1. Vulnerabilities in IBM Multi-Enterprise Integration Gateway
(1681379)
[22/08/2014]
Vulnerabilities were identified in the IBM
Multi-Enterprise Integration Gateway. An attacker could obtain sensitive
information. These vulnerabilities affect versions 1.0 and 1.0.0.1 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21681379
2. Vulnerability in Symantec products
(SYM14-014)
[22/08/2014] Vulnerability was identified in the Symantec PGP Desktop and
Symantec Encryption Desktop. An attacker could cause a denial of service
condition. This vulnerability affects versions prior to 10.3.2 Maintenance Pack
3 of the mentioned products. Security patches are available to resolve this
vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140821_00
URL:xforce.iss.net/xforce/xfdb/95406
3. Vulnerability in PHP
(95405)
[22/08/2014]
Vulnerability was identified in the PHP. An
attacker could cause a buffer overflow, execute arbitrary code and crash the
system. This vulnerability affects versions 5.3 and 5.4.0 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95405
4. Vulnerability in Lua
(95390)
[22/08/2014]
Vulnerability was identified in the Lua. An
attacker could cause a buffer overflow, execute arbitrary code and crash the
system. This vulnerability affects versions prior to 5.2.2 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95390
5. Vulnerability in SaltStack
(95392)
[22/08/2014]
Vulnerability was identified in the SaltStack.
An attacker could gain elevated privileges and launch a symlink attack. This
vulnerability affects versions prior to 2014.1.10 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95392
6. Security Updates in openSUSE (openSUSE-SU-2014:1045-1,
openSUSE-SU-2014:1047-1)
[22/08/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the apache2 and apache2-mod_security2 packages for openSUSE 12.3 and 13.1. Due
to multiple errors, an attacker could cause a denial of service condition and
bypass security
restrictions.
URL:lists.opensuse.org/opensuse-updates/2014-08/msg00032.html
URL:lists.opensuse.org/opensuse-updates/2014-08/msg00034.html
7. Security Updates in Debian (DSA-2940-1,
DSA-3008-1)
[22/08/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the libstruts1.2-java and php5 packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-2940
URL:www.debian.org/security/2014/dsa-3008
8. Security Updates in Red Hat Products
(RHSA-2014:1084-1, RHSA-2014:1087-1,
RHSA-2014:1088-1)
[22/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openstack-nova package for Red Hat Enterprise Linux OpenStack Platform
4.0, and the Red Hat JBoss Web Server 2.1.0 for Red Hat Enterprise Linux 5 and
6. Due to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, cause a buffer overflow, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1084.html
URL:rhn.redhat.com/errata/RHSA-2014-1087.html
URL:rhn.redhat.com/errata/RHSA-2014-1088.html
9. Security Updates in Ubuntu GNU/Linux (USN-2311-2,
USN-2321-1, USN-2322-1, USN-2323-1, USN-2324-1,
USN-2325-1)
[22/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
ceilometer, neutron, glance, horizon, keystone and nova packages for version
14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could obtain
sensitive information, cause a denial of service condition, crash the system,
conduct cross-site scripting attacks and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2311-2/
URL:www.ubuntu.com/usn/usn-2321-1/
URL:www.ubuntu.com/usn/usn-2322-1/
URL:www.ubuntu.com/usn/usn-2323-1/
URL:www.ubuntu.com/usn/usn-2324-1/
URL:www.ubuntu.com/usn/usn-2325-1/
10.
Information Updates on Microsoft Security
Bulletin (MS14-049)
[21/08/2014] Microsoft
has updated information on the Security Bulletin for Microsoft Windows. MS14-049
was revised to add prerequisite information for customers running Windows Server
2003 who install updates
manually.
URL:technet.microsoft.com/library/security/ms14-049
11.
Vulnerability in Apache Axis and Axis2
(AXIS-2905)
[21/08/2014] Vulnerability was identified in the Apache Axis and Axis2. An
attacker could bypass security restrictions, execute arbitrary code and perform
spoofing attacks. This vulnerability affects version 1.4 of Apache Axis, and
version 1.6.2 of Apache Axis2. Security patches are available to resolve this
vulnerability.
URL:issues.apache.org/jira/browse/AXIS-2905
URL:xforce.iss.net/xforce/xfdb/95377
12.
Vulnerabilities in IBM Products (1680826,
1681649, 1681651, 1680403)
[21/08/2014] Vulnerabilities were identified in the IBM Network Intrusion
Prevention System, IBM InfoSphere Master Data Management - Collaborative Edition
and IBM InfoSphere Master Data Management Server for Product Information
Management. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise a vulnerable system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21680826
URL:www.ibm.com/support/docview.wss?uid=swg21681649
URL:www.ibm.com/support/docview.wss?uid=swg21681651
URL:www.ibm.com/support/docview.wss?uid=swg21680403
13.
Vulnerabilities in EMC RSA Archer GRC
(95360, 95361)
[21/08/2014] Vulnerabilities were identified in the EMC RSA Archer GRC. An
attacker could bypass security restrictions, execute arbitrary code, perform
code injection and cross-site scripting attacks. These vulnerabilities affect
versions prior to 5.5 SP1 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95360
URL:xforce.iss.net/xforce/xfdb/95361
14.
Vulnerability in Huawei Campus Switches
(Huawei-SA-20140820-01-Campus Switch)
[21/08/2014] Vulnerability was identified in the Huawei Campus Switches
S9300/S9300E/S7700/S9700. An attacker could obtain sensitive information. This
vulnerability affects multiple firmware versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-362701.htm
URL:xforce.iss.net/xforce/xfdb/95379
15.
Vulnerability in C++ Builder and
Embarcadero Delphi (CORE-2014-0004)
[21/08/2014] Vulnerability was identified in the C++ Builder and
Embarcadero Delphi. An attacker could execute arbitrary code, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow
URL:xforce.iss.net/xforce/xfdb/95380
16.
Vulnerability in Panda Security Products
(95382)
[21/08/2014]
Vulnerability was identified in the Panda
Antivirus, Panda Global Protection and Panda Internet Security. An attacker
could execute arbitrary code, gain elevated privileges, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95382
17.
