1. Vulnerability
in HP NonStop NetBatch (c04383854)
[01/08/2014] Vulnerability was identified in the HP NonStop NetBatch. An
attacker could bypass security restrictions and execute arbitrary code. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04383854
URL:secunia.com/advisories/60617/
2. Vulnerabilities in IBM Products (T1020637, T1020989,
IC96174, 1679409)
[01/08/2014] Vulnerabilities were identified in the IBM General Parallel
File System, IBM System Networking Switch Center, IBM WebSphere DataPower XC10
Appliance and IBM PureApplication System. An attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code and cause a denial of service condition. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg3T1020637
URL:www.ibm.com/support/docview.wss?uid=isg3T1020989
URL:www.ibm.com/support/docview.wss?uid=swg1IC96174
URL:www.ibm.com/support/docview.wss?uid=swg21679409
URL:secunia.com/advisories/59650/
URL:secunia.com/advisories/60184/
URL:secunia.com/advisories/60185/
3. Vulnerability in Novell eDirectory
(3426981)
[01/08/2014]
Vulnerability was identified in the Novell
eDirectory. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects versions
prior to 8.8 SP8 Patch 2 Hotfix 1 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.novell.com/support/kb/doc.php?id=3426981
URL:secunia.com/advisories/59297/
4. Vulnerability in Symantec Endpoint
Protection
[01/08/2014]
Vulnerability was identified in the Symantec
Endpoint Protection. An attacker could gain elevated privileges and execute
arbitrary code. This vulnerability affects version 12.1.4100.4126 and possibly
other versions of the mentioned
product.
URL:www.hkcert.org/my_url/en/alert/14080101
5. Vulnerability in Trend Micro
ServerProtect
[01/08/2014] Vulnerability was identified in the Trend Micro ServerProtect
for Microsoft Windows/Novell NetWare. An attacker could obtain sensitive
information. This vulnerability affects version 5.8 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:files.trendmicro.com/documentation/readme/serverprotect/readme.txt
6. Security Updates in Oracle Products
(ELSA-2014-3053)
[01/08/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel-uek packages for Oracle Linux 5 and 6, and the CVS, ModSecurity,
Emacs, Memcached, Apache Tomcat, Direct Rendering Manager (DRM) i915 driver,
Libxml2, DBus, Apache HTTP Server, Ruby, LibTIFF, LittleCMS, GnuPG, NMap,
Ejabberd, OpenStack Identity (Keystone), Wireshark, ImageMagick, RubyGems,
Django, OpenSSL, Pidgin, Puppet and Python Image Library (PIL) packages for
Oracle Solaris 11.2. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, gain elevated privileges and
cause a denial of service condition. These vulnerabilities affect multiple
versions of the mentioned
products.
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_0804_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2751_improper_input
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_3479_arbitrary_code
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_0179_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_0346_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_0913_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_1915_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_1969_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_2168_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_2765_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_4243_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_4244_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_4276_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_4351_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_4402_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_4885_unrestricted_file
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_6169_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_2828_authentication_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_2907_denial_of
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in2
URL:blogs.oracle.com/sunsecurity/entry/multiple_cryptographic_issues_vulnerabilities_in1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_django
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ejabberd
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl4
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_pidgin2
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_puppet
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python_image
URL:linux.oracle.com/errata/ELSA-2014-3053.html
URL:secunia.com/advisories/59109/
7. Security Updates in Debian (DSA-2993-1,
DSA-2994-1)
[01/08/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the Tor and nss packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2014/dsa-2993
URL:www.debian.org/security/2014/dsa-2994
8. Security Updates in Mandriva (MDVSA-2014:145,
MDVSA-2014:146, MDVSA-2014:147, MDVSA-2014:148)
[01/08/2014] Mandriva has released security update packages for fixing the
vulnerabilities identified in the php-ZendFramework, file, sendmail and dbus
packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code and cause a
denial of service
condition.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:145/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:146/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:147/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:148/
9. Security Updates in SUSE (openSUSE-SU-2014:0953-2,
SUSE-SU-2014:0955-1)
[01/08/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ppc64-diag package for openSUSE 12.3, and the lzo package for SUSE Linux
Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00024.html
10.
Security Updates in Red Hat Products
(RHSA-2014:0994-1)
[01/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openstack-keystone packages for Red Hat Enterprise Linux OpenStack
Platform 3.0 and 4.0. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information and gain elevated
privileges.
