1. Vulnerability
in Apache HttpComponents
[29/08/2014] Vulnerability was identified in the Apache HttpClient and
Apache HttpAsyncClient. An attacker could perform man-in-the-middle attacks.
This vulnerability affects versions prior to 4.3.5 of Apache HttpClient, and
versions prior to 4.0.2 of Apache HttpAsyncClient. Security patches are
available to resolve this
vulnerability.
URL:mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/CVE-2014-3577
2. Vulnerabilities in Cisco Cloud
Portal
[29/08/2014]
Vulnerabilities were identified in the Cisco
Cloud Portal. An attacker could obtain sensitive information and execute
arbitrary code. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3349
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3350
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3351
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352
URL:xforce.iss.net/xforce/xfdb/95585
URL:xforce.iss.net/xforce/xfdb/95586
URL:xforce.iss.net/xforce/xfdb/95587
3. Vulnerabilities in IBM Products (1680453, 1680454,
1681277)
[29/08/2014]
Vulnerabilities were identified in the IBM
Tivoli Storage Manager (TSM) and IBM Emptoris Spend Analysis. An attacker could
bypass security restrictions, gain elevated privileges, perform cross-site
scripting and phishing attacks. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21680453
URL:www.ibm.com/support/docview.wss?uid=swg21680454
URL:www.ibm.com/support/docview.wss?uid=swg21681277
4. Vulnerabilities in Django (95564, 95566, 95567,
95569)
[29/08/2014]
Vulnerabilities were identified in the Django.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95564
URL:xforce.iss.net/xforce/xfdb/95566
URL:xforce.iss.net/xforce/xfdb/95567
URL:xforce.iss.net/xforce/xfdb/95569
5. Vulnerabilities in ManageEngine Products (95562,
95565)
[29/08/2014]
Vulnerabilities were identified in the
ManageEngine DeviceExpert and ManageEngine EventLog Analyzer. An attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code and perform cross-site scripting attacks. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve the vulnerability of the EventLog
Analyzer.
URL:xforce.iss.net/xforce/xfdb/95562
URL:xforce.iss.net/xforce/xfdb/95565
6. Security Updates in Debian (DSA-3013-1,
DSA-3014-1)
[29/08/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the s3ql and squid3 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code and cause a denial of service
condition.
URL:www.debian.org/security/2014/dsa-3013
URL:www.debian.org/security/2014/dsa-3014
7. Security Updates in SUSE
(SUSE-SU-2014:1072-1)
[29/08/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MySQL packages for SUSE Linux Enterprise 11. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary
code.
URL:lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html
8. Security Updates in Ubuntu GNU/Linux (USN-2327-1,
USN-2328-1)
[29/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the squid3 and eglibc packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS
of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code and cause a
denial of service
condition.
URL:www.ubuntu.com/usn/usn-2327-1/
URL:www.ubuntu.com/usn/usn-2328-1/
9. Information Updates on Microsoft Security Bulletin
(MS14-045)
[28/08/2014]
Microsoft has updated information on the
Security Bulletin for Microsoft Windows. MS14-045 was rereleased to announce the
replacement of the 2982791 update with the 2993651 update for all supported
releases of Microsoft
Windows.
URL:technet.microsoft.com/library/security/ms14-045
10.
Vulnerabilities in Cisco
Products
[28/08/2014]
Vulnerabilities were identified in the Cisco
Transport Gateway for Smart Call Home and Cisco 1800 Series Integrated Services
Routers. An attacker could bypass security restrictions, execute arbitrary code
and cause a denial of service condition. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3345
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3346
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347
URL:xforce.iss.net/xforce/xfdb/95558
11.
Vulnerability in IBM DB2 Accessories
Suite (1682096)
[28/08/2014] Vulnerability was identified in the IBM DB2 Accessories
Suite. An attacker could cause a denial of service condition and execute
arbitrary code. This vulnerability affects versions 10.1 and 10.5 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21682096
12.
Vulnerability in Novell GroupWise
(7015566)
[28/08/2014]
Vulnerability was identified in the GroupWise
2014 Administration service. An attacker could bypass security restrictions,
obtain sensitive information and execute arbitrary code. This vulnerability
affects versions prior to Support Pack 1 (SP1) of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:www.novell.com/support/kb/doc.php?id=7015566
URL:xforce.iss.net/xforce/xfdb/95557
13.
Vulnerabilities in VMware Support Tool
(95493, 95494)
[28/08/2014] Vulnerabilities were identified in the VMware Support Tool.
An attacker could bypass security restrictions, cause a denial of service
condition and crash the system. These vulnerabilities affect version vm-support
0.88 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95493
URL:xforce.iss.net/xforce/xfdb/95494
14.
Vulnerability in SolarWinds Storage
Manager
[28/08/2014]
Vulnerability was identified in the SolarWinds
Storage Manager. An attacker could bypass security restrictions, execute
arbitrary code and cause a denial of service condition. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.solarwinds.com/support/updates.aspx
URL:xforce.iss.net/xforce/xfdb/95559
15.