Vulnerability in ESET Personal Firewall
(95381)
[21/08/2014]
Vulnerability was identified in the ESET
Endpoint Security, ESET Firewall Module and ESET Smart Security. An attacker
could execute arbitrary code, gain elevated privileges, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95381
18.
Vulnerabilities in Mathias Kettner
check_mk (95383, 95384, 95385)
[21/08/2014] Vulnerabilities were identified in the Mathias Kettner
check_mk. An attacker could execute arbitrary code and perform cross-site
scripting attacks. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95383
URL:xforce.iss.net/xforce/xfdb/95384
URL:xforce.iss.net/xforce/xfdb/95385
19.
Security Updates in Debian
(DSA-3007-1)
[21/08/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the cacti package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
perform cross-site scripting and code injection
attacks.
URL:www.debian.org/security/2014/dsa-3007
20.
Security Updates in Red Hat Products
(RHSA-2014:1078-1, RHSA-2014:1082-1,
RHSA-2014:1083-1)
[21/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openstack-neutron package for Red Hat Enterprise Linux OpenStack Platform
4.0, the thermostat1-httpcomponents-client package for Red Hat Software
Collections 1, and the kernel-rt package for Red Hat Enterprise MRG v2. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information, execute arbitrary code, cause a denial
of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1078.html
URL:rhn.redhat.com/errata/RHSA-2014-1082.html
URL:rhn.redhat.com/errata/RHSA-2014-1083.html
21.
Security Updates in Ubuntu GNU/Linux
(USN-2319-1, USN-2320-1)
[21/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openjdk-7 and oxide-qt packages for version 14.04 LTS of Ubuntu GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2319-1/
URL:www.ubuntu.com/usn/usn-2320-1/
22.
Vulnerability in Apache
OFBiz
[20/08/2014]
Vulnerability was identified in the Apache Open
For Business Project (OFBiz). An attacker could bypass security restrictions,
execute arbitrary code and perform cross-site scripting attacks. This
vulnerability affects versions prior to 11.04.05 or 12.04.04 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:ofbiz.apache.org/
URL:xforce.iss.net/xforce/xfdb/95356
23.
Vulnerabilities in Cisco
Products
[20/08/2014]
Vulnerabilities were identified in the Cisco ASR
5000 Series Software and Cisco WebEx MeetMeNow. An attacker could bypass
security restrictions, obtain sensitive information and cause a denial of
service condition. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3331
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3340
URL:xforce.iss.net/xforce/xfdb/95357
URL:xforce.iss.net/xforce/xfdb/95358
24.
Vulnerabilities in IBM Products (1677691,
1680603, 1681528)
[20/08/2014] Vulnerabilities were identified in the IBM Enterprise
Records, IBM Rational Build Forge and IBM UrbanCode. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code and
cause a denial of service condition. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21677691
URL:www.ibm.com/support/docview.wss?uid=swg21680603
URL:www.ibm.com/support/docview.wss?uid=swg21681528
25.
Vulnerability in Ruby on
Rails
[20/08/2014]
Vulnerability was identified in the Ruby on
Rails. An attacker could bypass security restrictions and execute arbitrary
code. This vulnerability affects multiple versions of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:weblog.rubyonrails.org/2014/8/18/Rails_4_0_9_and_4_1_5_have_been_released/
URL:xforce.iss.net/xforce/xfdb/95333
26.
Vulnerability in OpenStack Glance
(95359)
[20/08/2014]
Vulnerability was identified in the OpenStack
Glance. An attacker could cause a denial of service condition. This
vulnerability affects versions 2013.2 and 2013.2.3 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95359
27.
Security Updates in Oracle
Solaris
[20/08/2014]
Oracle has released security update packages for
fixing the vulnerabilities identified in the International Components for
Unicode (ICU), Libxml2, OpenStack Identity (Keystone), Wireshark, OpenStack
Horizon and Samba packages for Oracle Solaris 10, 11.1 and 11.2. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, perform
cross-site scripting attacks, cause a denial of service condition and crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_0900_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0191_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3520_privilege_escalation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_4020_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_xss1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
28.
Security Updates in Red Hat Products
(RHSA-2014:1075-1, RHSA-2014:1076-1)
[20/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm package for Red Hat Enterprise Linux 6 and the qemu-kvm-rhev
package for Red Hat Enterprise Virtualization 3. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-1075.html
URL:rhn.redhat.com/errata/RHSA-2014-1076.html
29.
Vulnerabilities in Apache HttpComponents
(95327, 95328)
[19/08/2014] Vulnerabilities were identified in the Apache HttpComponents.
An attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. These vulnerabilities affect versions prior to 4.3.5 of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95327
URL:xforce.iss.net/xforce/xfdb/95328
30.
Vulnerability in Cisco NX-OS
Software
[19/08/2014]
Vulnerability was identified in the Cisco NX-OS
Software. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects multiple versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341
URL:xforce.iss.net/xforce/xfdb/95329
31.
Vulnerability in HP Operations Agent
(c04394554)
[19/08/2014] Vulnerability was identified in the HP Operations Agent. An
attacker could bypass security restrictions and gain elevated privileges. This
vulnerability affects versions prior to v11.00 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394554
32.
Vulnerabilities in IBM Products (1670854,
1681047)
[19/08/2014]
Vulnerabilities were identified in the IBM
Monitoring Agent for UNIX OS, IBM Universal Agent and IBM WebSphere Cast Iron.
An attacker could bypass security restrictions, gain elevated privileges and
obtain sensitive information. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21670854
URL:www.ibm.com/support/docview.wss?uid=swg21681047
33.
Vulnerability in VMTurbo Operations
Manager (95319)
[19/08/2014] Vulnerability was identified in the VMTurbo Operations
Manager. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects versions 4.5
and 4.6 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95319
34.
Vulnerability in Drupal Notify Module
(DRUPAL-SA-CONTRIB-2014-078)
[19/08/2014] Vulnerability was identified in the Drupal Notify Module. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects versions prior to 7.x-1.1 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:www.drupal.org/node/2320741
URL:www.hkcert.org/my_url/en/alert/14081901
35.
Vulnerability in Web Encryption Extension
(WEE-2014-7)
[19/08/2014] Vulnerability was identified in the Web Encryption Extension.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and compromise a vulnerable system. This vulnerability
affects versions prior to 3.0 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:senderek.ie/archive/2014/WEE-security-advisory-2014-7.php
36.
