
sensitive information, cause a denial of service condition, gain elevated
privileges and compromise a user's
system.
URL:linux.oracle.com/errata/ELSA-2014-0917.html
URL:linux.oracle.com/errata/ELSA-2014-0919.html
URL:linux.oracle.com/errata/ELSA-2014-0920.html
URL:linux.oracle.com/errata/ELSA-2014-0924.html
URL:secunia.com/advisories/60301/
URL:secunia.com/advisories/60393/
URL:secunia.com/advisories/60396/
URL:secunia.com/advisories/60402/
7. Security Updates in Red Hat Products
(RHSA-2014:0888-1)
[25/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm-rhev packages for Red Hat Enterprise Linux OpenStack Platform
3.0 and 4.0. Due to multiple errors, an attacker could cause buffer overflow and
execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-0888.html
8. Security Updates in Ubuntu GNU/Linux (USN-2284-1,
USN-2300-1, USN-2301-1)
[25/07/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux-ti-omap4, lzo2 and jinja2 packages for versions 12.04 LTS and 14.04
LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could gain elevated
privileges, cause a denial of service condition, obtain sensitive information,
execute arbitrary code and crash the
system.
URL:www.ubuntu.com/usn/usn-2284-1/
URL:www.ubuntu.com/usn/usn-2300-1/
URL:www.ubuntu.com/usn/usn-2301-1/
9. Security Updates in Slackware (SSA:2014-204-01,
SSA:2014-204-02, SSA:2014-204-03)
[25/07/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the httpd, mozilla-firefox and mozilla-thunderbird packages for multiple
versions of Slackware Linux. An attacker could cause a denial of service
condition and cause a buffer
overflow.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.355252
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.359820
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.616658
10.
Vulnerability in Cisco IOS XR
Software
[24/07/2014]
Vulnerability was identified in the Cisco IOS XR
Software. An attacker could cause a denial of service condition. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322
11.
Vulnerability in HP Network
Virtualization (c04374202)
[24/07/2014] Vulnerability was identified in the HP Network
Virtualization. An attacker could execute arbitrary code and obtain sensitive
information. This vulnerability affects version 8.6 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
URL:xforce.iss.net/xforce/xfdb/94782
URL:xforce.iss.net/xforce/xfdb/94783
12.
Vulnerabilities in IBM Products
(S1004803, S1004805, S1004807, S7003881, 1660394, 1678398, 1678399, 1678400,
1678544, 1678893)
[24/07/2014] Vulnerabilities were identified in the IBM Storage DS8870,
IBM Real-time Compression Appliances, IBM Content Classification, IBM InfoSphere
Classification Module, IBM QRadar Security Information and Event Manager (SIEM),
IBM Tivoli Directory Server, IBM Security Directory Server and IBM Cognos
Concert. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, obtain sensitive information and cause a
denial of service condition. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004803
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004805
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004807
URL:www.ibm.com/support/docview.wss?uid=ssg1S7003881
URL:www.ibm.com/support/docview.wss?uid=swg21660394
URL:www.ibm.com/support/docview.wss?uid=swg21678398
URL:www.ibm.com/support/docview.wss?uid=swg21678399
URL:www.ibm.com/support/docview.wss?uid=swg21678400
URL:www.ibm.com/support/docview.wss?uid=swg21678544
URL:www.ibm.com/support/docview.wss?uid=swg21678893
URL:secunia.com/advisories/58515/
URL:secunia.com/advisories/59908/
URL:secunia.com/advisories/59910/
URL:secunia.com/advisories/59951/
URL:secunia.com/advisories/59980/
URL:secunia.com/advisories/59983/
URL:secunia.com/advisories/59988/
13.
Vulnerability in Novell Identity Manager
(5189091)
[24/07/2014]
Vulnerability was identified in the Novell
Identity Manager. An attacker could gain elevated privileges, execute arbitrary
code, obtain sensitive information and cause a denial of service condition. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:download.novell.com/Download?buildid=c1XRCuRSy-8~
14.
Vulnerability in LPAR2RRD
(94784)
[24/07/2014]
Vulnerability was identified in the LPAR2RRD. An
attacker could execute arbitrary code. This vulnerability affects versions prior
to 3.5 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94784
15.