Vulnerability in Linux Kernel
(95556)
[28/08/2014]
Vulnerability was identified in the Linux
Kernel. An attacker could cause a denial of service condition and crash the
system. The affected version was not specified. Security patches are available
to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95556
16.
Vulnerability in MailPoet Newsletters
Plugin for WordPress
[28/08/2014] Vulnerability was identified in the MailPoet Newsletters
Plugin for WordPress. An attacker could bypass security restrictions, execute
arbitrary code, perform cross-site scripting and cross-site request forgery
attacks. This vulnerability affects versions prior to 2.6.11 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:wordpress.org/plugins/wysija-newsletters/changelog/
URL:xforce.iss.net/xforce/xfdb/95500
17.
Security Updates in Debian
(DSA-3012-1)
[28/08/2014] Debian has
released security update packages for fixing the vulnerability identified in the
eglibc packages for multiple versions of Debian GNU/Linux. An attacker could
execute arbitrary code and cause a denial of service
condition.
URL:www.debian.org/security/2014/dsa-3012
18.
Security Updates in Red Hat Products
(RHSA-2014:1101-1, RHSA-2014:1102-1)
[28/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel package for Red Hat Enterprise Linux 6, and the
ror40-rubygem-activerecord package for Red Hat Software Collections 1 for RHEL
6. Due to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1101.html
URL:rhn.redhat.com/errata/RHSA-2014-1102.html
19.
Vulnerability in Cisco Transport Gateway
for Smart Call Home
[27/08/2014] Vulnerability was identified in the Cisco Transport Gateway
for Smart Call Home. An attacker could bypass security restrictions and perform
cross-site scripting attack. This vulnerability affects multiple firmware
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3344
20.
Vulnerabilities in IBM Products
(N1020240, 1680665, 1681114, 1681214, 1681933, MIGR-5096132,
MIGR-5096153)
[27/08/2014] Vulnerabilities were identified in the IBM i Operating
System, IBM Emptoris Sourcing Portfolio, IBM HTTP Server, IBM Notes and Domino,
IBM Content Integrator, IBM Sterling Control Center, IBM Fabric Manager and IBM
Flex System Manager. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=nas8N1020240
URL:www.ibm.com/support/docview.wss?uid=swg21680665
URL:www.ibm.com/support/docview.wss?uid=swg21681114
URL:www.ibm.com/support/docview.wss?uid=swg21681214
URL:www.ibm.com/support/docview.wss?uid=swg21681933
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153
URL:xforce.iss.net/xforce/xfdb/91395
21.
Vulnerabilities in Novell Products
(5190470, 5190471, 5190472, 5190530, 5190531, 5190532, 5190550, 5190551,
5190552)
[27/08/2014]
Vulnerabilities were identified in the Novell
File Reporter, Novell GroupWise, Novell Kanaka for Mac and Novell Storage
Manager. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=_aVoXvX0mJo~
URL:download.novell.com/Download?buildid=5bsZgAej4GI~
URL:download.novell.com/Download?buildid=-815P6M-Uq4~
URL:download.novell.com/Download?buildid=adKLQO6vZjA~
URL:download.novell.com/Download?buildid=dto6obSiSuM~
URL:download.novell.com/Download?buildid=m2NNE-BWQ58~
URL:download.novell.com/Download?buildid=MnyxLK-LI-E~
URL:download.novell.com/Download?buildid=NB35noeHLaY~
URL:download.novell.com/Download?buildid=NcCs0Ss65DU~
URL:download.novell.com/Download?buildid=p3OTSpSOkFI~
URL:download.novell.com/Download?buildid=PJTVAWcyTDs~
URL:download.novell.com/Download?buildid=tMSI_yfIplo~
URL:download.novell.com/Download?buildid=UwVDLUWGqag~
22.
Vulnerabilities in Google
Chrome
[27/08/2014]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and compromise a vulnerable system. These
vulnerabilities affect versions prior to 37.0.2062.94 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/08/stable-channel-update_26.html
URL:xforce.iss.net/xforce/xfdb/95468
URL:xforce.iss.net/xforce/xfdb/95470
URL:xforce.iss.net/xforce/xfdb/95475
URL:xforce.iss.net/xforce/xfdb/95476
23.
Vulnerability in ntopng
(95461)
[27/08/2014]
Vulnerability was identified in the ntopng. An
attacker could perform cross-site scripting attacks. This vulnerability affects
version 1.2.0 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95461
24.
Vulnerability in VTLS Virtua
(95464)
[27/08/2014]
Vulnerability was identified in the VTLS Virtua.
An attacker could perform code injection attacks. This vulnerability affects
versions prior to 2014.1.1 and 2013.2.4 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95464
25.
Vulnerability in MEHR Automation System
(95465)
[27/08/2014]
Vulnerability was identified in the MEHR
Automation System. An attacker could bypass security restrictions and execute
arbitrary code. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/95465
26.
Security Updates in Red Hat Products
(RHSA-2014:1098-1)
[27/08/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the devtoolset-2-httpcomponents-client package for Red Hat Developer Toolset 2.
An attacker could bypass security restrictions, obtain sensitive information and
perform spoofing
attacks.
