1. Vulnerabilities in IBM Products (1509259, 1633720, 1633722,
1678776, 1680533, 1681018)
[15/08/2014] Vulnerabilities were identified in the IBM Tivoli Monitoring,
IBM SmartCloud Provisioning and IBM Financial Transaction Manager. An attacker
could obtain sensitive information, execute arbitrary code and cause a denial of
service condition. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21509259
URL:www.ibm.com/support/docview.wss?uid=swg21633720
URL:www.ibm.com/support/docview.wss?uid=swg21633722
URL:www.ibm.com/support/docview.wss?uid=swg21678776
URL:www.ibm.com/support/docview.wss?uid=swg21680533
URL:www.ibm.com/support/docview.wss?uid=swg21681018
2. Vulnerabilities in Juniper Products (JSA10642,
JSA10643)
[15/08/2014]
Vulnerabilities were identified in the Juniper
Network and Security Manager (NSM), Juniper Secure Analytics (JSA) and Juniper
Security Threat Response Manager (STRM). An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and cause a
denial of service condition. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10642
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10643
3. Security Updates in Oracle Linux
(ELSA-2014-1052)
[15/08/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssl packages for Oracle Linux 6 and 7. An attacker could obtain
sensitive information, execute arbitrary code and cause a denial of service
condition.
URL:linux.oracle.com/errata/ELSA-2014-1052.html
4. Security Updates in Debian
(DSA-3005-1)
[15/08/2014] Debian has
released security update packages for fixing the vulnerability identified in the
gpgme1.0 package for multiple versions of Debian GNU/Linux. An attacker could
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3005
5. Security Updates in Gentoo Linux (GLSA 201408-05, GLSA
201408-06)
[15/08/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the adobe-flash and libpng packages for
multiple versions of Gentoo Linux. Due to multiple errors, an attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code
and cause a denial of service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201408-05.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-06.xml
6. Security Updates in Red Hat Products
(RHSA-2014:1054-1)
[15/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openssl package for Red Hat Storage Server 2.1. Due to multiple errors,
an attacker could obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1054.html
7. Security Updates in SUSE
(openSUSE-SU-2014:1020-1)
[15/08/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player packages for openSUSE 12.3 and 13.1. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and compromise a vulnerable
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00008.html
8. Security Updates in Ubuntu GNU/Linux (USN-2315-1,
USN-2316-1)
[15/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the serf and subversion packages for versions 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and cause a
denial of service
condition.
URL:www.ubuntu.com/usn/usn-2315-1/
URL:www.ubuntu.com/usn/usn-2316-1/
9. Information Updates on Microsoft Security Bulletin
(MS14-044)
[14/08/2014]
Microsoft has updated information on the
Security Bulletin for Microsoft SQL Server. MS14-044 was revised to correct the
Update
FAQ.
URL:technet.microsoft.com/library/security/ms14-044
10.
Vulnerabilities in Apple Safari
(HT6367)
[14/08/2014]
Vulnerabilities were identified in the Apple
Safari. An attacker could execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect versions prior to
6.1.6 and 7.0.6 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:support.apple.com/kb/HT6367
URL:www.hkcert.org/my_url/en/alert/14081402
11.
Vulnerabilities in HP Products
(c04391893, c04394553, c04394554, c04399728)
[14/08/2014] Vulnerability was identified in the HP Application Lifecycle
Management, HP Quality Center, HP SiteScope, HP NonStop Safeguard Security
Software and HP Operations Agent. An attacker could bypass security
restrictions, gain elevated privileges and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394553
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04399728
URL:h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?docId=emr_na-c04391893-1
URL:xforce.iss.net/xforce/xfdb/95181
12.
Vulnerabilities in IBM Products (1676371,
MIGR-5096078)
[14/08/2014] Vulnerabilities were identified in the IBM InfoSphere
Information Server, IBM InfoSphere Data Click and IBM Flex System Manager. An
attacker could obtain sensitive information, execute arbitrary code and cause a
denial of service condition. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21676371
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096078
13.
Vulnerabilities in Cerberus FTP
Server
[14/08/2014]
Vulnerabilities were identified in the Cerberus
FTP Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise a vulnerable system. These vulnerabilities affect versions prior to
7.0.3 and prior to 6.0.11 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.cerberusftp.com/products/releasenotes.html
14.
Vulnerabilities in Google
Chrome
[14/08/2014]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, execute arbitrary code
and compromise a vulnerable system. These vulnerabilities affect versions prior
to 36.0.1985.143 of Chrome, and versions prior 36.0.1985.135 of Chrome for
Android. Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/08/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/14081401
15.
Vulnerabilities in
Stunnel
[14/08/2014]
Vulnerabilities were identified in the Stunnel.