Security Updates in Oracle Products
(ELSA-2014-0907)
[24/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the java-1.6.0-openjdk packages for Oracle Linux 5 and 6. An attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code and compromise a user's
system.
URL:linux.oracle.com/errata/ELSA-2014-0907.html
URL:secunia.com/advisories/60270/
16.
Security Updates in Debian
(DSA-2984-1)
[24/07/2014] Debian has
released security update packages for fixing the vulnerability identified in the
acpi-support packages for multiple versions of Debian GNU/Linux. An attacker
could gain elevated privileges and execute arbitrary
code.
URL:www.debian.org/security/2014/dsa-2984
17.
Security Updates in SUSE
(SUSE-SU-2014:0928-1, SUSE-SU-2014:0931-1)
[24/07/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ppc64-diag and libtasn1 packages for SUSE Linux Enterprise 11. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00019.html
18.
Security Updates in Red Hat Products
(RHSA-2014:0920-1, RHSA-2014:0922-1, RHSA-2014:0924-1, RHSA-2014:0925-1,
RHSA-2014:0926-1)
[24/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the httpd and kernel packages for Red Hat Enterprise Linux 5 and 6, and the
httpd24-httpd packages for Red Hat Software Collections 1 for Red Hat Enterprise
Linux 6. Due to multiple errors, an attacker could obtain sensitive information,
execute arbitrary code, gain elevated privileges, cause a denial of service
condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-0920.html
URL:rhn.redhat.com/errata/RHSA-2014-0922.html
URL:rhn.redhat.com/errata/RHSA-2014-0924.html
URL:rhn.redhat.com/errata/RHSA-2014-0925.html
URL:rhn.redhat.com/errata/RHSA-2014-0926.html
19.
Security Updates in Ubuntu GNU/Linux
(usn-2298-1, usn-2299-1)
[24/07/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
oxide-qt and apache2 packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could obtain sensitive
information, execute arbitrary code, gain elevated privileges and cause a denial
of service
condition.
URL:www.ubuntu.com/usn/usn-2298-1/
URL:www.ubuntu.com/usn/usn-2299-1/
20.
Vulnerabilities in Mozilla Products (MFSA
2014-55, MFSA 2014-56, MFSA 2014-57, MFSA 2014-58, MFSA 2014-59, MFSA 2014-60,
MFSA 2014-61, MFSA 2014-62, MFSA 2014-63, MFSA 2014-64, MFSA 2014-65, MFSA
2014-66)
[23/07/2014]
Vulnerabilities were identified in Mozilla
Firefox, Firefox ESR, Thunderbird. An attacker could execute arbitrary code,
obtain sensitive information, cause a denial of service condition and crash the
application. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/security/announce/2014/mfsa2014-55.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-56.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-57.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-58.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-59.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-60.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-61.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-62.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-63.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-64.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-65.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-66.html
URL:www.mozilla.org/security/known-vulnerabilities/firefox.html
URL:www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
URL:www.mozilla.org/security/known-vulnerabilities/thunderbird.html
URL:www.hkcert.org/my_url/en/alert/14072301
URL:www.us-cert.gov/ncas/current-activity/2014/07/22/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and
21.
Vulnerabilities in Apache HTTP
Server
[23/07/2014]
Vulnerabilities were identified in the Apache
HTTP Server. An attacker could cause a denial of service condition and crash the
system. These vulnerabilities affect version 2.2.27 and possibly prior versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
URL:secunia.com/advisories/60274/
22.