Vulnerability in Disqus comment system
plugin for WordPress (95316)
[19/08/2014] Vulnerability was identified in the Disqus comment system
plugin for WordPress. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform cross-site scripting
attacks and cause a denial of service condition. This vulnerability affects
versions prior to 2.7.6 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95316
37.
Vulnerability in FreeNAS
(95326)
[19/08/2014]
Vulnerability was identified in the FreeNAS. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. This vulnerability affects versions 9.2.1.7 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95326
38.
Security Updates in Debian
(DSA-3006-1)
[19/08/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the xen package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, obtain sensitive information, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3006
39.
Security Updates in Red Hat Products
(RHSA-2014:1073-1)
[19/08/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the nss, nss-util and nss-softokn packages for Red Hat Enterprise Linux 7. An
attacker could bypass security
restrictions.
URL:rhn.redhat.com/errata/RHSA-2014-1073.html
40.
Security Updates in SUSE
(SUSE-SU-2014:1035-1)
[19/08/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player packages for SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary
code.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00011.html
41.
Security Updates in Ubuntu GNU/Linux
(USN-2232-4, USN-2317-1, USN-2318-1)
[19/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openssl, linux-lts-trusty and linux packages for versions 10.04 LTS, 12.04
LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2232-4/
URL:www.ubuntu.com/usn/usn-2317-1/
URL:www.ubuntu.com/usn/usn-2318-1/
42.
Information Updates on Microsoft Security
Bulletin (MS14-045)
[18/08/2014] Microsoft
has updated information on the Security Bulletin for Microsoft Windows. MS14-045
was revised to remove Download Center links for Microsoft security update
2982791. Microsoft recommends that customers uninstall this
update.
URL:technet.microsoft.com/library/security/ms14-045
43.
Vulnerabilities in IBM Products (IT01111,
1237631, 1677387, 1678204, 1679713, 1679726, 1680234, 1680418, 1680703, 1681213,
1681256)
[18/08/2014]
Vulnerabilities were identified in the IBM
WebSphere DataPower SOA Appliances, IBM SmartCloud Provisioning, IBM Business
Process Manager, IBM WebSphere Lombardi Edition, IBM Rational Software
Architect, IBM WebSphere Application Server, IBM Sterling B2B Integrator, IBM
Sterling File Gateway and IBM Curam Social Program Management. An attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, perform cross-site scripting attacks and cause a denial of service
condition. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg1IT01111
URL:www.ibm.com/support/docview.wss?uid=swg21237631
URL:www.ibm.com/support/docview.wss?uid=swg21677387
URL:www.ibm.com/support/docview.wss?uid=swg21678204
URL:www.ibm.com/support/docview.wss?uid=swg21679713
URL:www.ibm.com/support/docview.wss?uid=swg21679726
URL:www.ibm.com/support/docview.wss?uid=swg21680234
URL:www.ibm.com/support/docview.wss?uid=swg21680418
URL:www.ibm.com/support/docview.wss?uid=swg21680703
URL:www.ibm.com/support/docview.wss?uid=swg21681213
URL:www.ibm.com/support/docview.wss?uid=swg21681256
URL:xforce.iss.net/xforce/xfdb/94112
44.
Vulnerability in Novell Open Enterprise
Server (7014420)
[18/08/2014] Vulnerability was identified in the Novell Open Enterprise
Server 11. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects versions
prior to OES11 SP2 - 9413 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.novell.com/support/kb/doc.php?id=7014420
45.
Vulnerabilities in Disqus comment system
plugin for WordPress (95288, 95289)
[18/08/2014] Vulnerabilities were identified in the Disqus comment system
plugin for WordPress. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code. perform cross-site scripting
attacks and cause a denial of service condition. These vulnerabilities affect
version 2.7.5 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95288
URL:xforce.iss.net/xforce/xfdb/95289
46.
Security Updates in Oracle Linux
(ELSA-2014-1053)
[18/08/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssl packages for Oracle Linux 5. An attacker could obtain sensitive
information, execute arbitrary code and cause a denial of service
condition.
URL:linux.oracle.com/errata/ELSA-2014-1053.html
47.
Security Updates in Gentoo Linux (GLSA
201408-07)
[18/08/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the modplug package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code and
cause a denial of service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201408-07.xml
48.
Security Updates in SUSE
(SUSE-SU-2014:1028-1, openSUSE-SU-2014:1029-1)
[18/08/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the krb5 package for SUSE Linux Enterprise 11, the flash-player packages for
openSUSE 11.4. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and
compromise a vulnerable
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00010.html
Sunday, August 24, 2014
IT Security Alerts Weekly Digest (17 Aug ~ 23 Aug 2014)
Labels:
Apache,
Cisco,
Core Security,
Debian,
Drupal,
Gentoo,
HP,
Huawei,
IBM,
Microsoft,
Novell,
openSUSE,
Oracle,
Red Hat,
Ruby on Rails,
Senderek Web Security,
Symantec,
Ubuntu
Sunday, August 17, 2014
IT Security Alerts Weekly Digest (10 Aug ~ 16 Aug 2014)
1. Vulnerabilities in IBM Products (1509259, 1633720, 1633722,
1678776, 1680533, 1681018)
[15/08/2014] Vulnerabilities were identified in the IBM Tivoli Monitoring, IBM SmartCloud Provisioning and IBM Financial Transaction Manager. An attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21509259
URL:www.ibm.com/support/docview.wss?uid=swg21633720
URL:www.ibm.com/support/docview.wss?uid=swg21633722
URL:www.ibm.com/support/docview.wss?uid=swg21678776
URL:www.ibm.com/support/docview.wss?uid=swg21680533
URL:www.ibm.com/support/docview.wss?uid=swg21681018
2. Vulnerabilities in Juniper Products (JSA10642, JSA10643)
[15/08/2014] Vulnerabilities were identified in the Juniper Network and Security Manager (NSM), Juniper Secure Analytics (JSA) and Juniper Security Threat Response Manager (STRM). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10642
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10643
3. Security Updates in Oracle Linux (ELSA-2014-1052)
[15/08/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the openssl packages for Oracle Linux 6 and 7. An attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1052.html
4. Security Updates in Debian (DSA-3005-1)
[15/08/2014] Debian has released security update packages for fixing the vulnerability identified in the gpgme1.0 package for multiple versions of Debian GNU/Linux. An attacker could execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3005
5. Security Updates in Gentoo Linux (GLSA 201408-05, GLSA 201408-06)
[15/08/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash and libpng packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201408-05.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-06.xml
6. Security Updates in Red Hat Products (RHSA-2014:1054-1)
[15/08/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the openssl package for Red Hat Storage Server 2.1. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1054.html
7. Security Updates in SUSE (openSUSE-SU-2014:1020-1)
[15/08/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and compromise a vulnerable system.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00008.html
8. Security Updates in Ubuntu GNU/Linux (USN-2315-1, USN-2316-1)
[15/08/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the serf and subversion packages for versions 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2315-1/
URL:www.ubuntu.com/usn/usn-2316-1/
9. Information Updates on Microsoft Security Bulletin (MS14-044)
[14/08/2014] Microsoft has updated information on the Security Bulletin for Microsoft SQL Server. MS14-044 was revised to correct the Update FAQ.
