1. Vulnerability
in Microsoft Windows (2982792)
[11/07/2014] Vulnerability was identified in the digital certificates in
Microsoft Windows. An attacker could perform spoofing, phishing and
man-in-the-middle attacks. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:technet.microsoft.com/en-us/library/security/2982792.aspx
URL:www.hkcert.org/my_url/en/alert/14071102
URL:www.us-cert.gov/ncas/current-activity/2014/07/10/Microsoft-Releases-Security-Advisory-Improperly-Issued-Digital
2. Information Updates on Microsoft Security Bulletins
(MS14-030, MS14-033)
[11/07/2014] Microsoft
has updated information on the Security Bulletins for Microsoft Windows. (a)
MS14-030 was revised to remove the prerequisite requirements for the 2965788
update on Window 7 systems. (b) MS14-033 was revised to remove the prerequisite
requirement for the MSXML 6.0 update on Windows Server 2003
systems.
URL:technet.microsoft.com/library/security/ms14-030
URL:technet.microsoft.com/library/security/ms14-033
3. Vulnerabilities in Cisco
Products
[11/07/2014]
Vulnerabilities were identified in the Cisco
Adaptive Security Appliance Software and Cisco Unified Communications Manager.
An attacker could bypass security restriction, obtain sensitive information,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5567
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319
4. Vulnerabilities in IBM Products (1667176, 1675006,
1677222)
[11/07/2014]
Vulnerabilities were identified in the IBM-AIX,
IBM InfoSphere Balanced Warehouse, IBM Smart Analytics System and IBM Algo Audit
and Compliance. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, perform
cross-site scripting attacks and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc
URL:www.ibm.com/support/docview.wss?uid=swg21667176
URL:www.ibm.com/support/docview.wss?uid=swg21675006
URL:www.ibm.com/support/docview.wss?uid=swg21677222
URL:secunia.com/advisories/59060/
URL:secunia.com/advisories/59344/
URL:secunia.com/advisories/59470/
5. Vulnerability in Raritian PX power distribution
software (VU#712660)
[11/07/2014] Vulnerability was identified in the Raritian PX power
distribution software running on a model DPXR20A-16 device. An attacker could
bypass security restrictions and execute arbitrary code. This vulnerability
affects firmware versions prior to 1.5.11 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/712660
6. Security Updates in Oracle Linux (ELSA-2014-0861,
ELSA-2014-0866)
[11/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the lzo, samba and samba3x packages for Oracle Linux 5 and 6. Due to multiple
errors, an attacker could bypass security restrictions and cause a denial of
service
condition.
URL:linux.oracle.com/errata/ELSA-2014-0861.html
URL:linux.oracle.com/errata/ELSA-2014-0866.html
URL:secunia.com/advisories/59850/
URL:secunia.com/advisories/59848/
7. Security Updates in Mandriva (MDVSA-2014:133,
MDVSA-2014:134, MDVSA-2014:135)
[11/07/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the gd, libgd, liblzo, python and python-simplejson packages for version MBS1
of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:133/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:134/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:135/
8. Vulnerability in Apache
Syncope
[10/07/2014]
Vulnerability was identified in the Apache
Syncope. An attacker could obtain sensitive information. This vulnerability
affects versions 1.0.0, 1.0.8, 1.1.0 and 1.1.6 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:svn.apache.org/viewvc?view=revision&revision=1596537
URL:xforce.iss.net/xforce/xfdb/94330
9. Vulnerabilities in Cisco Products
(cisco-sa-20140709-struts2)
[10/07/2014] Vulnerabilities were identified in the Cisco Business Edition
3000 Series, Cisco Identity Services Engine, Cisco Media Experience Engine 3500
Series, Cisco Unified Contact Center Enterprise, Cisco WebEx Meetings Server,
Cisco WebEx Meeting Center and Cisco Unified Communications Manager. An attacker
could bypass security restriction, obtain sensitive information, execute
arbitrary code, perform cross-site scripting and code injection attacks, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318
URL:www.us-cert.gov/ncas/current-activity/2014/07/09/CISCO-Addresses-Apache-Struts-2-Vulnerability
10.
Vulnerabilities in IBM Products (1673137,
1678113, 1678289, MIGR-5095892)
[10/07/2014] Vulnerabilities were identified in the IBM SmartCloud
Provisioning for IBM Provided Software Virtual Appliance, IBM SOAP Gateway
component of the IMS Enterprise Suite, IBM Tivoli Workload Scheduler and IBM
Flex System Manager. An attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition, execute arbitrary
code and perform cross-site scripting attacks. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21673137
URL:www.ibm.com/support/docview.wss?uid=swg21678113
URL:www.ibm.com/support/docview.wss?uid=swg21678289
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892
URL:secunia.com/advisories/59655/
URL:secunia.com/advisories/59659/
URL:secunia.com/advisories/59675/
URL:secunia.com/advisories/59726/
URL:secunia.com/advisories/59733/
11.