An attacker could bypass security restrictions, obtain sensitive information,
cause a denial of service condition and compromise a vulnerable system. These
vulnerabilities affect versions prior to 5.03 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.stunnel.org/sdf_ChangeLog.html
16.
Security Updates in Gentoo Linux (GLSA
201408-04)
[14/08/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the Catfish package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges and execute arbitrary
code.
URL:www.gentoo.org/security/en/glsa/glsa-201408-04.xml
17.
Security Updates in Red Hat Products
(RHSA-2014:1037-1, RHSA-2014:1050-1, RHSA-2014:1051-1, RHSA-2014:1052-1,
RHSA-2014:1053-1)
[14/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the cfme package for Red Hat CloudForms 3.0, OpenStack Telemetry packages for
Red Hat Enterprise Linux OpenStack Platform 4.0, and the Adobe Flash Player and
openssl packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1037.html
URL:rhn.redhat.com/errata/RHSA-2014-1050.html
URL:rhn.redhat.com/errata/RHSA-2014-1051.html
URL:rhn.redhat.com/errata/RHSA-2014-1052.html
URL:rhn.redhat.com/errata/RHSA-2014-1053.html
18.
Security Updates in Ubuntu GNU/Linux
(USN-2313-1, USN-2314-1)
[14/08/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
linux-lts-trusty and Linux kernel packages for versions 12.04 LTS and 14.04 LTS
of Ubuntu GNU/Linux. An attacker could bypass security restrictions, obtain
sensitive information and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2313-1/
URL:www.ubuntu.com/usn/usn-2314-1/
19.
Vulnerabilities in Microsoft Products
(2978742, 2984340, 2984615, 2984625, 2978668, 2977201, 2962490, 2977202,
2976627)
[13/08/2014]
Vulnerabilities were identified in the Microsoft
Internet Explorer, Microsoft Windows, Microsoft .NET Framework, Microsoft SQL
Server, Microsoft SharePoint Server and Microsoft Office. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:technet.microsoft.com/library/security/ms14-aug
URL:technet.microsoft.com/en-us/library/security/MS14-043
URL:technet.microsoft.com/en-us/library/security/MS14-044
URL:technet.microsoft.com/en-us/library/security/MS14-045
URL:technet.microsoft.com/en-us/library/security/MS14-046
URL:technet.microsoft.com/en-us/library/security/MS14-047
URL:technet.microsoft.com/en-us/library/security/MS14-048
URL:technet.microsoft.com/en-us/library/security/MS14-049
URL:technet.microsoft.com/en-us/library/security/MS14-050
URL:technet.microsoft.com/en-us/library/security/MS14-051
URL:www.hkcert.org/my_url/en/alert/14081301
URL:www.hkcert.org/my_url/en/alert/14081302
URL:www.hkcert.org/my_url/en/alert/14081303
URL:www.hkcert.org/my_url/en/alert/14081304
URL:www.hkcert.org/my_url/en/alert/14081305
URL:www.hkcert.org/my_url/en/alert/14081306
URL:www.hkcert.org/my_url/en/alert/14081307
URL:www.hkcert.org/my_url/en/alert/14081308
URL:www.hkcert.org/my_url/en/alert/14081309
URL:xforce.iss.net/xforce/xfdb/94986
URL:xforce.iss.net/xforce/xfdb/94999
URL:xforce.iss.net/xforce/xfdb/95000
20.
Vulnerabilities in Adobe Products
(APSB14-18, APSB14-19)
[13/08/2014] Vulnerabilities were identified in the Adobe Flash Player,
Adobe Reader and Acrobat XI. An attacker could bypass security restriction and
compromise a vulnerable system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb14-18.html
URL:helpx.adobe.com/security/products/reader/apsb14-19.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/14081310
URL:www.hkcert.org/my_url/en/alert/14081311
URL:www.us-cert.gov/ncas/current-activity/2014/08/12/Adobe-Releases-Security-Updates-Flash-Player-Adobe-Reader-and
21.
Vulnerabilities in Apache
Subversion
[13/08/2014]
Vulnerabilities were identified in the Apache
Subversion. An attacker could bypass security restriction and perform spoofing
attacks. These vulnerabilities affect versions prior to 1.8.10 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:subversion.apache.org/security/CVE-2014-3522-advisory.txt
22.
Vulnerabilities in BlackBerry Products
(BSRT-2014-006, BSRT-2014-007)
[13/08/2014] Vulnerabilities were identified in the BlackBerry 10 OS,
BlackBerry Enterprise Service, BlackBerry Enterprise Server Express for IBM
Lotus Domino, BlackBerry Enterprise Server Express for Microsoft Exchange,
BlackBerry Enterprise Server for IBM Lotus Domino, BlackBerry Enterprise Server
for Microsoft Exchange and BlackBerry Enterprise Server for Novell GroupWise. An
attacker could bypass security restrictions, execute arbitrary code, obtain
sensitive information, cause a denial of service condition and compromise a
vulnerable system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36174&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36174
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB36175&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB36175
23.