Vulnerabilities in IBM Products
(S1004738, S1004747, S1004802, 1677247, 1678048, 1678123, 1678218, 1678364,
1678373)
[23/07/2014]
Vulnerabilities were identified in the IBM
Storwize V7000 Unified, IBM SmartCloud Provisioning 2.1 for IBM Provided
Software Virtual Appliance, IBM Tivoli Composite Application Manager for
Transactions, IBM FileNet System Monitor, IBM Enterprise Content Management
System Monitor, IBM License Metric Tool and IBM Tivoli Asset Discovery for
Distributed. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, obtain sensitive information and cause a
denial of service condition. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004738
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004747
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004802
URL:www.ibm.com/support/docview.wss?uid=swg21677247
URL:www.ibm.com/support/docview.wss?uid=swg21678048
URL:www.ibm.com/support/docview.wss?uid=swg21678123
URL:www.ibm.com/support/docview.wss?uid=swg21678218
URL:www.ibm.com/support/docview.wss?uid=swg21678364
URL:www.ibm.com/support/docview.wss?uid=swg21678373
URL:secunia.com/advisories/58924/
URL:secunia.com/advisories/59064/
URL:secunia.com/advisories/59271/
URL:secunia.com/advisories/59671/
URL:secunia.com/advisories/59950/
23.
Vulnerability in Symantec Endpoint
Protection Manager (94760)
[23/07/2014] Vulnerability was identified in the Symantec Endpoint
Protection Manager. An attacker could bypass security restriction and perform
brute-force attacks. This vulnerability affects versions 11 and 12.0 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/94760
24.
Vulnerability in Trend Micro
OfficeScan
[23/07/2014]
Vulnerability was identified in the Trend Micro
OfficeScan for Windows. An attacker could obtain sensitive information. This
vulnerability affects version 11 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5
25.
Vulnerabilities in Barracuda Products
(BNSEC-01176, BNSEC-02361)
[23/07/2014] Vulnerabilities were identified in the Barracuda Web Filter,
and Barracuda Networks Spam and Virus Firewall. An attacker could bypass
security restrictions and perform cross-site scripting attacks. There
vulnerabilities affect version 6.0.1 of the Barracuda Web Filter, and version
6.0.2 of the Barracuda Networks Spam and Virus Firewall. Security patches are
available to resolve these
vulnerabilities.
URL:www.barracuda.com/support/knowledgebase/501600000013m4O
URL:www.barracuda.com/support/knowledgebase/501600000013gvh
URL:xforce.iss.net/xforce/xfdb/94761
URL:xforce.iss.net/xforce/xfdb/94762
26.
Vulnerabilities in ZTE AC3633 and MTS
MBlaze Ultra Wi-Fi (94740, 94741 94742, 94743)
[23/07/2014] Vulnerabilities were identified in the ZTE AC3633 and MTS
MBlaze Ultra Wi-Fi. An attacker could bypass security restrictions and perform
cross-site scripting attacks. There vulnerabilities affect multiple versions of
the mentioned
products.
URL:xforce.iss.net/xforce/xfdb/94740
URL:xforce.iss.net/xforce/xfdb/94741
URL:xforce.iss.net/xforce/xfdb/94742
URL:xforce.iss.net/xforce/xfdb/94743
27.
Vulnerability in Moodle
(MDL-46223)
[23/07/2014] Vulnerability was identified in the Moodle. An attacker could
execute arbitrary code and perform cross-site scripting attacks. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:moodle.org/mod/forum/discuss.php?d=264273
URL:xforce.iss.net/xforce/xfdb/94724
28.
Vulnerabilities in phpMyAdmin
(PMASA-2014-6, PMASA-2014-7)
[23/07/2014] Vulnerabilities were identified in the phpMyAdmin. An
attacker could bypass certain security restrictions, execute arbitrary code and
perform code insertion attacks. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
URL:secunia.com/advisories/60191/
29.
Security Updates in Oracle Products
(ELSA-2014-3047, ELSA-2014-3048)
[23/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel packages for Oracle Linux 5 and 6. Due to multiple errors, an
attacker could bypass security restrictions and gain elevated
privileges.
URL:linux.oracle.com/errata/ELSA-2014-3047.html
URL:linux.oracle.com/errata/ELSA-2014-3048.html
URL:secunia.com/advisories/60220/
30.
Security Updates in Debian (DSA-2980-1,
DSA-2985-1)
[23/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the openjdk-6 and mysql-5.5 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-2980
URL:www.debian.org/security/2014/dsa-2985
31.