URL:technet.microsoft.com/library/security/ms14-044
10. Vulnerabilities in Apple Safari (HT6367)
[14/08/2014] Vulnerabilities were identified in the Apple Safari. An attacker could execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 6.1.6 and 7.0.6 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/kb/HT6367
URL:www.hkcert.org/my_url/en/alert/14081402
11. Vulnerabilities in HP Products (c04391893, c04394553, c04394554, c04399728)
[14/08/2014] Vulnerability was identified in the HP Application Lifecycle Management, HP Quality Center, HP SiteScope, HP NonStop Safeguard Security Software and HP Operations Agent. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394553
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04399728
URL:h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?docId=emr_na-c04391893-1
URL:xforce.iss.net/xforce/xfdb/95181
12. Vulnerabilities in IBM Products (1676371, MIGR-5096078)
[14/08/2014] Vulnerabilities were identified in the IBM InfoSphere Information Server, IBM InfoSphere Data Click and IBM Flex System Manager. An attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21676371
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096078
13. Vulnerabilities in Cerberus FTP Server
[14/08/2014] Vulnerabilities were identified in the Cerberus FTP Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 7.0.3 and prior to 6.0.11 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.cerberusftp.com/products/releasenotes.html
14. Vulnerabilities in Google Chrome
[14/08/2014] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 36.0.1985.143 of Chrome, and versions prior 36.0.1985.135 of Chrome for Android. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/08/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/14081401
15. Vulnerabilities in Stunnel
[14/08/2014] Vulnerabilities were identified in the Stunnel. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 5.03 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.stunnel.org/sdf_ChangeLog.html
16. Security Updates in Gentoo Linux (GLSA 201408-04)
[14/08/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the Catfish package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.gentoo.org/security/en/glsa/glsa-201408-04.xml
17. Security Updates in Red Hat Products (RHSA-2014:1037-1, RHSA-2014:1050-1, RHSA-2014:1051-1, RHSA-2014:1052-1, RHSA-2014:1053-1)
[14/08/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the cfme package for Red Hat CloudForms 3.0, OpenStack Telemetry packages for Red Hat Enterprise Linux OpenStack Platform 4.0, and the Adobe Flash Player and openssl packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1037.html
URL:rhn.redhat.com/errata/RHSA-2014-1050.html
URL:rhn.redhat.com/errata/RHSA-2014-1051.html
URL:rhn.redhat.com/errata/RHSA-2014-1052.html
URL:rhn.redhat.com/errata/RHSA-2014-1053.html
18. Security Updates in Ubuntu GNU/Linux (USN-2313-1, USN-2314-1)
[14/08/2014] Ubuntu has released security update packages for fixing the vulnerability identified in the linux-lts-trusty and Linux kernel packages for versions 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2313-1/
URL:www.ubuntu.com/usn/usn-2314-1/
19. Vulnerabilities in Microsoft Products (2978742, 2984340, 2984615, 2984625, 2978668, 2977201, 2962490, 2977202, 2976627)
[13/08/2014] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft .NET Framework, Microsoft SQL Server, Microsoft SharePoint Server and Microsoft Office. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms14-aug
URL:technet.microsoft.com/en-us/library/security/MS14-043
URL:technet.microsoft.com/en-us/library/security/MS14-044
URL:technet.microsoft.com/en-us/library/security/MS14-045
URL:technet.microsoft.com/en-us/library/security/MS14-046
URL:technet.microsoft.com/en-us/library/security/MS14-047
URL:technet.microsoft.com/en-us/library/security/MS14-048
URL:technet.microsoft.com/en-us/library/security/MS14-049
URL:technet.microsoft.com/en-us/library/security/MS14-050
URL:technet.microsoft.com/en-us/library/security/MS14-051
URL:www.hkcert.org/my_url/en/alert/14081301
URL:www.hkcert.org/my_url/en/alert/14081302
URL:www.hkcert.org/my_url/en/alert/14081303
URL:www.hkcert.org/my_url/en/alert/14081304
URL:www.hkcert.org/my_url/en/alert/14081305
URL:www.hkcert.org/my_url/en/alert/14081306
URL:www.hkcert.org/my_url/en/alert/14081307
URL:www.hkcert.org/my_url/en/alert/14081308
URL:www.hkcert.org/my_url/en/alert/14081309
URL:xforce.iss.net/xforce/xfdb/94986
URL:xforce.iss.net/xforce/xfdb/94999
URL:xforce.iss.net/xforce/xfdb/95000
20. Vulnerabilities in Adobe Products (APSB14-18, APSB14-19)
[13/08/2014] Vulnerabilities were identified in the Adobe Flash Player, Adobe Reader and Acrobat XI. An attacker could bypass security restriction and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb14-18.html
URL:helpx.adobe.com/security/products/reader/apsb14-19.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/14081310
URL:www.hkcert.org/my_url/en/alert/14081311
URL:www.us-cert.gov/ncas/current-activity/2014/08/12/Adobe-Releases-Security-Updates-Flash-Player-Adobe-Reader-and
21. Vulnerabilities in Apache Subversion
[13/08/2014] Vulnerabilities were identified in the Apache Subversion. An attacker could bypass security restriction and perform spoofing attacks. These vulnerabilities affect versions prior to 1.8.10 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:subversion.apache.org/security/CVE-2014-3522-advisory.txt