URL:rhn.redhat.com/errata/RHSA-2014-0994.html
11.
Security Updates in Ubuntu GNU/Linux
(USN-2303-1, USN-2304-1)
[01/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the unity and kde4libs packages for versions 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2303-1/
URL:www.ubuntu.com/usn/usn-2304-1/
12.
Vulnerability in HP and H3C VPN Firewall
Module Products (c03993467)
[31/07/2014] Vulnerability was identified in the HP and H3C VPN Firewall
Module Products. An attacker could bypass security restrictions and cause a
denial of service condition. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03993467-2
URL:secunia.com/advisories/60540/
13.
Vulnerabilities in IBM Products
(N1020184, PI19335, 1673581, 1675956, 1676186, 1676776, 1677032, 1678323,
1678754, 1678798, 1678885, 1678894)
[31/07/2014] Vulnerabilities were identified in the IBM i Group, IBM
COGNOS TM1, IBM Rational Quality Manager, IBM Rational Team Concert, IBM
Rational Requirements Composer, IBM Rational DOORS Next Generation, IBM Rational
Engineering Lifecycle Manager, IBM Rational Rhapsody Design Manager, IBM
Rational Software Architect Design Manager, IBM WebSphere Portal, IBM Maximo
Asset Management, IBM Maximo Asset Management Essentials, IBM Maximo for
Government, IBM Maximo for Nuclear Power, IBM Maximo for Transportation, IBM
Maximo for Life Sciences, IBM Maximo for Oil and Gas, IBM Maximo for Utilities,
IBM SmartCloud Control Desk, IBM Tivoli Asset Management for IT, IBM Tivoli
Service Request Manager, IBM Maximo Service Desk, IBM Change and Configuration
Management Database and IBM Global Console Manager. An attacker could bypass
security restrictions, execute arbitrary code, perform phishing attacks and
cause a denial of service condition. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=nas8N1020184
URL:www.ibm.com/support/docview.wss?uid=swg1PI19335
URL:www.ibm.com/support/docview.wss?uid=swg21673581
URL:www.ibm.com/support/docview.wss?uid=swg21675956
URL:www.ibm.com/support/docview.wss?uid=swg21676186
URL:www.ibm.com/support/docview.wss?uid=swg21676776
URL:www.ibm.com/support/docview.wss?uid=swg21677032
URL:www.ibm.com/support/docview.wss?uid=swg21678323
URL:www.ibm.com/support/docview.wss?uid=swg21678754
URL:www.ibm.com/support/docview.wss?uid=swg21678798
URL:www.ibm.com/support/docview.wss?uid=swg21678885
URL:www.ibm.com/support/docview.wss?uid=swg21678894
URL:secunia.com/advisories/59570/
URL:secunia.com/advisories/59604/
URL:secunia.com/advisories/59612/
URL:secunia.com/advisories/59628/
URL:secunia.com/advisories/59640/
URL:secunia.com/advisories/60260/
URL:secunia.com/advisories/60499/
URL:secunia.com/advisories/60560/
14.
Vulnerability in Hitachi Command Suite
Products (HS14-018)
[31/07/2014] Vulnerability was identified in multiple Hitachi Command
Suite products. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and cause a denial of service condition.
This vulnerability affects multiple versions of the mentioned products. Security
patches are available to resolve this
vulnerability.
URL:www.hitachi.co.jp/Prod/comp/soft1/global/security/info/./vuls/HS14-018/index.html
URL:secunia.com/advisories/60253/
15.
Vulnerabilities in Tableau
Server
[31/07/2014]
Vulnerabilities were identified in the Tableau
Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise a user's system. These vulnerabilities affect versions prior to 8.1.9
and prior to 8.2.1 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:www.tableausoftware.com/support/releases/8.1.9
URL:www.tableausoftware.com/support/releases/8.2.1
URL:secunia.com/advisories/60438/
16.
Vulnerability in Barracuda Load Balancer
(BNSEC-01263)
[31/07/2014] Vulnerability was identified in the Barracuda Load Balancer.
An attacker could bypass security restrictions and perform cross-site scripting
attacks. This vulnerability affects version 4.2.2 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:www.barracuda.com/support/knowledgebase/501600000013gvr
URL:xforce.iss.net/xforce/xfdb/94928
17.
