1. Vulnerabilities in Apache Products
[05/09/2014] Vulnerabilities were identified in the Apache Derby and
Apache HTTP Server. An attacker could bypass security restrictions, execute
arbitrary code and cause a denial of service condition. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:db.apache.org/derby/releases/release-10.11.1.1.cgi
URL:www.apache.org/dist/httpd/Announcement2.4.txt
URL:www.hkcert.org/my_url/en/alert/14090502
2. Vulnerabilities in IBM Products (N1020242, N1020243,
1671201, 1673224, 1675798, 1681229, 1681623, 1681631)
[05/09/2014] Vulnerabilities were identified in the IBM PowerVC, IBM
Sametime Meeting Server, IBM Sametime Proxy Server, IBM Tivoli Monitoring
components and agents, and IBM DB2. An attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code, perform cross-site scripting attacks, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=nas8N1020242
URL:www.ibm.com/support/docview.wss?uid=nas8N1020243
URL:www.ibm.com/support/docview.wss?uid=swg21671201
URL:www.ibm.com/support/docview.wss?uid=swg21673224
URL:www.ibm.com/support/docview.wss?uid=swg21675798
URL:www.ibm.com/support/docview.wss?uid=swg21681229
URL:www.ibm.com/support/docview.wss?uid=swg21681623
URL:www.ibm.com/support/docview.wss?uid=swg21681631
3. Vulnerabilities in Novell GroupWise (5190550, 5190551,
5190552)
[05/09/2014]
Vulnerabilities were identified in the Novell
GroupWise. An attacker could bypass security restrictions, execute arbitrary
code and compromise a vulnerable system. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:download.novell.com/Download?buildid=-815P6M-Uq4~
URL:download.novell.com/Download?buildid=m2NNE-BWQ58~
URL:download.novell.com/Download?buildid=MnyxLK-LI-E~
4. Vulnerabilities in McAfee ePolicy Orchestrator
(SB10083, SB10084)
[05/09/2014] Vulnerabilities were identified in the McAfee ePolicy
Orchestrator. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and cause a denial of service condition.
These vulnerabilities affect versions prior to 5.1.1 with hotfixes HF988208 and
HF983758 of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:kc.mcafee.com/corporate/index?page=content&id=SB10083
URL:kc.mcafee.com/corporate/index?page=content&id=SB10084
5. Vulnerabilities in Juniper Junos OS (JSA10595,
JSA10635)
[05/09/2014]
Vulnerabilities were identified in the Juniper
Junos. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and cause a denial of service condition.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10595
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10635
6. Vulnerability in Node.js
[05/09/2014] Vulnerability was identified in the Node.js. An attacker
could cause a denial of service condition and crash the application. This
vulnerability affects version prior to 0.8.28 or 0.10.30 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/
URL:www.hkcert.org/my_url/en/alert/14090501
7. Security Updates in Oracle Linux (ELSA-2014-1144,
ELSA-2014-1145, ELSA-2014-1148)
[05/09/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox, thunderbird and squid packages for Oracle Linux 5, 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, cause a denial
of service condition and compromise a user's
system.
URL:linux.oracle.com/errata/ELSA-2014-1144.html
URL:linux.oracle.com/errata/ELSA-2014-1145.html
URL:linux.oracle.com/errata/ELSA-2014-1148.html
8. Security Updates in Gentoo Linux (GLSA
201409-04)
[05/09/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the mysql packages for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise a
vulnerable
system.
URL:www.gentoo.org/security/en/glsa/glsa-201409-04.xml
9. Security Updates in Mandriva
(MDVSA-2014:174)
[05/09/2014] Mandriva
has released security update packages for fixing the vulnerability identified in
the apache package for version MBS1 of Mandriva GNU/Linux. An attacker could
bypass security
restrictions.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A174/
10.
Security Updates in Slackware
(SSA:2014-247-01, SSA:2014-247-02, SSA:2014-247-03)
[05/09/2014] Slackware has released security update packages for fixing
the vulnerabilities identified in the php, mozilla-firefox and
mozilla-thunderbird packages for multiple versions of Slackware Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise a vulnerable
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.355700
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.359138
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.523796
11.
Security Updates in Ubuntu GNU/Linux
(USN-2340-1)
[05/09/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
procmail package for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. An attacker could bypass security restrictions, execute arbitrary
code and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2340-1/
12.