22. Vulnerabilities in BlackBerry Products (BSRT-2014-006, BSRT-2014-007)
[13/08/2014] Vulnerabilities were identified in the BlackBerry 10 OS, BlackBerry Enterprise Service, BlackBerry Enterprise Server Express for IBM Lotus Domino, BlackBerry Enterprise Server Express for Microsoft Exchange, BlackBerry Enterprise Server for IBM Lotus Domino, BlackBerry Enterprise Server for Microsoft Exchange and BlackBerry Enterprise Server for Novell GroupWise. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36174&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36174
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36175&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36175
23. Vulnerability in Cisco Unified Communications Manager
[13/08/2014] Vulnerability was identified in the Cisco Unified Communications Manager. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339
24. Vulnerabilities in IBM Products (1680036, 1680387, 1680562, 1680565, 1680702, 1680792, 1680797, 1680798, 1680914, MIGR-5095940)
[13/08/2014] Vulnerabilities were identified in the IBM Tivoli Netview for z/OS, IBM Enterprise Common Collector, IBM Tivoli System Automation for Multiplatforms, IBM Tivoli System Automation Application Manager, IBM OpenPages with Application Server, IBM SmartCloud Orchestrator and IBM Flex System FC5022 SAN Scalable Switch. An attacker could obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21680036
URL:www.ibm.com/support/docview.wss?uid=swg21680387
URL:www.ibm.com/support/docview.wss?uid=swg21680562
URL:www.ibm.com/support/docview.wss?uid=swg21680565
URL:www.ibm.com/support/docview.wss?uid=swg21680702
URL:www.ibm.com/support/docview.wss?uid=swg21680792
URL:www.ibm.com/support/docview.wss?uid=swg21680797
URL:www.ibm.com/support/docview.wss?uid=swg21680798
URL:www.ibm.com/support/docview.wss?uid=swg21680914
URL:ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940
25. Vulnerabilities in OpenVPN
[13/08/2014] Vulnerabilities were identified in the OpenVPN. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:openvpn.net/index.php/open-source/downloads.html
26. Security Updates in Oracle Linux (ELSA-2014-1038, ELSA-2014-3067)
[13/08/2014] Oracle has released security update packages for fixing the vulnerability identified in the tomcat6 and kernel packages for Oracle Linux 6 and 7. An attacker could obtain sensitive information and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1038.html
URL:linux.oracle.com/errata/ELSA-2014-3067.html
27. Security Updates in SUSE (SUSE-SU-2014:0972-1, openSUSE-SU-2014:0983-1, openSUSE-SU-2014:0986-1)
[13/08/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the apache2-mod_security2 packages for SUSE Linux Enterprise Server 11, and the exim package for openSUSE 11.4, 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.suse.com/support/update/announcement/2014/suse-su-20140972-1.html
URL:lists.opensuse.org/opensuse-updates/2014-08/msg00014.html
URL:lists.opensuse.org/opensuse-updates/2014-08/msg00017.html
28. Security Updates in Ubuntu GNU/Linux (USN-2312-1)
[13/08/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openjdk-6 package for versions 10.04 LTS and 12.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2312-1/
29. Vulnerabilities in Cisco Unified Communications Manager
[12/08/2014] Vulnerabilities were identified in the Cisco Unified Communications Manager. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338
30. Vulnerabilities in IBM Products (1673611, 1677490, 1680418)
[12/08/2014] Vulnerabilities were identified in the IBM Endpoint Manager for Remote Control, IBM Tivoli Endpoint Manager for Remote Control and IBM Java SDK shipped with IBM WebSphere Application Server. An attacker could obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21673611
URL:www.ibm.com/support/docview.wss?uid=swg21677490
URL:www.ibm.com/support/docview.wss?uid=swg21680418
URL:www.hkcert.org/my_url/en/alert/14081201
URL:www.hkcert.org/my_url/en/alert/14081202
31. Vulnerability in D-Link Products (SAP10042)
[12/08/2014] Vulnerability was identified in D-Link DNS-315L, D-Link DNS-320L, D-Link DNS-327L, D-Link DNS-340L, and D-Link DNS-345. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:securityadvisories.dlink.com/security/publication.aspx?name=SAP10042
URL:xforce.iss.net/xforce/xfdb/95207
32. Vulnerability in SHARP MX Series Printers (95205)
[12/08/2014] Vulnerability was identified in the SHARP MX Series Printers. An attacker could execute arbitrary code and cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/95205
33. Vulnerabilities in MIT Kerberos 5 (95210, 95211, 95212)
[12/08/2014] Vulnerabilities were identified in the MIT Kerberos 5. An attacker could bypass security restrictions, execute arbitrary code, cause a buffer overflow, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95210
URL:xforce.iss.net/xforce/xfdb/95211
URL:xforce.iss.net/xforce/xfdb/95212
34. Security Updates in Debian (DSA-3003-1, DSA-3004-1)
[12/08/2014] Debian has released security update packages for fixing the vulnerabilities identified in the libav and kde4libs packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and crash the system.
