1. Information
Updates on Microsoft Security Advisory (2982792)
[18/07/2014] Microsoft has updated information on the Security Advisory
for the SSL certificates in Microsoft products. KB2982792 was revised to
announce the availability of update 2982792 for supported editions of Windows
Server
2003.
URL:technet.microsoft.com/library/security/2982792
2. Vulnerability in Cisco Unified Communications Domain
Manager
[18/07/2014]
Vulnerability was identified in the Cisco
Unified Communications Domain Manager. An attacker could bypass security
restrictions and perform spoofing attacks. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3320
3. Vulnerabilities in HP Products (c04355129, c04363613,
c04369484, c04343424)
[18/07/2014] Vulnerabilities were identified in the HP SiteScope, HP
Operations Analytics, HP Intelligent Management Center (iMC), HP Branch
Intelligent Management System (BIMS), HP IceWall SSO Dfw and HP IceWall MCRP. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, obtain sensitive information and cause a denial of service
condition. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04355129
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04363613
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04343424-1
URL:secunia.com/advisories/58875/
URL:secunia.com/advisories/59769/
URL:secunia.com/advisories/59818/
URL:secunia.com/advisories/60051/
4. Vulnerabilities in Citrix XenServer
(CTX140984)
[18/07/2014] Vulnerabilities were identified in the Citrix XenServer. An
attacker could obtain sensitive information and overflow a buffer. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:support.citrix.com/article/CTX140984
URL:xforce.iss.net/xforce/xfdb/94631
5. Vulnerabilities in Google
Chrome
[18/07/2014]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, execute arbitrary code
and compromise a vulnerable system. These vulnerabilities affect versions prior
to 36.0.1985.125 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/07/stable-channel-update.html
URL:xforce.iss.net/xforce/xfdb/94629
6. Vulnerability in Alfresco
(94638)
[18/07/2014]
Vulnerability was identified in the Alfresco. An
attacker could bypass security restrictions, gain elevated privileges and
perform spoofing attacks. This vulnerability affects version 4.2.f of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/94638
7. Vulnerability in Boat Browser
(94635)
[18/07/2014]
Vulnerability was identified in the Boat Browser
for Android. An attacker could bypass security restrictions and execute
arbitrary code. This vulnerability affects versions 8.0 and 8.0.1 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/94635
8. Vulnerabilities in Drupal
(SA-CORE-2014-003)
[18/07/2014] Vulnerabilities were identified in the Drupal. An attacker
could bypass security restrictions, perform cross-site scripting attacks and
cause a denial of service condition. These vulnerabilities affect versions prior
to 6.32 for Drupal 6.x and versions prior to 7.29 for Drupal 7.x of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.drupal.org/SA-CORE-2014-003
URL:www.drupal.org/drupal-6.32-release-notes
URL:www.drupal.org/drupal-7.29-release-notes
URL:www.hkcert.org/my_url/en/alert/14071802
9. Security Updates in Oracle Products (ELSA-2014-0889,
ELSA-2014-0890)
[18/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the java-1.7.0-openjdk package for Oracle Linux 5 and 6. Due to multiple errors,
an attacker could bypass security restrictions, execute arbitrary code and
compromise a vulnerable
system.
URL:linux.oracle.com/errata/ELSA-2014-0889.html
URL:linux.oracle.com/errata/ELSA-2014-0890.html
URL:secunia.com/advisories/60095/
10.
Security Updates in Debian
(DSA-2979-1)
[18/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the fail2ban package for multiple versions of Debian GNU/Linux. An attacker
could cause a denial of service
condition.
URL:www.debian.org/security/2014/dsa-2979
11.
Security Updates in Red Hat Products
(RHSA-2014:0899-1, RHSA-2014:0900-1)
[18/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openstack-neutron packages for Red Hat Enterprise Linux OpenStack
Platform 4.0, and kernel packages for Red Hat Enterprise Linux 6. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-0899.html
URL:rhn.redhat.com/errata/RHSA-2014-0900.html
12.