Vulnerabilities in SAP Products (94921,
94922, 94923, 94930, 94931, 94932)
[31/07/2014] Vulnerabilities were identified in the SAP NetWeaver Business
Client, SAP HANA XS Administration Tool, SAP FI Manager Self-Service, SAP HANA
Extended Application Services and SAP Solution Manager. An attacker could bypass
security restrictions, execute arbitrary code, perform cross-site scripting
attacks, cause a denial of service condition and compromise a user's system.
These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/94921
URL:xforce.iss.net/xforce/xfdb/94922
URL:xforce.iss.net/xforce/xfdb/94923
URL:xforce.iss.net/xforce/xfdb/94930
URL:xforce.iss.net/xforce/xfdb/94931
URL:xforce.iss.net/xforce/xfdb/94932
18.
Security Updates in Oracle Products
(ELSA-2014-0981)
[31/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel packages for Oracle Linux 6. An attacker could bypass security
restrictions and cause a denial of service
condition.
URL:linux.oracle.com/errata/ELSA-2014-0981.html
URL:secunia.com/advisories/60553/
19.
Security Updates in Mandriva
(MDVSA-2014:142, MDVSA-2014:143, MDVSA-2014:144)
[31/07/2014] Mandriva has released security update packages for fixing the
vulnerabilities identified in the apache, phpmyadmin and live packages for
version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code
and cause a denial of service
condition.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:142/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:143/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:144/
20.
Security Updates in SUSE
(openSUSE-SU-2014:0939-1, openSUSE-SU-2014:0950-1,
openSUSE-SU-2014:0953-1)
[31/07/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla, Firefox, Thunderbird and ppc64-diag packages for openSUSE 11.4,
12.3 and 13.1. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2014-07/msg00022.html
21.
Security Updates in Red Hat Products
(RHSA-2014:0982-1)
[31/07/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.6.0-ibm packages for Red Hat Network Satellite Server 5.4, 5.5 and
Red Hat Satellite 5.6. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, gain
elevated privileges, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-0982.html
URL:secunia.com/advisories/60570/
22.
Security Updates in Ubuntu GNU/Linux
(USN-2302-1)
[31/07/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the tomcat6 and tomcat7 packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS
of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, perform
smuggling attacks and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2302-1/
23.
Information Updates on Microsoft Security
Advisory and Bulletins (2915720, MS13-098, MS14-037)
[30/07/2014] Microsoft has updated information on the Security Advisory
and Bulletins for Microsoft Windows and Internet Explorer. (a) KB2915720 and
MS13-098 were revised to announce that Microsoft no longer plans to enforce the
stricter verification behavior as a default functionality on supported releases
of Microsoft Windows. (b) MS14-037 corrected the severity table and
vulnerability information to add CVE-2014-4066 as a vulnerability addressed by
this
update.
URL:technet.microsoft.com/library/security/2915720
URL:technet.microsoft.com/library/security/ms13-098
URL:technet.microsoft.com/library/security/ms14-037
24.
Vulnerabilities in Cisco Unified Customer
Voice Portal
[30/07/2014] Vulnerabilities were identified in the Cisco Unified Customer
Voice Portal (CVP). An attacker could bypass security restrictions and perform
cross-site scripting attacks. These vulnerabilities affect multiple versions of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325
25.
Vulnerabilities in IBM Products (1663039,
1665738, 1665739, 1677032, 1677719, 1678830)
[30/07/2014] Vulnerabilities were identified in the IBM eDiscovery
Analyzer, IBM eDiscovery Manager, IBM WebSphere Portal, IBM InfoSphere Data
Quality Console, IBM Content Analytics with Enterprise Search and IBM OmniFind
Enterprise Edition. An attacker could bypass security restrictions, execute
arbitrary code, perform phishing attacks and cause a denial of service
condition. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21663039
URL:www.ibm.com/support/docview.wss?uid=swg21665738
URL:www.ibm.com/support/docview.wss?uid=swg21665739
URL:www.ibm.com/support/docview.wss?uid=swg21677032
URL:www.ibm.com/support/docview.wss?uid=swg21677719
URL:www.ibm.com/support/docview.wss?uid=swg21678830
URL:secunia.com/advisories/59172/
URL:secunia.com/advisories/59267/
URL:secunia.com/advisories/59373/
URL:secunia.com/advisories/59394/
26.