URL:rhn.redhat.com/errata/RHSA-2014-1098.html
27.
Vulnerability in Cisco IOS XR
Software
[26/08/2014]
Vulnerability was identified in the Cisco IOS XR
Software for ASR 9000 Series Aggregation Services Routers. An attacker could
bypass security restrictions and cause a denial of service condition. This
vulnerability affects multiple firmware versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335
URL:xforce.iss.net/xforce/xfdb/95443
28.
Vulnerabilities in HP Products
(c04388127, c04398922, c04398943)
[26/08/2014] Vulnerabilities were identified in the HP Service Manager and
HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
perform cross-site scripting and cross-site request forgery attacks and obtain
sensitive information. These vulnerabilities affect multiple versions of
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04388127
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04398922
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04398943
URL:xforce.iss.net/xforce/xfdb/95447
29.
Vulnerabilities in IBM HTTP Server
(1672428)
[26/08/2014]
Vulnerabilities were identified in the IBM HTTP
Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and cause a denial of service condition.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21672428
URL:www.hkcert.org/my_url/en/alert/14082601
30.
Vulnerabilities in Barracuda Networks Web
Security Flex (95445, 95446)
[26/08/2014] Vulnerabilities were identified in the Barracuda Networks Web
Security Flex. An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site scripting attacks. These vulnerabilities affect
version 4.1 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95445
URL:xforce.iss.net/xforce/xfdb/95446
31.
Vulnerabilities in Zarafa Products
(95452, 95453)
[26/08/2014] Vulnerabilities were identified in multiple Zarafa products.
An attacker could obtain sensitive information. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95452
URL:xforce.iss.net/xforce/xfdb/95453
32.
Vulnerabilities in phpMyAdmin
(PMASA-2014-8, PMASA-2014-9)
[26/08/2014] Vulnerabilities were identified in the phpMyAdmin. An
attacker could perform cross-site scripting and request forgery attacks. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
33.
Security Updates in Oracle Linux
(ELSA-2014-3070)
[26/08/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel-uek packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions and obtain sensitive
information.
URL:linux.oracle.com/errata/ELSA-2014-3070
34.
Security Updates in Red Hat Products
(RHSA-2014:1082-3, RHSA-2014:1091-1)
[26/08/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the thermostat1-httpcomponents-client package for Red Hat Software
Collections 1 and the mod_wsgi package for Red Hat Enterprise Linux 7. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-1082.html
URL:rhn.redhat.com/errata/RHSA-2014-1091.html
35.
Security Updates in Ubuntu GNU/Linux
(USN-2319-2)
[26/08/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openjdk-7 package for version 14.04 LTS of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and cause a denial
of service
condition.
URL:www.ubuntu.com/usn/usn-2319-2/
36.
Vulnerabilities in Apache
OpenOffice.org
[25/08/2014] Vulnerabilities were identified in the Apache OpenOffice.org.
An attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. These vulnerabilities affect versions prior to 4.1.1 of
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:blogs.apache.org/OOo/entry/announcing_apache_openoffice_4_1
URL:xforce.iss.net/xforce/xfdb/95420
URL:xforce.iss.net/xforce/xfdb/95421
37.
Vulnerability in IBM AIX and Virtual I/O
Server
[25/08/2014]
Vulnerability was identified in the Libxml2
package included in IBM AIX and Virtual I/O Server. An attacker could bypass
security restrictions and cause a denial of service condition. This
vulnerability affects versions 6.1 and 7.1 of IBM AIX, and versions 2.2.x of IBM
Virtual I/O Server. Security patches are available to resolve this
vulnerability.
URL:aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc
38.
Vulnerability in Huawei Android Devices
(Huawei-SA-20140821-Android)
[25/08/2014] Vulnerability was identified in the Huawei Android devices.
An attacker could bypass security restrictions, execute arbitrary code and cause
a denial of service condition. This vulnerability affects firmware version
V100R001 of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-363101.htm
39.
Vulnerability in MyBB
(95411)
[25/08/2014]
Vulnerability was identified in the MyBB. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects version 1.8 Beta 3 of
the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95411
40.
Vulnerability in PHP
(95408)
[25/08/2014]
Vulnerability was identified in the PHP. An
attacker could cause a denial of service condition and crash the system. This
vulnerability affects versions 5.4.1 and 5.4.2 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95408
41.
Vulnerability in QEMU
(95419)
[25/08/2014]
Vulnerability was identified in the QEMU. An
attacker could execute arbitrary code and obtain sensitive information. The
affected version was not specified. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95419
42.
Vulnerabilities in
WinSCP
[25/08/2014]
Vulnerabilities were identified in the WinSCP.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and compromise a
user's system. These vulnerabilities affect versions prior to 5.5.5 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:winscp.net/eng/docs/history#5.5.5
43.
Security Updates in Debian (DSA-3009-1,
DSA-3010-1, DSA-3011-1)
[25/08/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the python-imaging, python-django and mediawiki packages for multiple versions
of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, perform code
injection attacks, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3009
URL:www.debian.org/security/2014/dsa-3010
URL:www.debian.org/security/2014/dsa-3011
No comments:
Post a Comment