Vulnerability in Liferay Portal
(VU#100972)
[10/07/2014] Vulnerability was identified in the Liferay Portal. An
attacker could perform cross-site scripting attacks, obtain sensitive
information, gain elevated privileges and cause a denial of service condition.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/100972
12.
Vulnerabilities in
Samba
[10/07/2014]
Vulnerabilities were identified in the Samba and
Samba3x. An attacker could cause a denial of service condition and crash the
application. These vulnerabilities affect versions 3.6.0 to 4.1.8 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.samba.org/samba/security/CVE-2014-0178
URL:www.samba.org/samba/security/CVE-2014-0244
URL:www.samba.org/samba/security/CVE-2014-3493
URL:www.hkcert.org/my_url/en/alert/14071002
13.
Security Updates in Debian
(DSA-2975-1)
[10/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the phpmyadmin package for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code and perform code injection
attacks.
URL:www.debian.org/security/2014/dsa-2975
14.
Security Updates in FreeBSD
(FreeBSD-SA-14:17.kmem.asc)
[10/07/2014] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the kern and sctp packages for multiple versions of FreeBSD. Due to multiple
errors, an attacker could obtain sensitive information and gain elevated
privileges.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc
15.
Security Updates in Gentoo Linux (GLSA
201407-02)
[10/07/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the adobe-flash for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code and cause a
denial of service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201407-02.xml
16.
Security Updates in Mandriva
(MDVSA-2014:126, MDVSA-2014:127, MDVSA-2014:128, MDVSA-2014:129, MDVSA-2014:130,
MDVSA-2014:131, MDVSA-2014:132)
[10/07/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the phpmyadmin, gnupg, iodine, ffmpeg, php, file and libxfont packages for
version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, perform cross-site scripting attacks, cause a denial of service condition
and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:126/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:127/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:128/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:129/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:130/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:131/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:132/
17.
Security Updates in Red Hat Products
(RHSA-2014:0858-1, RHSA-2014:0859-1, RHSA-2014:0860-1, RHSA-2014:0861-2,
RHSA-2014:0865-1, RHSA-2014:0866-1, RHSA-2014:0867-1)
[10/07/2014] Red
Hat has released security update packages for fixing the vulnerabilities
identified in the cumin package for Red Hat Enterprise MRG 2.5, Adobe Flash
Player, lzo, tomcat6, samba3x and samba packages for Red Hat Enterprise Linux 5,
6 and 7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
perform cross-site scripting and cross-site request forgery attacks, cause a
denial of service condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2014-0858.html
URL:rhn.redhat.com/errata/RHSA-2014-0859.html
URL:rhn.redhat.com/errata/RHSA-2014-0860.html
URL:rhn.redhat.com/errata/RHSA-2014-0861.html
URL:rhn.redhat.com/errata/RHSA-2014-0865.html
URL:rhn.redhat.com/errata/RHSA-2014-0866.html
URL:rhn.redhat.com/errata/RHSA-2014-0867.html
URL:www.hkcert.org/my_url/en/alert/14071001
18.
Security Updates in Ubuntu GNU/Linux
(usn-2276-1)
[10/07/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the php5 package for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of
Ubuntu GNU/Linux. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2276-1/
19. Vulnerabilities in Microsoft Products (2975687,
2975689, 2975685, 2975684, 2975681, 2972621)
[09/07/2014] Vulnerabilities were identified in the Microsoft Internet
Explorer, Microsoft Windows and Microsoft Service Bus for Windows Server. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/library/security/ms14-jul
URL:technet.microsoft.com/library/security/ms14-037
URL:technet.microsoft.com/library/security/ms14-038
URL:technet.microsoft.com/library/security/ms14-039
URL:technet.microsoft.com/library/security/ms14-040
URL:technet.microsoft.com/library/security/ms14-041
URL:technet.microsoft.com/library/security/ms14-042
URL:www.hkcert.org/my_url/en/alert/14070901
URL:www.hkcert.org/my_url/en/alert/14070902
URL:www.hkcert.org/my_url/en/alert/14070903
URL:www.hkcert.org/my_url/en/alert/14070904
URL:www.hkcert.org/my_url/en/alert/14070905
URL:www.hkcert.org/my_url/en/alert/14070906
URL:www.us-cert.gov/ncas/current-activity/2014/07/08/Microsoft-Releases-July-2014-Security-Bulletin
URL:secunia.com/advisories/59775/
URL:secunia.com/advisories/59776/
URL:secunia.com/advisories/59778/
URL:secunia.com/advisories/59780/
20.