Security Updates in SUSE
(SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1,
SUSE-SU-2014:0912-1, openSUSE-SU-2014:0913-1)
[18/07/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux kernel packages for SUSE Linux Enterprise 11, the flash-player
packages for openSUSE 11.4. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00017.html
13.
Security Updates in Ubuntu GNU/Linux
(usn-2281-1, usn-2282-1, usn-2283-1, usn-2284-1, usn-2285-1, usn-2286-1,
usn-2287-1, usn-2288-1, usn-2289-1, usn-2290-1, usn-2291-1,
usn-2292-1)
[18/07/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux-ec2, linux, linux-ti-omap4, inux-lts-quantal, linux-lts-raring,
linux-lts-saucy, linux-lts-trusty, mysql-5.5 and liblwp-protocol-https-perl
packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2281-1/
URL:www.ubuntu.com/usn/usn-2282-1/
URL:www.ubuntu.com/usn/usn-2283-1/
URL:www.ubuntu.com/usn/usn-2284-1/
URL:www.ubuntu.com/usn/usn-2285-1/
URL:www.ubuntu.com/usn/usn-2286-1/
URL:www.ubuntu.com/usn/usn-2287-1/
URL:www.ubuntu.com/usn/usn-2288-1/
URL:www.ubuntu.com/usn/usn-2289-1/
URL:www.ubuntu.com/usn/usn-2290-1/
URL:www.ubuntu.com/usn/usn-2291-1/
URL:www.ubuntu.com/usn/usn-2292-1/
14.
Information Updates on Microsoft Security
Bulletins (MS14-009, MS14-030, MS14-039)
[17/07/2014] Microsoft
has updated information on the Security Bulletins for Microsoft .NET Framework
and Microsoft Windows. (a) MS14-009 was updated the Known Issues entry in the
Knowledge Base Article section from "None" to "Yes". (b) MS14-030 was updated
the Known Issues entry in the Knowledge Base Article section from "None" to
"Yes". (c) MS14-039 was updated the Known Issues entry in the Knowledge Base
Article section from "None" to
"Yes".
URL:technet.microsoft.com/library/security/ms14-009
URL:technet.microsoft.com/library/security/ms14-030
URL:technet.microsoft.com/library/security/ms14-039
15.
Vulnerabilities in Cisco Products
(ciscosa-20140716-cm)
[17/07/2014] Vulnerabilities were identified in multiple Cisco Wireless
Residential Gateway products and Cisco Unified Contact Center Enterprise. An
attacker could obtain sensitive information and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3323
URL:www.us-cert.gov/ncas/current-activity/2014/07/16/Cisco-Addresses-Wireless-Residential-Gateway-Vulnerability
16.
Vulnerabilities in HP Products
(c04367164, c04368264)
[17/07/2014] Vulnerabilities were identified in the HP NonStop and HP
OneView. An attacker could gain elevated privileges, execute arbitrary code,
obtain sensitive information and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04367164-1
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04368264-1
URL:secunia.com/advisories/59916/
URL:secunia.com/advisories/60049/
17.
Vulnerabilities in IBM Products
(00001841, 00001843, 1677448, 1677449, 1677451,
1677452)
[17/07/2014]
Vulnerabilities were identified in the IBM
Tivoli Composite Application Manager for Transactions Internet Service
Monitoring and IBM OpenPages GRC Platform. An attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, obtain sensitive
information, cause a denial of service condition and compromise a vulnerable
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg400001841
URL:www.ibm.com/support/docview.wss?uid=isg400001843
URL:www.ibm.com/support/docview.wss?uid=swg21677448
URL:www.ibm.com/support/docview.wss?uid=swg21677449
URL:www.ibm.com/support/docview.wss?uid=swg21677451
URL:www.ibm.com/support/docview.wss?uid=swg21677452
URL:secunia.com/advisories/59130/
URL:secunia.com/advisories/59451/
URL:secunia.com/advisories/60057/
URL:secunia.com/advisories/60058/
18.