Information Updates on Microsoft Security
Bulletin (MS14-028)
[04/09/2014] Microsoft
has updated information on the Security Bulletin for Microsoft Windows. MS14-028
was updated the Known Issues entry in the Knowledge Base Article section from
"None" to
"Yes".
URL:technet.microsoft.com/library/security/ms14-028
13.
Vulnerabilities in Apache HTTP
Server
[04/09/2014]
Vulnerabilities were identified in the Apache
HTTP Server. An attacker could bypass security restrictions, execute arbitrary
code and cause a denial of service condition. These vulnerabilities affect
versions prior to 2.2.29 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.apache.org/dist/httpd/Announcement2.2.txt
14.
Vulnerabilities in IBM FlashSystem
(S1004859)
[04/09/2014]
Vulnerabilities were identified in the IBM
FlashSystem V840. An attacker could bypass security restrictions, execute
arbitrary code and cause a denial of service condition. These vulnerabilities
affect multiple firmware versions of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004859
15.
Vulnerabilities in Novell Products
(5189091, 5190470, 5190471, 5190472, 5190530, 5190531, 5190532,
5191190)
[04/09/2014]
Vulnerabilities were identified in the Novell
GroupWise and Novell Identity Manager. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise a vulnerable system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=5bsZgAej4GI~
URL:download.novell.com/Download?buildid=adKLQO6vZjA~
URL:download.novell.com/Download?buildid=c1XRCuRSy-8~
URL:download.novell.com/Download?buildid=dto6obSiSuM~
URL:download.novell.com/Download?buildid=NB35noeHLaY~
URL:download.novell.com/Download?buildid=PJTVAWcyTDs~
URL:download.novell.com/Download?buildid=r_lXXZVhiYo~
URL:download.novell.com/Download?buildid=tMSI_yfIplo~
16.
Vulnerability in SolarWinds Log &
Event Manager (95691)
[04/09/2014] Vulnerability was identified in the SolarWinds Log &
Event Manager. An attacker could bypass security restrictions and execute
arbitrary code. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/95691
17.
Vulnerabilities in Multiple Android
Applications (VU#582497)
[04/09/2014] Vulnerabilities were identified in multiple Android
applications. An attacker could bypass security restrictions, execute arbitrary
code and perform spoofing attacks. These vulnerabilities affect multiple
versions of the mentioned
products.
URL:www.kb.cert.org/vuls/id/582497
URL:xforce.iss.net/xforce/xfdb/95692
18.
Vulnerability in Google Android Browser
(95693)
[04/09/2014]
Vulnerability was identified in the Google
Android Browser. An attacker could bypass security restrictions. This
vulnerability affects version 4.2.1 of the mentioned
products.
URL:xforce.iss.net/xforce/xfdb/95693
19.
Vulnerabilities in
LibreOffice
[04/09/2014] Vulnerabilities were identified in the LibreOffice. An
attacker could bypass security restrictions, obtain sensitive information and
compromise a user's system. These vulnerabilities affect versions prior to
4.2.6-secfix and prior to 4.3.1 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.libreoffice.org/about-us/security/advisories/
URL:www.hkcert.org/my_url/en/alert/14090402
20.
Vulnerability in Procmail
(95688)
[04/09/2014]
Vulnerability was identified in the procmail. An
attacker could bypass security restrictions, execute arbitrary code and crash
the application. The affected version was not specified. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95688
21.
Security Updates in Debian (DSA-3017-1,
DSA-3018-1)
[04/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the php-cas and iceweasel packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, perform cross site scripting attacks and cause a denial of
service
condition.
URL:www.debian.org/security/2014/dsa-3017
URL:www.debian.org/security/2014/dsa-3018
22.
Security Updates in Gentoo Linux (GLSA
201409-032)
[04/09/2014] Gentoo has
released security update packages for fixing the vulnerability identified in the
dhcpcd packages for multiple versions of Gentoo Linux. An attacker could cause a
denial of service
condition.
URL:www.gentoo.org/security/en/glsa/glsa-201409-03.xml
23.
Security Updates in Mandriva
(MDVSA-2014:172, MDVSA-2014:173)
[04/09/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the php and busybox packages for version MBS1 of Mandriva GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code and cause a denial of service
condition.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A172/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A173/
24.