Vulnerabilities in Waterfox
Firefox
[30/07/2014]
Vulnerabilities were identified in the Waterfox
Firefox. An attacker could bypass security restrictions and compromise a user's
system. These vulnerabilities affect versions prior to 31.0 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.waterfoxproject.org/development.php?fn_mode=fullnews&fn_id=70
URL:secunia.com/advisories/59760/
27.
Security Updates in Debian
(DSA-2992-1)
[30/07/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the Linux kernel package for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information, cause a denial of service condition
and crash the
system.
URL:www.debian.org/security/2014/dsa-2992
28.
Security Updates in Mandriva
(MDVSA-2014:139, MDVSA-2014:140, MDVSA-2014:141)
[30/07/2014] Mandriva has released security update packages for fixing the
vulnerabilities identified in the nss, owncloud and java-1.7.0-openjdk packages
for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, execute arbitrary code, gain elevated
privileges, obtain sensitive information and cause a denial of service
condition.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:139/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:140/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:141/
29.
Information Updates on Microsoft Security
Bulletin (MS14-036)
[29/07/2014] Microsoft
has updated information on the Security Bulletin for Microsoft Windows,
Microsoft Office, and Microsoft Lync. MS14-036 was corrected the update
replacements for the Windows Vista (Windows GDI+) (2957503) update and the
Windows Server 2008 (Windows GDI+) (2957503)
update.
URL:technet.microsoft.com/library/security/ms14-036
30.
Vulnerability in Cisco Prime Data Center
Network Manager
[29/07/2014] Vulnerability was identified in the Cisco Prime Data Center
Network Manager. An attacker could bypass security restrictions and perform
cross-site scripting attacks. This vulnerability affects multiple versions of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329
31.
Vulnerabilities in HP Insight Control
server (c04378799)
[29/07/2014] Vulnerabilities were identified in the HP Insight Control
server. An attacker could bypass security restrictions, obtain sensitive
information, cause a denial of service condition, execute arbitrary code and
compromise a vulnerable system. These vulnerabilities affect multiple versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04378799
URL:secunia.com/advisories/60478/
32.
Vulnerabilities in IBM Products (1673581,
1677891, 1678302, 1679064)
[29/07/2014] Vulnerabilities were identified in the IBM Rational Quality
Manager, IBM Rational Team Concert, IBM Rational Requirements Composer, IBM
Rational DOORS Next Generation, IBM Rational Engineering Lifecycle Manager, IBM
Rational Rhapsody Design Manager, IBM Rational Software Architect Design
Manager, IBM Websphere Message Broker, IBM Integration Bus, IBM TPF Toolkit, IBM
Business Process Manager and IBM WebSphere Lombardi Edition. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
obtain sensitive information and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21673581
URL:www.ibm.com/support/docview.wss?uid=swg21677891
URL:www.ibm.com/support/docview.wss?uid=swg21678302
URL:www.ibm.com/support/docview.wss?uid=swg21679064
URL:secunia.com/advisories/59511/
URL:secunia.com/advisories/59520/
URL:secunia.com/advisories/59557/
URL:secunia.com/advisories/59590/
33.
Vulnerabilities in Novell NetIQ Sentinel
Log Manager (5189250)
[29/07/2014] Vulnerabilities were identified in the Novell NetIQ Sentinel
Log Manager. An attacker could gain elevated privileges, execute arbitrary code,
obtain sensitive information and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=JGUz3yrynuE~
34.
Vulnerabilities in Hitachi Cosminexus and
uCosminexus Products (HS14-019)
[29/07/2014] Vulnerabilities were identified in multiple Hitachi
Cosminexus and uCosminexus products. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise a user's system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-019/index.html
URL:secunia.com/advisories/60437/
35.
Vulnerability in Silver Peak VX
(VU#867980)
[29/07/2014] Vulnerability was identified in the Silver Peak VX. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, perform cross-site request forgery and cross-site scripting
attacks. This vulnerability affects versions prior to 6.2.4 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/867980
36.
Security Updates in Red Hat Products
(RHSA-2014:0949-1)
[29/07/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel packages for Red Hat Enterprise Linux 6. An attacker could gain
elevated privileges, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-0949.html
37.
Vulnerability in Apple
QuickTime
[28/07/2014]
Vulnerability was identified in the Apple
QuickTime. An attacker could bypass security restrictions and execute arbitrary
code. The affected version was not
specified.