Vulnerabilities in Novell iPrint
Appliance (5188790, 5188810)
[17/07/2014] Vulnerabilities were identified in the Novell iPrint
Appliance. An attacker could gain elevated privileges, execute arbitrary code,
obtain sensitive information and cause a denial of service condition. These
vulnerabilities affect version 1.0.1 of the mentioned product. Security patches
are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=CLWJNCtPI_U~
URL:download.novell.com/Download?buildid=ZuVlZaBiK4g~
19.
Security Updates in Gentoo Linux (GLSA
201407-03, GLSA 201407-04)
[17/07/2014] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the xen and GnuPG packages for multiple versions of Gentoo Linux. Due to
multiple errors, an attacker could execute arbitrary code and cause a denial of
service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201407-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201407-04.xml
20.
Security Updates in Red Hat Products
(RHSA-2014:0889-1, RHSA-2014:0890-1,
RHSA-2014:0898-1)
[17/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.7.0-openjdk packages for Red Hat Enterprise Linux 5, 6 and 7, the
Red Hat JBoss Enterprise Web Platform 5.2.0 packages for Red Hat Enterprise
Linux 4, 5 and 6. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code and perform advanced XXE
attacks.
URL:rhn.redhat.com/errata/RHSA-2014-0889.html
URL:rhn.redhat.com/errata/RHSA-2014-0890.html
URL:rhn.redhat.com/errata/RHSA-2014-0898.html
21.
Security Updates in SUSE
(openSUSE-SU-2014:0903-1, SUSE-SU-2014:0904-1,
SUSE-SU-2014:0905-1,SUSE-SU-2014:0908-1)
[17/07/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player packages for openSUSE 12.3 and 13.1, the lzo, Mozilla Firefox
and Linux kernel packages for SUSE Linux Enterprise 10 and 11. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00012.html
22.
Security Updates in Ubuntu GNU/Linux
(usn-2279-1, usn-2280-1)
[17/07/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the transmission and miniupnpc packages for versions 12.04 LTS, 13.10 and 14.04
LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2279-1/
URL:www.ubuntu.com/usn/usn-2280-1/
23.
Vulnerabilities in Oracle
Products
[16/07/2014]
Vulnerabilities were identified in the Oracle
Database, Oracle Fusion Applications and Middleware, Oracle Hyperion, Oracle
E-Business Suite, Oracle Supply Chain Product Suite, Oracle PeopleSoft
Enterprise, Oracle Siebel, Oracle Communications Applications, Oracle Retail
Industry Suite, Oracle Java SE, Oracle and Sun Systems Products Suite, Oracle
Linux and Virtualization Products and Oracle MySQL Product Suite. An attacker
could obtain sensitive information, execute arbitrary code, gain elevated
privileges and cause a denial of service condition. These vulnerabilities affect
multiple versions of the mentioned
products.
URL:www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2125_https_to
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2126_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0099_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0119_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnu_libtasn1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnutls
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_lighttpd
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
URL:www.hkcert.org/my_url/en/alert/14071601
URL:www.hkcert.org/my_url/en/alert/14071602
URL:www.hkcert.org/my_url/en/alert/14071603
URL:www.us-cert.gov/ncas/current-activity/2014/07/15/Oracle-Releases-July-2014-Security-Advisory
24.
Vulnerability in Cisco IOS XR
Software
[16/07/2014]
Vulnerability was identified in the Cisco IOS XR
Software. An attacker could cause a denial of service condition. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321
URL:xforce.iss.net/xforce/xfdb/94487
25.
Vulnerabilities in HP Products
(c04349175, c04357076, c04368523, 94490, 94492)
[16/07/2014] Vulnerabilities were identified in the HP Smart Update
Manager, HP Universal CMDB, HP Software Operation Orchestration, HP Intelligent
Management Center and HP Branch Intelligent Management System. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
obtain sensitive information and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04349175
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04357076
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04368523-1
URL:xforce.iss.net/xforce/xfdb/94490
URL:xforce.iss.net/xforce/xfdb/94492
URL:secunia.com/advisories/58912/
URL:secunia.com/advisories/59342/
URL:secunia.com/advisories/59895/
26.