URL:www.debian.org/security/2014/dsa-3003
URL:www.debian.org/security/2014/dsa-3004
35. Security Updates in Red Hat Products (RHSA-2014:1038-1, RHSA-2014:1039-1, RHSA-2014:1040-1, RHSA-2014:1041-1, RHSA-2014:1042-1)
[12/08/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the tomcat6, java-1.7.0-ibm and java-1.7.1-ibm packages for Red Hat Enterprise Linux 5, 6 and 7, and the Red Hat JBoss Enterprise Application Platform 6.3.0 for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1038.html
URL:rhn.redhat.com/errata/RHSA-2014-1039.html
URL:rhn.redhat.com/errata/RHSA-2014-1040.html
URL:rhn.redhat.com/errata/RHSA-2014-1041.html
URL:rhn.redhat.com/errata/RHSA-2014-1042.html
36. Security Updates in SUSE (openSUSE-SU-2014:0976-1, openSUSE-SU-2014:0982-1, openSUSE-SU-2014:0985-1)
[12/08/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaThunderbird, chromium and kernel packages for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00007.html
37. Security Updates in Ubuntu GNU/Linux (USN-2309-1, USN-2310-1, USN-2311-1)
[12/08/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libav, krb5 and python-pycadf packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2309-1/
URL:www.ubuntu.com/usn/usn-2310-1/
URL:www.ubuntu.com/usn/usn-2311-1/
38. Vulnerability in Cisco Unity Connection
[11/08/2014] Vulnerability was identified in the Cisco Unity Connection. An attacker could bypass security restrictions, execute arbitrary code and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3336
39. Vulnerability in Drupal (SA-CONTRIB-2014-076)
[11/08/2014] Vulnerability was identified in the Fasttoggle module for Drupal. An attacker could bypass security restrictions. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2316747
URL:www.hkcert.org/my_url/en/alert/14080802
URL:xforce.iss.net/xforce/xfdb/95151
40. Vulnerability in nginx (95167)
[11/08/2014] Vulnerability was identified in the nginx. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects multiple versions 1.5.6 and 1.7.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/95167
41. Vulnerabilities in WordPress
[11/08/2014] Vulnerabilities were identified in the WordPress. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 3.9.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/14080801
42. Security Updates in Oracle Solaris
[11/08/2014] Oracle has released security update packages for fixing the vulnerability identified in the NSS packages for Oracle Solaris 8, 9, 10 and 11.1 An attacker could bypass security restrictions and obtain sensitive information.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen
43. Security Updates in Debian (DSA-2998-1, DSA-2999-1, DSA-3000-1, DSA-3001-1, DSA-3002-1)
[11/08/2014] Debian has released security update packages for fixing the vulnerabilities identified in the openssl, drupal7, krb5, wordpress and wireshark packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-2998
URL:www.debian.org/security/2014/dsa-2999
URL:www.debian.org/security/2014/dsa-3000
URL:www.debian.org/security/2014/dsa-3001
URL:www.debian.org/security/2014/dsa-3002
44. Security Updates in Mandriva (MDVSA-2014:157, MDVSA-2014:158, MDVSA-2014:159)
[11/08/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the ipython, openssl and wireshark packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:157/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:158/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:159/
45. Security Updates in Slackware (SSA:2014-220-01)
[11/08/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the openssl package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions and cause a denial of service condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587
46. Security Updates in Gentoo Linux (GLSA 201408-02, GLSA 201408-03)
[11/08/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the FreeType and LibSSH packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201408-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-03.xml
[15/08/2014] Vulnerabilities were identified in the IBM Tivoli Monitoring, IBM SmartCloud Provisioning and IBM Financial Transaction Manager. An attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21509259
URL:www.ibm.com/support/docview.wss?uid=swg21633720
URL:www.ibm.com/support/docview.wss?uid=swg21633722
URL:www.ibm.com/support/docview.wss?uid=swg21678776
URL:www.ibm.com/support/docview.wss?uid=swg21680533
URL:www.ibm.com/support/docview.wss?uid=swg21681018
2. Vulnerabilities in Juniper Products (JSA10642, JSA10643)
[15/08/2014] Vulnerabilities were identified in the Juniper Network and Security Manager (NSM), Juniper Secure Analytics (JSA) and Juniper Security Threat Response Manager (STRM). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10642
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10643
3. Security Updates in Oracle Linux (ELSA-2014-1052)
[15/08/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the openssl packages for Oracle Linux 6 and 7. An attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1052.html
4. Security Updates in Debian (DSA-3005-1)
[15/08/2014] Debian has released security update packages for fixing the vulnerability identified in the gpgme1.0 package for multiple versions of Debian GNU/Linux. An attacker could execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3005
5. Security Updates in Gentoo Linux (GLSA 201408-05, GLSA 201408-06)
[15/08/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash and libpng packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201408-05.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-06.xml
6. Security Updates in Red Hat Products (RHSA-2014:1054-1)
[15/08/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the openssl package for Red Hat Storage Server 2.1. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1054.html
7. Security Updates in SUSE (openSUSE-SU-2014:1020-1)
[15/08/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and compromise a vulnerable system.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00008.html
8. Security Updates in Ubuntu GNU/Linux (USN-2315-1, USN-2316-1)
[15/08/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the serf and subversion packages for versions 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2315-1/
URL:www.ubuntu.com/usn/usn-2316-1/
9. Information Updates on Microsoft Security Bulletin (MS14-044)
[14/08/2014] Microsoft has updated information on the Security Bulletin for Microsoft SQL Server. MS14-044 was revised to correct the Update FAQ.