Information Updates on Microsoft Security
Advisories (2755801, 2871997, 2960358)
[09/07/2014] Microsoft
has updated information on the Security Advisories for Microsoft Internet
Explorer, Microsoft Windows and Microsoft .NET Framework. (a) KB2755801 was
added the 2974008 update to the Current Update section. (b) KB2871997 was
rereleased advisory to announce the release of updates 2973351 and 2919355 to
provide further control over the Restricted Admin settings. (c) KB2960358 was
revised to announce a Microsoft Update Catalog detection change for the updates
requiring installation of the 2868725 prerequisite
update.
URL:technet.microsoft.com/en-us/library/security/2755801
URL:technet.microsoft.com/en-us/library/security/2871997
URL:technet.microsoft.com/en-us/library/security/2960358
URL:secunia.com/advisories/59781/
21.
Vulnerabilities in Adobe Products
(APSB14-17)
[09/07/2014] Vulnerabilities were identified in the Adobe Flash Player and
Adobe AIR. An attacker could bypass security restriction and compromise a
vulnerable system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb14-17.html
URL:www.hkcert.org/my_url/en/alert/14070907
URL:www.us-cert.gov/ncas/current-activity/2014/07/08/Adobe-Releases-Security-Updates-Flash-Player-and-Air
URL:secunia.com/advisories/59774/
22.
Vulnerabilities in Cisco
Products
[09/07/2014]
Vulnerabilities were identified in the Cisco IOS
Software, Cisco IOS XE Software, Cisco Small Business SPA300 and SPA500 Series
IP Phones. An attacker could bypass security restriction, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the application. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313
23.
Vulnerabilities in IBM Products (1667883,
1669519, 1675432, 1675886, 1675945, 1676303, 1676315, 1676978, 1677388, 1677445,
1677828)
[09/07/2014]
Vulnerabilities were identified in the IBM
Rational Test Virtualization Server, IBM Rational Test Workbench, IBM Content
Collector, IBM Lotus Mashups, IBM Rational SAP Connector, IBM FileNet System
Monitor, IBM Enterprise Content Management System Monitor, IBM WebSphere Cast
Iron, IBM InfoSphere BigInsights and IBM SmartCloud Provisioning . An attacker
could bypass security restrictions, obtain sensitive information, cause a denial
of service condition, execute arbitrary code and perform cross-site scripting
attacks. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21667883
URL:www.ibm.com/support/docview.wss?uid=swg21669519
URL:www.ibm.com/support/docview.wss?uid=swg21675432
URL:www.ibm.com/support/docview.wss?uid=swg21675886
URL:www.ibm.com/support/docview.wss?uid=swg21675945
URL:www.ibm.com/support/docview.wss?uid=swg21676303
URL:www.ibm.com/support/docview.wss?uid=swg21676315
URL:www.ibm.com/support/docview.wss?uid=swg21676978
URL:www.ibm.com/support/docview.wss?uid=swg21677388
URL:www.ibm.com/support/docview.wss?uid=swg21677445
URL:www.ibm.com/support/docview.wss?uid=swg21677828
URL:secunia.com/advisories/59235/
URL:secunia.com/advisories/59283/
URL:secunia.com/advisories/59339/
URL:secunia.com/advisories/59516/
URL:secunia.com/advisories/59676/
URL:secunia.com/advisories/59704/
URL:secunia.com/advisories/59705/
URL:secunia.com/advisories/59721/
URL:secunia.com/advisories/59722/
URL:secunia.com/advisories/59724/
URL:secunia.com/advisories/59725/
24. Vulnerability
in Pnp4nagios (94240)
[09/07/2014] Vulnerability was identified in the Pnp4nagios. An attacker
could bypass security restrictions and perform cross-site scripting attacks. The
affected version was not specified. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94240
25.
Vulnerabilities in
WordPress
[09/07/2014]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, execute arbitrary
code and compromise the application. These vulnerabilities affect versions prior
to 3.8.2 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:wordpress.org/news/2014/04/wordpress-3-8-2/
URL:www.us-cert.gov/ncas/current-activity/2014/07/08/WordPress-Releases-Security-Update
26.