Vulnerabilities in IBM Products
(S1004745, 1677298, 1677299, 1677300, 1677301, 1677304, 1677306, 1677335,
1678183)
[16/07/2014]
Vulnerabilities were identified in the IBM SAN
Volume Controller, IBM Storwize, IBM Flex System, IBM InfoSphere Master Data
Management - Collaborative Edition, IBM InfoSphere Master Data Management Server
for Product Information Management, IBM Tivoli Provisioning Manager and IBM
Rational Systems Tester. An attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, obtain sensitive information and
cause a denial of service condition. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004745
URL:www.ibm.com/support/docview.wss?uid=swg21677298
URL:www.ibm.com/support/docview.wss?uid=swg21677299
URL:www.ibm.com/support/docview.wss?uid=swg21677300
URL:www.ibm.com/support/docview.wss?uid=swg21677301
URL:www.ibm.com/support/docview.wss?uid=swg21677304
URL:www.ibm.com/support/docview.wss?uid=swg21677306
URL:www.ibm.com/support/docview.wss?uid=swg21677335
URL:www.ibm.com/support/docview.wss?uid=swg21678183
URL:secunia.com/advisories/57809/
URL:secunia.com/advisories/59662/
URL:secunia.com/advisories/59717/
URL:secunia.com/advisories/59839/
27.
Vulnerability in IPython's Notebook
server (94497)
[16/07/2014] Vulnerability was identified in the IPython's Notebook
server. An attacker could gain elevated privileges and execute arbitrary code.
This vulnerability affects version 0.12 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94497
28.
Security Updates in Red Hat Products
(RHSA-2014:0883-1, RHSA-2014:0885-1)
[16/07/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the JBoss Enterprise Application Platform 5.2.0 and 6.2.4 packages for Red Hat
Enterprise Linux 4, 5 and 6. An attacker could bypass security restrictions and
execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-0883.html
URL:rhn.redhat.com/errata/RHSA-2014-0885.html
29.
Security Updates in SUSE
(SUSE-SU-2014:0897-1, SUSE-SU-2014:0902-1)
[16/07/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player and struts packages for SUSE Linux Enterprise 11, SUSE Manager
Server and SUSE Manager 1.7. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges and execute arbitrary
code.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00008.html
30.
Security Updates in Ubuntu GNU/Linux
(usn-2277-1, usn-2278-1)
[16/07/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libav and file packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04
LTS of Ubuntu GNU/Linux. An attacker could gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2277-1/
URL:www.ubuntu.com/usn/usn-2278-1/
31.
Vulnerability in IBM Rational Application
Developer (1675938)
[15/07/2014] Vulnerability was identified in the IBM Rational Application
Developer. An attacker could bypass security restrictions, obtain sensitive
information and perform man-in-the-middle attacks. This vulnerability affects
versions 9.0.1 and earlier of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21675938
URL:secunia.com/advisories/59037/
32.
Vulnerability in Kaseya's agent driver
(VU#204988)
[15/07/2014] Vulnerability was identified in the Kaseya's agent driver. An
attacker could cause a denial of service condition. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/204988
33.
Vulnerability in OpenVPN PrivateTunnel
(94482)
[15/07/2014]
Vulnerability was identified in the OpenVPN
PrivateTunnel. An attacker could gain elevated privileges and execute arbitrary
code. This vulnerability affects version 2.3.8 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/94482
34.
Vulnerability in Cloudflare
(94479)
[15/07/2014]
Vulnerability was identified in the Cloudflare
golz4 package. An attacker could execute arbitrary code. The affected version
was not specified. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94479
35.
Security Updates in Debian
(DSA-2978-1)
[15/07/2014] Debian has
released security update packages for fixing the vulnerability identified in the
libxml2 package for multiple versions of Debian GNU/Linux. An attacker could
cause a denial of service
condition.