Security Updates in Red Hat Products
(RHSA-2014:1143-1, RHSA-2014:1144-1, RHSA-2014:1145-1, RHSA-2014:1146-1,
RHSA-2014:1147-1, RHSA-2014:1148-1)
[04/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel, firefox, thunderbird, httpcomponents-client and squid packages
for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker
could bypass security restrictions, gain elevated privileges, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1143.html
URL:rhn.redhat.com/errata/RHSA-2014-1144.html
URL:rhn.redhat.com/errata/RHSA-2014-1145.html
URL:rhn.redhat.com/errata/RHSA-2014-1146.html
URL:rhn.redhat.com/errata/RHSA-2014-1147.html
URL:rhn.redhat.com/errata/RHSA-2014-1148.html
25.
Security Updates in Ubuntu GNU/Linux
(USN-2338-1, USN-2339-1)
[04/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the lua5.1 and gnupg packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and cause a
denial of service
condition.
URL:www.ubuntu.com/usn/usn-2338-1/
URL:www.ubuntu.com/usn/usn-2339-1/
26.
Vulnerabilities in Mozilla Products (MFSA
2014-67, MFSA 2014-68, MFSA 2014-69, MFSA 2014-70, MFSA 2014-71, MFSA
2014-72)
[03/09/2014]
Vulnerabilities were identified in Mozilla
Firefox and Thunderbird. An attacker could execute arbitrary code, obtain
sensitive information and crash the application. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.mozilla.org/security/announce/2014/mfsa2014-67.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-68.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-69.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-70.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-71.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-72.html
27.
Vulnerability in Apple iOS
(95645)
[03/09/2014]
Vulnerability was identified in the Apple iOS.
An attacker could bypass security restrictions, execute arbitrary code and
compromise the device. This vulnerability affects version 7.1.2 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95645
28.
Vulnerability in Cisco IOS XR
Software
[03/09/2014]
Vulnerability was identified in the Cisco IOS XR
Software. An attacker could cause a denial of service condition and crash the
system. This vulnerability affects multiple versions of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3353
URL:xforce.iss.net/xforce/xfdb/95623
29.
Vulnerabilities in IBM Products (IT02201,
IT02291, IT02433, IT03761, 1647054, 1672428, 1679979, 1680795, 1680809, 1681623,
1681631, 1681723)
[03/09/2014] Vulnerabilities were identified in the IBM DB2, IBM HTTP
Server, IBM Business Process Manager and IBM WebSphere Lombardi Edition. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, perform injection attacks and
cross-site scripting attacks, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg1IT02201
URL:www.ibm.com/support/docview.wss?uid=swg1IT02291
URL:www.ibm.com/support/docview.wss?uid=swg1IT02433
URL:www.ibm.com/support/docview.wss?uid=swg1IT03761
URL:www.ibm.com/support/docview.wss?uid=swg21647054
URL:www.ibm.com/support/docview.wss?uid=swg21672428
URL:www.ibm.com/support/docview.wss?uid=swg21679979
URL:www.ibm.com/support/docview.wss?uid=swg21680795
URL:www.ibm.com/support/docview.wss?uid=swg21680809
URL:www.ibm.com/support/docview.wss?uid=swg21681623
URL:www.ibm.com/support/docview.wss?uid=swg21681631
URL:www.ibm.com/support/docview.wss?uid=swg21681723
URL:www.ibm.com/support/docview.wss?uid=swg24038261
URL:xforce.iss.net/xforce/xfdb/93817
URL:xforce.iss.net/xforce/xfdb/94260
URL:xforce.iss.net/xforce/xfdb/94263
URL:xforce.iss.net/xforce/xfdb/94485
URL:xforce.iss.net/xforce/xfdb/94486
URL:xforce.iss.net/xforce/xfdb/95307
30.
Vulnerabilities in ManageEngine EventLog
Analyzer (95632, 95633)
[03/09/2014] Vulnerabilities were identified in the ManageEngine EventLog
Analyzer. An attacker could bypass security restrictions and execute arbitrary
code. These vulnerabilities affect version 9.9 Build 9002 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95632
URL:xforce.iss.net/xforce/xfdb/95633
31.
Vulnerabilities in Advantech WebAccess
(95646, 95647, 95648, 95649, 95650)
[03/09/2014] Vulnerabilities were identified in the Advantech WebAccess.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
version 7.2 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95646
URL:xforce.iss.net/xforce/xfdb/95647
URL:xforce.iss.net/xforce/xfdb/95648
URL:xforce.iss.net/xforce/xfdb/95649
URL:xforce.iss.net/xforce/xfdb/95650
32.