Security Updates in Red Hat Products
(RHSA-2014:0913-1, RHSA-2014:0915-1, RHSA-2014:0916-1, RHSA-2014:0917-1,
RHSA-2014:0918-1, RHSA-2014:0919-1)
[23/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel-rt packages for Red Hat Enterprise MRG v2 for Red Hat Enterprise
Linux 6, the nss, nspr, thunderbird and firefox packages for Red Hat Enterprise
Linux 5, 6 and 7. Due to multiple errors, an attacker could obtain sensitive
information, execute arbitrary code, gain elevated privileges and cause a denial
of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0913.html
URL:rhn.redhat.com/errata/RHSA-2014-0915.html
URL:rhn.redhat.com/errata/RHSA-2014-0916.html
URL:rhn.redhat.com/errata/RHSA-2014-0917.html
URL:rhn.redhat.com/errata/RHSA-2014-0918.html
URL:rhn.redhat.com/errata/RHSA-2014-0919.html
32.
Security Updates in Ubuntu GNU/Linux
(usn-2293-1)
[23/07/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
libtasn1-3, libtasn1-6, firefox, thunderbird and acpi-support packages for
versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could obtain sensitive information, execute arbitrary code,
gain elevated privileges and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2294-1/
URL:www.ubuntu.com/usn/usn-2295-1/
URL:www.ubuntu.com/usn/usn-2296-1/
URL:www.ubuntu.com/usn/usn-2297-1/
33.
Vulnerabilities in Apache HTTP
Server
[22/07/2014]
Vulnerabilities were identified in the Apache
HTTP Server. An attacker could cause a denial of service condition and crash the
system. These vulnerabilities affect versions prior to 2.4.10 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:httpd.apache.org/security/vulnerabilities_24.html
URL:www.hkcert.org/my_url/en/alert/14072202
URL:secunia.com/advisories/60170/
34.
Vulnerabilities in HP Products
(c04373818, c04281279)
[22/07/2014] Vulnerabilities were identified in the HP Data Protector, HP
StoreVirtual 4000 Storage and StoreVirtual VSA. An attacker could bypass
security restrictions, execute arbitrary code, obtain sensitive information and
gain elevated privileges. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04373818
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04281279-1
URL:secunia.com/advisories/60045/
URL:secunia.com/advisories/60052/
35.
Vulnerabilities in IBM Products
(T1021019, T1021020, S1004776, S1004777, S1004809, S1004822, S1004824, 1677381,
1677802, 1678373)
[22/07/2014] Vulnerabilities were identified in the IBM PowerKVM, IBM
Scale Out Network Attached Storage (SONAS), IBM SmartCloud Provisioning, IBM
Lotus Expeditor and IBM Tivoli Asset Discovery for Distributed. An attacker
could bypass security restrictions, gain elevated privileges, execute arbitrary
code, obtain sensitive information and cause a denial of service condition.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg3T1021019
URL:www.ibm.com/support/docview.wss?uid=isg3T1021020
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004776
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004777
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004809
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004822
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004824
URL:www.ibm.com/support/docview.wss?uid=swg21677381
URL:www.ibm.com/support/docview.wss?uid=swg21677802
URL:www.ibm.com/support/docview.wss?uid=swg21678373
URL:secunia.com/advisories/58736/
URL:secunia.com/advisories/58836/
URL:secunia.com/advisories/58924/
URL:secunia.com/advisories/59667/
URL:secunia.com/advisories/59906/
36.
Vulnerability in Huawei E355 wireless
broadband modems (VU#688812)
[22/07/2014] Vulnerability was identified in the Huawei E355 wireless
broadband modems. An attacker could execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects multiple versions of
the mentioned
products.
URL:www.kb.cert.org/vuls/id/688812
37.
Vulnerability in Tenable
Nessus
[22/07/2014]
Vulnerability was identified in the Tenable
Nessus Web UI. An attacker could obtain sensitive information. This
vulnerability affects versions 5.2.3 to 5.2.7 (Web UI 2.3.4) of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.tenable.com/security/tns-2014-05
URL:www.hkcert.org/my_url/en/alert/14072203
38.