URL:www.hkcert.org/my_url/en/alert/14072801
38.
Vulnerabilities in Cisco
Products
[28/07/2014]
Vulnerabilities were identified in the Cisco
WebEx Meetings Server and Cisco Unified Presence Server. An attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code and cause a denial of service condition. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3302
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3304
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328
URL:xforce.iss.net/xforce/xfdb/94879
URL:xforce.iss.net/xforce/xfdb/94880
39.
Vulnerabilities in HP Systems Insight
Manager (c04379485)
[28/07/2014] Vulnerabilities were identified in the HP Systems Insight
Manager. An attacker could bypass security restrictions, obtain sensitive
information, cause a denial of service condition, execute arbitrary code and
compromise a vulnerable system. These vulnerabilities affect multiple versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04379485
URL:secunia.com/advisories/60477/
40.
Vulnerabilities in IBM Products (1678356,
1679221, 1679454)
[28/07/2014] Vulnerabilities were identified in the IBM Algo Audit and
Compliance and IBM Sametime Classic Meeting Server. An attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, obtain
sensitive information and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21678356
URL:www.ibm.com/support/docview.wss?uid=swg21679221
URL:www.ibm.com/support/docview.wss?uid=swg21679454
URL:secunia.com/advisories/60202/
URL:secunia.com/advisories/60436/
41.
Vulnerability in Barracuda
Firewall
[28/07/2014]
Vulnerability was identified in the Barracuda
Firewall. An attacker could bypass security restrictions and perform cross-site
scripting attacks. This vulnerability affects version 6.1.2 and possibly earlier
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.barracuda.com/support/knowledgebase/501600000013m1P
URL:xforce.iss.net/xforce/xfdb/94850
42.
Vulnerability in Linux Kernel
(94844)
[28/07/2014]
Vulnerability was identified in the Linux
Kernel. An attacker could cause a denial of service condition and crash the
system. The affected version was not specified. Security patches are available
to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/94844
43.
Vulnerability in Seasar S2Struts
(JVNDB-2014-000072)
[28/07/2014] Vulnerability was identified in the Seasar S2Struts. An
attacker could bypass security restrictions and execute arbitrary code. This
vulnerability affects versions prior to 1.2.13 and 1.3.2 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000072.html
URL:secunia.com/advisories/60254/
44.
Vulnerabilities in
Cyberfox
[28/07/2014]
Vulnerabilities were identified in the Cyberfox.
An attacker could bypass security restrictions and compromise a user's system.
This vulnerability affects versions prior to 31.0 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:8pecxstudios.com/hooray-your-cyberfox-is-up-to-date-31-0
URL:secunia.com/advisories/60435/
45.
Security Updates in Oracle Products
(ELSA-2014-0918, ELSA-2014-0926)
[28/07/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the thunderbird and kernel packages for Oracle Linux 5 and 6. An attacker could
bypass security restrictions, obtain sensitive information, cause a denial of
service condition, execute arbitrary code and compromise a user's
system.
URL:linux.oracle.com/errata/ELSA-2014-0918.html
URL:linux.oracle.com/errata/ELSA-2014-0926.html
URL:secunia.com/advisories/60306/
URL:secunia.com/advisories/60471/
46.
Security Updates in Debian (DSA-2986-1,
DSA-2987-1, DSA-2988-1, DSA-2989-1, DSA-2990-1,
DSA-2991-1)
[28/07/2014] Debian has
released security update packages for fixing the vulnerability identified in the
iceweasel, openjdk-7, transmission, apache2, cups and modsecurity-apache
packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2014/dsa-2986
URL:www.debian.org/security/2014/dsa-2987
URL:www.debian.org/security/2014/dsa-2988
URL:www.debian.org/security/2014/dsa-2989
URL:www.debian.org/security/2014/dsa-2990
URL:www.debian.org/security/2014/dsa-2991
URL:secunia.com/advisories/60485/
URL:secunia.com/advisories/60486/
47.
Security Updates in Gentoo Linux (GLSA
201407-05)
[28/07/2014]
Gentoo has released security update packages for
fixing the vulnerability identified in the openssl package for multiple versions
of Gentoo Linux. An attacker could execute arbitrary code and cause a denial of
service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201407-05.xml
No comments:
Post a Comment