Security Updates in Debian (DSA-2973-1,
DSA-2974-1)
[09/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the vlc and php5 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
application.
URL:www.debian.org/security/2014/dsa-2973
URL:www.debian.org/security/2014/dsa-2974
27.
Security Updates in SUSE
(openSUSE-SU-2014:0878-1)
[09/07/2014] SUSE has
released security update packages for fixing the vulnerability identified in the
kernel package for openSUSE 11.4. An attacker could bypass security
restrictions, gain elevated privileges, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html
28.
Security Updates in Ubuntu GNU/Linux
(usn-2275-1)
[09/07/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the dbus package for versions 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2275-1/
29. Vulnerabilities in HP Products
(c04347622)
[08/07/2014] Vulnerabilities were identified in the HP Intelligent
Management Center (iMC) and HP Network Products. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code and
cause a denial of service condition. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04347622
URL:secunia.com/advisories/59529/
30.
Vulnerabilities in IBM Products
(S1004740, S1004741, S1004743, S1004744, 1676190, 1676656, 1677110, 1677294,
1677724, 1678167, MIGR-5095861)
[08/07/2014] Vulnerabilities were identified in the IBM FlashSystem 840,
IBM Content Collector for SAP Applications, IBM Domino, IBM Tivoli Provisioning
Manager for Software, IBM WebSphere Transformation Extender, IBM Content Manager
Services for Lotus Quickr, IBM SDK for Node.js, IBM Flex System Chassis
Management Module and IBM Flex System Enterprise Chassis. An attacker could
bypass security restrictions, obtain sensitive information, cause a denial of
service condition, execute arbitrary code and perform cross-site scripting
attacks. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004740
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004741
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004743
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004744
URL:www.ibm.com/support/docview.wss?uid=swg21676190
URL:www.ibm.com/support/docview.wss?uid=swg21676656
URL:www.ibm.com/support/docview.wss?uid=swg21677110
URL:www.ibm.com/support/docview.wss?uid=swg21677294
URL:www.ibm.com/support/docview.wss?uid=swg21677724
URL:www.ibm.com/support/docview.wss?uid=swg21678167
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861
URL:secunia.com/advisories/59041/
URL:secunia.com/advisories/59288/
URL:secunia.com/advisories/59307/
URL:secunia.com/advisories/59324/
URL:secunia.com/advisories/59399/
URL:secunia.com/advisories/59666/
URL:secunia.com/advisories/59702/
URL:secunia.com/advisories/59718/
31.
Vulnerabilities in Novell Products
(7010166, 7015309)
[08/07/2014] Vulnerabilities were identified in the Novell iManager and
Novell NetIQ Security Manager. An attacker could bypass security restrictions,
execute arbitrary code and compromise an application. These vulnerabilities
affect versions prior to 2.7 SP7 Patch 1 Hotfix 1 of Novell iManager, and
versions prior to 6.5.4 Hotfix 20140606 of Novell NetIQ Security Manager.
Security patches are available to resolve these
vulnerabilities.
URL:www.novell.com/support/kb/doc.php?id=7010166
URL:www.novell.com/support/kb/doc.php?id=7015309
URL:www.hkcert.org/my_url/en/alert/14070802
URL:secunia.com/advisories/59616/
URL:secunia.com/advisories/59618/
32.
Vulnerability in AVG Safeguard and Secure
Search
[08/07/2014]
Vulnerability was identified in the AVG
Safeguard and Secure Search. An attacker could bypass security restrictions and
execute arbitrary code. This vulnerability affects versions prior to 18.1.7.598
of AVG Secure Search, and versions prior to 18.1.7.644 of AVG Safeguard.
Security patches are available to resolve this
vulnerability.
URL:www.hkcert.org/my_url/en/alert/14070803
URL:www.kb.cert.org/vuls/id/960193
33.
Vulnerabilities in Huawei Products
(Huawei-SA-20140707-01-Struts2)
[08/07/2014] Vulnerabilities were identified in the Huawei AnyOffice and
Huawei eSpace Meeting Portal. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code and cause a denial of
service condition. These vulnerabilities affect version V200R002C10SPC500 of
Huawei AnyOffice, and version V100R001C00 of Huawei eSpace Meeting Portal.
Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
34.
Security Updates in Gentoo Linux (GLSA
201407-01)
[08/07/2014]
Gentoo has released security update packages for
fixing the vulnerability identified in the openttd package for multiple versions
of Gentoo Linux. An attacker could cause a denial of service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201407-01.xml
35.