URL:www.debian.org/security/2014/dsa-2978
36.
Security Updates in Red Hat Products
(RHSA-2014:0876-1, RHSA-2014:0877-1)
[15/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the ruby193-rubygem-activerecord and ror40-rubygem-activerecord packages for
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6. Due to multiple
errors, an attacker could perform code injection
attacks.
URL:rhn.redhat.com/errata/RHSA-2014-0876.html
URL:rhn.redhat.com/errata/RHSA-2014-0877.html
37.
Vulnerabilities in IBM Products (1674539,
1675881, 1677527, 1677695, 1677913, 1678231)
[14/07/2014] Vulnerabilities were identified in the IBM WebSphere Business
Events, IBM WebSphere ILOG JRules, IBM WebSphere Operational Decision
Management, IBM Operational Decision Manager, IBM Algo Credit Limit, IBM
InfoSphere Guardium, IBM Initiate Master Data Service, IBM InfoSphere Master
Data Management, IBM WebSphere Appliance Management Center and IBM Rational
Lifecycle Integration Adapters. An attacker could obtain sensitive information,
bypass security restrictions, conduct cross-site request forgery and cross-site
scripting attacks, cause a denial of service condition and compromise a
vulnerable system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21674539
URL:www-01.ibm.com/support/docview.wss?uid=swg21675881
URL:www-01.ibm.com/support/docview.wss?uid=swg21677527
URL:www-01.ibm.com/support/docview.wss?uid=swg21677695
URL:www-01.ibm.com/support/docview.wss?uid=swg21677913
URL:www-01.ibm.com/support/docview.wss?uid=swg21678231
URL:secunia.com/advisories/59023/
URL:secunia.com/advisories/59296/
URL:secunia.com/advisories/59413/
URL:secunia.com/advisories/59669/
URL:secunia.com/advisories/59872/
URL:secunia.com/advisories/59873/
38.
Vulnerability in Cisco Adaptive Security
Appliance
[14/07/2014]
Vulnerability was identified in the Cisco
Adaptive Security Appliance. An attacker could cause a denial of service
condition. This vulnerability affects multiple versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6691
39.
Vulnerabilities in Apache Traffic
Server
[14/07/2014]
Vulnerabilities were identified in the Apache
Traffic Server. An attacker could perform symlink attacks and manipulate
arbitrary files. These vulnerabilities affect version 4.2.2 and possibly other
versions of the mentioned
product.
URL:secunia.com/advisories/58998/
40. Vulnerabilities in Datum Systems satellite modem
devices (VU#917348)
[14/07/2014] Vulnerabilities were identified in the Datum Systems
satellite modem devices. An attacker could gain full control of the devices and
obtain sensitive information. These vulnerabilities affect PSM-4500 and PSM-500
series of the mentioned
products.
URL:www.kb.cert.org/vuls/id/917348
41.
Security Updates in Oracle Products
(ELSA-2014-0865)
[14/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the tomcat6 package for Oracle Linux. Due to multiple errors, an attacker could
bypass security restrictions and obtain sensitive
information.
URL:linux.oracle.com/errata/ELSA-2014-0865.html
URL:secunia.com/advisories/59849/
42.
Security Updates in Debian (DSA-2976-1,
DSA-2977-1)
[14/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the eglibc and libav packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions and execute
arbitrary
code.
URL:www.debian.org/security/2014/dsa-2976
URL:www.debian.org/security/2014/dsa-2977
43.
Security Updates in Mandriva
(MDVSA-2014:136, MDVSA-2014:137, MDVSA-2014:138)
[14/07/2014] Mandriva has released security update packages for fixing the
vulnerabilities identified in the samba, apache-mod_wsgi and asterisk packages
for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, execute arbitrary code and cause a denial of
service
condition.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:136/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:137/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:138/
44.
Security Updates in Slackware
(SSA:2014-192-01)
[14/07/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the php packages for multiple versions of Slackware Linux. The security
impacts caused by the vulnerabilities were not
specified.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.413705
No comments:
Post a Comment