Vulnerability in Cisco Unified
Communications Manager
[13/08/2014] Vulnerability was identified in the Cisco Unified
Communications Manager. An attacker could bypass security restrictions, execute
arbitrary code and perform code injection attacks. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339
24.
Vulnerabilities in IBM Products (1680036,
1680387, 1680562, 1680565, 1680702, 1680792, 1680797, 1680798, 1680914,
MIGR-5095940)
[13/08/2014] Vulnerabilities were identified in the IBM Tivoli Netview for
z/OS, IBM Enterprise Common Collector, IBM Tivoli System Automation for
Multiplatforms, IBM Tivoli System Automation Application Manager, IBM OpenPages
with Application Server, IBM SmartCloud Orchestrator and IBM Flex System FC5022
SAN Scalable Switch. An attacker could obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise a vulnerable system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21680036
URL:www.ibm.com/support/docview.wss?uid=swg21680387
URL:www.ibm.com/support/docview.wss?uid=swg21680562
URL:www.ibm.com/support/docview.wss?uid=swg21680565
URL:www.ibm.com/support/docview.wss?uid=swg21680702
URL:www.ibm.com/support/docview.wss?uid=swg21680792
URL:www.ibm.com/support/docview.wss?uid=swg21680797
URL:www.ibm.com/support/docview.wss?uid=swg21680798
URL:www.ibm.com/support/docview.wss?uid=swg21680914
URL:ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940
25.
Vulnerabilities in
OpenVPN
[13/08/2014]
Vulnerabilities were identified in the OpenVPN.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and compromise a
vulnerable system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:openvpn.net/index.php/open-source/downloads.html
26.
Security Updates in Oracle Linux
(ELSA-2014-1038, ELSA-2014-3067)
[13/08/2014] Oracle has
released security update packages for fixing the vulnerability identified in the
tomcat6 and kernel packages for Oracle Linux 6 and 7. An attacker could obtain
sensitive information and cause a denial of service
condition.
URL:linux.oracle.com/errata/ELSA-2014-1038.html
URL:linux.oracle.com/errata/ELSA-2014-3067.html
27.
Security Updates in SUSE
(SUSE-SU-2014:0972-1, openSUSE-SU-2014:0983-1,
openSUSE-SU-2014:0986-1)
[13/08/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the apache2-mod_security2 packages for SUSE Linux Enterprise Server 11, and the
exim package for openSUSE 11.4, 12.3 and 13.1. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.suse.com/support/update/announcement/2014/suse-su-20140972-1.html
URL:lists.opensuse.org/opensuse-updates/2014-08/msg00014.html
URL:lists.opensuse.org/opensuse-updates/2014-08/msg00017.html
28.
Security Updates in Ubuntu GNU/Linux
(USN-2312-1)
[13/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openjdk-6 package for versions 10.04 LTS and 12.04 LTS of Ubuntu GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2312-1/
29. Vulnerabilities in Cisco Unified Communications
Manager
[12/08/2014]
Vulnerabilities were identified in the Cisco
Unified Communications Manager. An attacker could bypass security restrictions,
gain elevated privileges, execute arbitrary code and cause a denial of service
condition. These vulnerabilities affect multiple versions of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338
30.
Vulnerabilities in IBM Products (1673611,
1677490, 1680418)
[12/08/2014] Vulnerabilities were identified in the IBM Endpoint Manager
for Remote Control, IBM Tivoli Endpoint Manager for Remote Control and IBM Java
SDK shipped with IBM WebSphere Application Server. An attacker could obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21673611
URL:www.ibm.com/support/docview.wss?uid=swg21677490
URL:www.ibm.com/support/docview.wss?uid=swg21680418
URL:www.hkcert.org/my_url/en/alert/14081201
URL:www.hkcert.org/my_url/en/alert/14081202
31.
Vulnerability in D-Link Products
(SAP10042)
[12/08/2014]
Vulnerability was identified in D-Link DNS-315L,
D-Link DNS-320L, D-Link DNS-327L, D-Link DNS-340L, and D-Link DNS-345. An
attacker could bypass security restrictions and execute arbitrary code. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:securityadvisories.dlink.com/security/publication.aspx?name=SAP10042
URL:xforce.iss.net/xforce/xfdb/95207
32.
Vulnerability in SHARP MX Series Printers
(95205)
[12/08/2014]
Vulnerability was identified in the SHARP MX
Series Printers. An attacker could execute arbitrary code and cause a denial of
service condition. This vulnerability affects multiple versions of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95205
33.