Security Updates in Red Hat Products
(RHSA-2014:0842-1, RHSA-2014:0843-1)
[08/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Red Hat JBoss Enterprise Application Platform 6.2.4 packages for Red Hat
Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code and
cause a denial of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-0842.html
URL:rhn.redhat.com/errata/RHSA-2014-0843.html
URL:www.hkcert.org/my_url/en/alert/14070801
36.
Security Updates in SUSE
(SUSE-SU-2014:0873-2)
[08/07/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the PHP5 packages for SUSE Linux Enterprise 11. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code and
cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00005.html
37.
Vulnerabilities in IBM Products (1664098,
21677588, 1677836, 1677967)
[07/07/2014] Vulnerabilities were identified in the IBM Tivoli Storage
Productivity Center, IBM Sterling Connect:Express for UNIX and IBM Tivoli
Netcool Configuration Manager. An attacker could bypass security restrictions,
obtain sensitive information, cause a denial of service condition and execute
arbitrary code. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21664098
URL:www.ibm.com/support/docview.wss?uid=swg21677588
URL:www.ibm.com/support/docview.wss?uid=swg21677836
URL:www.ibm.com/support/docview.wss?uid=swg21677967
URL:secunia.com/advisories/59277/
URL:secunia.com/advisories/59326/
URL:secunia.com/advisories/59515/
URL:secunia.com/advisories/59525/
38.
Vulnerabilities in Novell Open Enterprise
Server (7015302, 7015303)
[07/07/2014] Vulnerabilities were identified in the Novell Open Enterprise
Server. An attacker could bypass security restrictions, cause a denial of
service condition and compromise an application. These vulnerabilities affect
versions 2 (OES 2) SP3 and 11 (OES 11) SP1 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.novell.com/support/kb/doc.php?id=7015302
URL:www.novell.com/support/kb/doc.php?id=7015303
URL:secunia.com/advisories/59408/
39.
Vulnerability in Hitachi Products
(HS14-015, HS14-016, HS14-017)
[07/07/2014] Vulnerability was identified in the Hitachi IT Operations
Analyzer, Hitachi IT Operations Director, Hitachi JP1/IT Desktop Management -
Manager and Hitachi Job Management Partner 1/IT Desktop Management - Manager. An
attacker could bypass security restrictions and cause a denial of service
condition. This vulnerability affects multiple versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
URL:www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
URL:www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
URL:secunia.com/advisories/59183/
URL:secunia.com/advisories/59185/
URL:secunia.com/advisories/59187/
40.
Vulnerabilities in plugins for
WordPress
[07/07/2014]
Vulnerabilities were identified in the MailPoet
Newsletters plugin and TimThumb plugin for WordPress. An attacker could bypass
security restrictions, execute arbitrary code and compromise a vulnerable
system. These vulnerabilities affect multiple versions of the mentioned plugins.
Security patches are available to resolve these
vulnerabilities.
URL:wordpress.org/plugins/wysija-newsletters/changelog/
URL:secunia.com/advisories/59455/
URL:secunia.com/advisories/59558
41.
Security Updates in Debian
(DSA-2972-1)
[07/07/2014] Debian has
released security update packages for fixing the vulnerability identified in the
linux package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, gain elevated privileges, cause a denial of
service condition and crash the
application.
URL:www.debian.org/security/2014/dsa-2972
42.
Security Updates in SUSE
(SUSE-SU-2014:0870-1, SUSE-SU-2014:0873-1)
[07/07/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xalan-j2 and PHP5 packages for SUSE Linux Enterprise 10 and 11. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00004.html
43.
Security Updates in Ubuntu GNU/Linux
(usn-2266-1, usn-2267-1, usn-2268-1, usn-2269-1, usn-2270-1, usn-2271-1,
usn-2272-1, usn-2273-1, usn-2274-1)
[07/07/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
linux, linux-ec2, linux-lts-quantal, linux-lts-raring, linux-lts-saucy and
linux-lts-trusty packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS
of Ubuntu GNU/Linux. An attacker could bypass security restrictions, gain
elevated privileges, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2266-1/
URL:www.ubuntu.com/usn/usn-2267-1/
URL:www.ubuntu.com/usn/usn-2268-1/
URL:www.ubuntu.com/usn/usn-2269-1/
URL:www.ubuntu.com/usn/usn-2270-1/
URL:www.ubuntu.com/usn/usn-2271-1/
URL:www.ubuntu.com/usn/usn-2272-1/
URL:www.ubuntu.com/usn/usn-2273-1/
URL:www.ubuntu.com/usn/usn-2274-1/
No comments:
Post a Comment