URL:technet.microsoft.com/library/security/ms14-044
10. Vulnerabilities in Apple Safari (HT6367)
[14/08/2014] Vulnerabilities were identified in the Apple Safari. An attacker could execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 6.1.6 and 7.0.6 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/kb/HT6367
URL:www.hkcert.org/my_url/en/alert/14081402
11. Vulnerabilities in HP Products (c04391893, c04394553, c04394554, c04399728)
[14/08/2014] Vulnerability was identified in the HP Application Lifecycle Management, HP Quality Center, HP SiteScope, HP NonStop Safeguard Security Software and HP Operations Agent. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394553
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04399728
URL:h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?docId=emr_na-c04391893-1
URL:xforce.iss.net/xforce/xfdb/95181
12. Vulnerabilities in IBM Products (1676371, MIGR-5096078)
[14/08/2014] Vulnerabilities were identified in the IBM InfoSphere Information Server, IBM InfoSphere Data Click and IBM Flex System Manager. An attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21676371
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096078
13. Vulnerabilities in Cerberus FTP Server
[14/08/2014] Vulnerabilities were identified in the Cerberus FTP Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 7.0.3 and prior to 6.0.11 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.cerberusftp.com/products/releasenotes.html
14. Vulnerabilities in Google Chrome
[14/08/2014] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 36.0.1985.143 of Chrome, and versions prior 36.0.1985.135 of Chrome for Android. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/08/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/14081401
15. Vulnerabilities in Stunnel
[14/08/2014] Vulnerabilities were identified in the Stunnel. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 5.03 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.stunnel.org/sdf_ChangeLog.html
16. Security Updates in Gentoo Linux (GLSA 201408-04)
[14/08/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the Catfish package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.gentoo.org/security/en/glsa/glsa-201408-04.xml
17. Security Updates in Red Hat Products (RHSA-2014:1037-1, RHSA-2014:1050-1, RHSA-2014:1051-1, RHSA-2014:1052-1, RHSA-2014:1053-1)
[14/08/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the cfme package for Red Hat CloudForms 3.0, OpenStack Telemetry packages for Red Hat Enterprise Linux OpenStack Platform 4.0, and the Adobe Flash Player and openssl packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1037.html
URL:rhn.redhat.com/errata/RHSA-2014-1050.html
URL:rhn.redhat.com/errata/RHSA-2014-1051.html
URL:rhn.redhat.com/errata/RHSA-2014-1052.html
URL:rhn.redhat.com/errata/RHSA-2014-1053.html
18. Security Updates in Ubuntu GNU/Linux (USN-2313-1, USN-2314-1)
[14/08/2014] Ubuntu has released security update packages for fixing the vulnerability identified in the linux-lts-trusty and Linux kernel packages for versions 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2313-1/
URL:www.ubuntu.com/usn/usn-2314-1/
19. Vulnerabilities in Microsoft Products (2978742, 2984340, 2984615, 2984625, 2978668, 2977201, 2962490, 2977202, 2976627)
[13/08/2014] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft .NET Framework, Microsoft SQL Server, Microsoft SharePoint Server and Microsoft Office. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms14-aug
URL:technet.microsoft.com/en-us/library/security/MS14-043
URL:technet.microsoft.com/en-us/library/security/MS14-044
URL:technet.microsoft.com/en-us/library/security/MS14-045
URL:technet.microsoft.com/en-us/library/security/MS14-046
URL:technet.microsoft.com/en-us/library/security/MS14-047
URL:technet.microsoft.com/en-us/library/security/MS14-048
URL:technet.microsoft.com/en-us/library/security/MS14-049
URL:technet.microsoft.com/en-us/library/security/MS14-050
URL:technet.microsoft.com/en-us/library/security/MS14-051
URL:www.hkcert.org/my_url/en/alert/14081301
URL:www.hkcert.org/my_url/en/alert/14081302
URL:www.hkcert.org/my_url/en/alert/14081303
URL:www.hkcert.org/my_url/en/alert/14081304
URL:www.hkcert.org/my_url/en/alert/14081305
URL:www.hkcert.org/my_url/en/alert/14081306
URL:www.hkcert.org/my_url/en/alert/14081307
URL:www.hkcert.org/my_url/en/alert/14081308
URL:www.hkcert.org/my_url/en/alert/14081309
URL:xforce.iss.net/xforce/xfdb/94986
URL:xforce.iss.net/xforce/xfdb/94999
URL:xforce.iss.net/xforce/xfdb/95000
20. Vulnerabilities in Adobe Products (APSB14-18, APSB14-19)
[13/08/2014] Vulnerabilities were identified in the Adobe Flash Player, Adobe Reader and Acrobat XI. An attacker could bypass security restriction and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb14-18.html
URL:helpx.adobe.com/security/products/reader/apsb14-19.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/14081310
URL:www.hkcert.org/my_url/en/alert/14081311
URL:www.us-cert.gov/ncas/current-activity/2014/08/12/Adobe-Releases-Security-Updates-Flash-Player-Adobe-Reader-and
21. Vulnerabilities in Apache Subversion
[13/08/2014] Vulnerabilities were identified in the Apache Subversion. An attacker could bypass security restriction and perform spoofing attacks. These vulnerabilities affect versions prior to 1.8.10 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:subversion.apache.org/security/CVE-2014-3522-advisory.txt
22. Vulnerabilities in BlackBerry Products (BSRT-2014-006, BSRT-2014-007)
[13/08/2014] Vulnerabilities were identified in the BlackBerry 10 OS, BlackBerry Enterprise Service, BlackBerry Enterprise Server Express for IBM Lotus Domino, BlackBerry Enterprise Server Express for Microsoft Exchange, BlackBerry Enterprise Server for IBM Lotus Domino, BlackBerry Enterprise Server for Microsoft Exchange and BlackBerry Enterprise Server for Novell GroupWise. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36174&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36174
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36175&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36175
23. Vulnerability in Cisco Unified Communications Manager
[13/08/2014] Vulnerability was identified in the Cisco Unified Communications Manager. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339
24. Vulnerabilities in IBM Products (1680036, 1680387, 1680562, 1680565, 1680702, 1680792, 1680797, 1680798, 1680914, MIGR-5095940)
[13/08/2014] Vulnerabilities were identified in the IBM Tivoli Netview for z/OS, IBM Enterprise Common Collector, IBM Tivoli System Automation for Multiplatforms, IBM Tivoli System Automation Application Manager, IBM OpenPages with Application Server, IBM SmartCloud Orchestrator and IBM Flex System FC5022 SAN Scalable Switch. An attacker could obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21680036
URL:www.ibm.com/support/docview.wss?uid=swg21680387
URL:www.ibm.com/support/docview.wss?uid=swg21680562
URL:www.ibm.com/support/docview.wss?uid=swg21680565
URL:www.ibm.com/support/docview.wss?uid=swg21680702
URL:www.ibm.com/support/docview.wss?uid=swg21680792
URL:www.ibm.com/support/docview.wss?uid=swg21680797
URL:www.ibm.com/support/docview.wss?uid=swg21680798
URL:www.ibm.com/support/docview.wss?uid=swg21680914
URL:ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940