Vulnerabilities in Synology DiskStation
Manager
[22/07/2014]
Vulnerabilities were identified in the Synology
DiskStation Manager. An attacker could obtain sensitive information, execute
arbitrary code, cause a denial of service condition and compromise a vulnerable
system. These vulnerabilities affects versions prior to 4.3-3827 Update 4 and
prior to 5.0-4493 Update 1 of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.synology.com/en-global/releaseNote/model/DS114
URL:www.hkcert.org/my_url/en/alert/14072201
URL:secunia.com/advisories/59810/
URL:secunia.com/advisories/60120/
39.
Vulnerabilities in LZO and
LZ4
[22/07/2014] Vulnerabilities were identified in the LZO and LZ4
compression libraries. An attacker could execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned
products.
URL:www.us-cert.gov/ncas/current-activity/2014/07/21/Vulnerabilities-LZO-and-LZ4-compression-libraries
40.
Security Updates in Oracle Products
(ELSA-2014-0865)
[22/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the Quagga and Lighttpd packages for Oracle Solaris 10 and 11,1. Due to multiple
errors, an attacker could bypass security restrictions, overflow a buffer,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_2236_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_lighthttpd
41.
Security Updates in Debian
(DSA-2983-1)
[22/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the drupal7 package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could cause a denial of service condition and perform
cross-site scripting
attacks.
URL:www.debian.org/security/2014/dsa-2983
42.
Security Updates in Red Hat Products
(RHSA-2014:0907-1, RHSA-2014:0908-1)
[22/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.6.0-openjdk and java-1.6.0-sun packages for Red Hat Enterprise
Linux 5, 6 and 7. Due to multiple errors, an attacker could obtain sensitive
information, execute arbitrary code, gain elevated privileges and cause a denial
of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0907.html
URL:rhn.redhat.com/errata/RHSA-2014-0908.html
43.
Security Updates in Ubuntu GNU/Linux
(usn-2293-1)
[22/07/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
cups packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. An attacker could obtain sensitive information and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2293-1/
44.
Vulnerability in Cisco Unified Customer
Voice Portalis (94662)
[21/07/2014] Vulnerability was identified in the Cisco Unified Customer
Voice Portalis. An attacker could bypass security restrictions and perform
cross-site scripting attacks. This vulnerability affects version 4.0 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/94662
45.
Vulnerability in Barracuda Networks
Message Archiver (BNSEC-00703)
[21/07/2014] Vulnerability was identified in the Barracuda Networks
Message Archiver. An attacker could bypass security restrictions and perform
cross-site scripting attacks. This vulnerability affects version 3.2 and
possibly earlier versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.barracuda.com/support/knowledgebase/501600000013lXe
URL:xforce.iss.net/xforce/xfdb/94699
46.
Vulnerability in EMC RecoverPoint
Appliance (94698)
[21/07/2014] Vulnerability was identified in the EMC RecoverPoint
Appliance. An attacker could bypass security restrictions and cause a denial of
service condition. This vulnerability affects version 4.1 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94698
47.
Vulnerability in ACME
(94707)
[21/07/2014]
Vulnerability was identified in the ACME. An
attacker could cause a denial of service condition and crash the system. The
affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/94707
48.
Vulnerability in Ruby
(94706)
[21/07/2014]
Vulnerability was identified in the Ruby. An
attacker could execute arbitrary code, cause a denial of service condition and
crash the system. This vulnerability affects version 2.1.2p168 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94706
49.
Vulnerability in OpenStack Compute (Nova)
(94664)
[21/07/2014]
Vulnerability was identified in the OpenStack
Compute (Nova). An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects versions 2014.1 and 2014.1.1
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94664
50.
Security Updates in Debian (DSA-2981-1,
DSA-2982-1)
[21/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the polarssl and ruby-activerecord-3.2 packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could cause a denial of service
condition, execute arbitrary code and perform code injection
attacks.
URL:www.debian.org/security/2014/dsa-2981
URL:www.debian.org/security/2014/dsa-2982
51.
Security Updates in Red Hat Products
(RHSA-2014:0902-1)
[21/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.7.0-oracle packages for Red Hat Enterprise Linux 5, 6 and 7. Due
to multiple errors, an attacker could obtain sensitive information, execute
arbitrary code, gain elevated privileges and cause a denial of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0902.html
URL:secunia.com/advisories/60137/
No comments:
Post a Comment