Vulnerabilities in MIT Kerberos 5 (95210,
95211, 95212)
[12/08/2014] Vulnerabilities were identified in the MIT Kerberos 5. An
attacker could bypass security restrictions, execute arbitrary code, cause a
buffer overflow, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95210
URL:xforce.iss.net/xforce/xfdb/95211
URL:xforce.iss.net/xforce/xfdb/95212
34.
Security Updates in Debian (DSA-3003-1,
DSA-3004-1)
[12/08/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the libav and kde4libs packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges and crash the
system.
URL:www.debian.org/security/2014/dsa-3003
URL:www.debian.org/security/2014/dsa-3004
35.
Security Updates in Red Hat Products
(RHSA-2014:1038-1, RHSA-2014:1039-1, RHSA-2014:1040-1, RHSA-2014:1041-1,
RHSA-2014:1042-1)
[12/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the tomcat6, java-1.7.0-ibm and java-1.7.1-ibm packages for Red Hat
Enterprise Linux 5, 6 and 7, and the Red Hat JBoss Enterprise Application
Platform 6.3.0 for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1038.html
URL:rhn.redhat.com/errata/RHSA-2014-1039.html
URL:rhn.redhat.com/errata/RHSA-2014-1040.html
URL:rhn.redhat.com/errata/RHSA-2014-1041.html
URL:rhn.redhat.com/errata/RHSA-2014-1042.html
36.
Security Updates in SUSE
(openSUSE-SU-2014:0976-1, openSUSE-SU-2014:0982-1,
openSUSE-SU-2014:0985-1)
[12/08/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaThunderbird, chromium and kernel packages for openSUSE 12.3 and 13.1.
Due to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, obtain sensitive information, cause a denial of service
condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00007.html
37.
Security Updates in Ubuntu GNU/Linux
(USN-2309-1, USN-2310-1, USN-2311-1)
[12/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libav, krb5 and python-pycadf packages for versions 10.04 LTS, 12.04 LTS and
14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2309-1/
URL:www.ubuntu.com/usn/usn-2310-1/
URL:www.ubuntu.com/usn/usn-2311-1/
38.
Vulnerability in Cisco Unity
Connection
[11/08/2014]
Vulnerability was identified in the Cisco Unity
Connection. An attacker could bypass security restrictions, execute arbitrary
code and obtain sensitive information. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3336
39.
Vulnerability in Drupal
(SA-CONTRIB-2014-076)
[11/08/2014] Vulnerability was identified in the Fasttoggle module for
Drupal. An attacker could bypass security restrictions. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.drupal.org/node/2316747
URL:www.hkcert.org/my_url/en/alert/14080802
URL:xforce.iss.net/xforce/xfdb/95151
40.
Vulnerability in nginx
(95167)
[11/08/2014]
Vulnerability was identified in the nginx. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. This vulnerability affects multiple versions 1.5.6 and
1.7.3 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95167
41.
Vulnerabilities in
WordPress
[11/08/2014]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, obtain sensitive
information, cause a denial of service condition and compromise a vulnerable
system. These vulnerabilities affect versions prior to 3.9.2 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/14080801
42.
Security Updates in Oracle
Solaris
[11/08/2014]
Oracle has released security update packages for
fixing the vulnerability identified in the NSS packages for Oracle Solaris 8, 9,
10 and 11.1 An attacker could bypass security restrictions and obtain sensitive
information.
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen
43.
Security Updates in Debian (DSA-2998-1,
DSA-2999-1, DSA-3000-1, DSA-3001-1, DSA-3002-1)
[11/08/2014] Debian has released security update packages for fixing the
vulnerabilities identified in the openssl, drupal7, krb5, wordpress and
wireshark packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information, execute arbitrary code, cause a denial
of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-2998
URL:www.debian.org/security/2014/dsa-2999
URL:www.debian.org/security/2014/dsa-3000
URL:www.debian.org/security/2014/dsa-3001
URL:www.debian.org/security/2014/dsa-3002
44.
Security Updates in Mandriva
(MDVSA-2014:157, MDVSA-2014:158, MDVSA-2014:159)
[11/08/2014] Mandriva has released security update packages for fixing the
vulnerabilities identified in the ipython, openssl and wireshark packages for
version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:157/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:158/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:159/
45.
Security Updates in Slackware
(SSA:2014-220-01)
[11/08/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the openssl package for multiple versions of Slackware Linux. Due to multiple
errors, an attacker could bypass security restrictions and cause a denial of
service
condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587
46.
Security Updates in Gentoo Linux (GLSA
201408-02, GLSA 201408-03)
[11/08/2014] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the FreeType and LibSSH packages for multiple versions of Gentoo Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code and cause a denial of service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201408-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-03.xml
No comments:
Post a Comment