25. Vulnerabilities in OpenVPN
[13/08/2014] Vulnerabilities were identified in the OpenVPN. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:openvpn.net/index.php/open-source/downloads.html
26. Security Updates in Oracle Linux (ELSA-2014-1038, ELSA-2014-3067)
[13/08/2014] Oracle has released security update packages for fixing the vulnerability identified in the tomcat6 and kernel packages for Oracle Linux 6 and 7. An attacker could obtain sensitive information and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1038.html
URL:linux.oracle.com/errata/ELSA-2014-3067.html
27. Security Updates in SUSE (SUSE-SU-2014:0972-1, openSUSE-SU-2014:0983-1, openSUSE-SU-2014:0986-1)
[13/08/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the apache2-mod_security2 packages for SUSE Linux Enterprise Server 11, and the exim package for openSUSE 11.4, 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.suse.com/support/update/announcement/2014/suse-su-20140972-1.html
URL:lists.opensuse.org/opensuse-updates/2014-08/msg00014.html
URL:lists.opensuse.org/opensuse-updates/2014-08/msg00017.html
28. Security Updates in Ubuntu GNU/Linux (USN-2312-1)
[13/08/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openjdk-6 package for versions 10.04 LTS and 12.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2312-1/
29. Vulnerabilities in Cisco Unified Communications Manager
[12/08/2014] Vulnerabilities were identified in the Cisco Unified Communications Manager. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338
30. Vulnerabilities in IBM Products (1673611, 1677490, 1680418)
[12/08/2014] Vulnerabilities were identified in the IBM Endpoint Manager for Remote Control, IBM Tivoli Endpoint Manager for Remote Control and IBM Java SDK shipped with IBM WebSphere Application Server. An attacker could obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21673611
URL:www.ibm.com/support/docview.wss?uid=swg21677490
URL:www.ibm.com/support/docview.wss?uid=swg21680418
URL:www.hkcert.org/my_url/en/alert/14081201
URL:www.hkcert.org/my_url/en/alert/14081202
31. Vulnerability in D-Link Products (SAP10042)
[12/08/2014] Vulnerability was identified in D-Link DNS-315L, D-Link DNS-320L, D-Link DNS-327L, D-Link DNS-340L, and D-Link DNS-345. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:securityadvisories.dlink.com/security/publication.aspx?name=SAP10042
URL:xforce.iss.net/xforce/xfdb/95207
32. Vulnerability in SHARP MX Series Printers (95205)
[12/08/2014] Vulnerability was identified in the SHARP MX Series Printers. An attacker could execute arbitrary code and cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/95205
33. Vulnerabilities in MIT Kerberos 5 (95210, 95211, 95212)
[12/08/2014] Vulnerabilities were identified in the MIT Kerberos 5. An attacker could bypass security restrictions, execute arbitrary code, cause a buffer overflow, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95210
URL:xforce.iss.net/xforce/xfdb/95211
URL:xforce.iss.net/xforce/xfdb/95212
34. Security Updates in Debian (DSA-3003-1, DSA-3004-1)
[12/08/2014] Debian has released security update packages for fixing the vulnerabilities identified in the libav and kde4libs packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and crash the system.
URL:www.debian.org/security/2014/dsa-3003
URL:www.debian.org/security/2014/dsa-3004
35. Security Updates in Red Hat Products (RHSA-2014:1038-1, RHSA-2014:1039-1, RHSA-2014:1040-1, RHSA-2014:1041-1, RHSA-2014:1042-1)
[12/08/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the tomcat6, java-1.7.0-ibm and java-1.7.1-ibm packages for Red Hat Enterprise Linux 5, 6 and 7, and the Red Hat JBoss Enterprise Application Platform 6.3.0 for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1038.html
URL:rhn.redhat.com/errata/RHSA-2014-1039.html
URL:rhn.redhat.com/errata/RHSA-2014-1040.html
URL:rhn.redhat.com/errata/RHSA-2014-1041.html
URL:rhn.redhat.com/errata/RHSA-2014-1042.html
36. Security Updates in SUSE (openSUSE-SU-2014:0976-1, openSUSE-SU-2014:0982-1, openSUSE-SU-2014:0985-1)
[12/08/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaThunderbird, chromium and kernel packages for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00007.html
37. Security Updates in Ubuntu GNU/Linux (USN-2309-1, USN-2310-1, USN-2311-1)
[12/08/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libav, krb5 and python-pycadf packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2309-1/
URL:www.ubuntu.com/usn/usn-2310-1/
URL:www.ubuntu.com/usn/usn-2311-1/
38. Vulnerability in Cisco Unity Connection
[11/08/2014] Vulnerability was identified in the Cisco Unity Connection. An attacker could bypass security restrictions, execute arbitrary code and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3336
39. Vulnerability in Drupal (SA-CONTRIB-2014-076)
[11/08/2014] Vulnerability was identified in the Fasttoggle module for Drupal. An attacker could bypass security restrictions. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2316747
URL:www.hkcert.org/my_url/en/alert/14080802
URL:xforce.iss.net/xforce/xfdb/95151
40. Vulnerability in nginx (95167)
[11/08/2014] Vulnerability was identified in the nginx. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects multiple versions 1.5.6 and 1.7.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/95167
41. Vulnerabilities in WordPress
[11/08/2014] Vulnerabilities were identified in the WordPress. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 3.9.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/14080801
42. Security Updates in Oracle Solaris
[11/08/2014] Oracle has released security update packages for fixing the vulnerability identified in the NSS packages for Oracle Solaris 8, 9, 10 and 11.1 An attacker could bypass security restrictions and obtain sensitive information.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen
43. Security Updates in Debian (DSA-2998-1, DSA-2999-1, DSA-3000-1, DSA-3001-1, DSA-3002-1)
[11/08/2014] Debian has released security update packages for fixing the vulnerabilities identified in the openssl, drupal7, krb5, wordpress and wireshark packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-2998
URL:www.debian.org/security/2014/dsa-2999
URL:www.debian.org/security/2014/dsa-3000
URL:www.debian.org/security/2014/dsa-3001
URL:www.debian.org/security/2014/dsa-3002
44. Security Updates in Mandriva (MDVSA-2014:157, MDVSA-2014:158, MDVSA-2014:159)
[11/08/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the ipython, openssl and wireshark packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:157/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:158/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:159/
45. Security Updates in Slackware (SSA:2014-220-01)
[11/08/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the openssl package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions and cause a denial of service condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587
46. Security Updates in Gentoo Linux (GLSA 201408-02, GLSA 201408-03)
[11/08/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the FreeType and LibSSH packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition.
URL:www.gentoo.org/security/en/glsa/glsa-201408-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-03.xml
Subscribe to:
Posts (Atom)