Vulnerability in Net-SNMP
(95638)
[03/09/2014]
Vulnerability was identified in the Net-SNMP. An
attacker could cause a denial of service condition and crash the system. The
affected version was not specified. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95638
33.
Vulnerability in c-icap Server
(95640)
[03/09/2014]
Vulnerability was identified in the c-icap
Server. An attacker could cause a denial of service condition and crash the
system. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/95640
34.
Security Updates in Mageia
(MGASA-2014-0363)
[03/09/2014] Mageia has
released security update package for fixing the vulnerability identified in the
blender package for multiple versions of Mageia. An attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0363.html
35.
Security Updates in Debian (DSA-3015-1,
DSA-3016-1)
[03/09/2014] Debian has
released security update packages for fixing the vulnerability identified in the
lua5.1 and lua5.2 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3015
URL:www.debian.org/security/2014/dsa-3016
36.
Security Updates in Mandriva
(MDVSA-2014:160, MDVSA-2014:161, MDVSA-2014:162, MDVSA-2014:163, MDVSA-2014:164,
MDVSA-2014:165, MDVSA-2014:166, MDVSA-2014:167, MDVSA-2014:168, MDVSA-2014:169,
MDVSA-2014:170, MDVSA-2014:171)
[03/09/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the gpgme, subversion, catfish, python-imaging, phpmyadmin, krb5, serf, file,
libvncserver, bugzilla, jakarta-commons-httpclient and dhcpcd packages for
version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise a vulnerable
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A160/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A161/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A162/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A163/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A164/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A165/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A166/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A167/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A168/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A169/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A170/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A171/
37.
Security Updates in Red Hat Products
(RHSA-2014:1119-1, RHSA-2014:1120-1, RHSA-2014:1121-1,
RHSA-2014:1122-1)
[03/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openstack-neutron and openstack-keystone packages for Red Hat Enterprise
Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1119.html
URL:rhn.redhat.com/errata/RHSA-2014-1120.html
URL:rhn.redhat.com/errata/RHSA-2014-1121.html
URL:rhn.redhat.com/errata/RHSA-2014-1122.html
38.
Security Updates in SUSE
(SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1,
SUSE-SU-2014:1082-1)
[03/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the apache2 packages for SUSE Linux Enterprise 10 and 11. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00002.html
39.
Security Updates in Ubuntu GNU/Linux
(USN-2326-1, USN-2329-1, USN-2331-1, USN-2332-1, USN-2333-1, USN-2334-1,
USN-2335-1, USN-2336-1, USN-2337-1)
[03/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the oxide-qt, firefox, libreoffice, linux, linux-ec2, linux-ti-omap4 and
linux-lts-trusty packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and compromise a vulnerable
system.
URL:www.ubuntu.com/usn/usn-2326-1/
URL:www.ubuntu.com/usn/usn-2329-1/
URL:www.ubuntu.com/usn/usn-2331-1/
URL:www.ubuntu.com/usn/usn-2332-1/
URL:www.ubuntu.com/usn/usn-2333-1/
URL:www.ubuntu.com/usn/usn-2334-1/
URL:www.ubuntu.com/usn/usn-2335-1/
URL:www.ubuntu.com/usn/usn-2336-1/
URL:www.ubuntu.com/usn/usn-2337-1/
40.
Vulnerabilities in Apache
POI
[02/09/2014] Vulnerabilities were identified in the Apache POI. An
attacker could cause a denial of service condition and crash the system. These
vulnerabilities affect versions prior to 3.10.1 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.apache.org/dist/poi/release/RELEASE-NOTES.txt
41.
Vulnerabilities in IBM Products
(T1021104, 1679918, 1680564, 1681020, 1681752, 1682642, 1682643,
MIGR-5096155)
[02/09/2014] Vulnerabilities were identified in the IBM AIX, IBM VIOS, IBM
Power 7 Systems, IBM Maximo Asset Management, IBM SmartCloud Control Desk, IBM
Tivoli Asset Management for IT, IBM Tivoli Service Request Manager, IBM Change
and Configuration Management Database, IBM Tivoli Storage Manager Operations
Center, IBM Sterling Connect:Direct for HP NonStop, IBM Security AppScan
Enterprise, IBM Rational Policy Tester and IBM Flex System Manager (FSM). An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, perform injection attacks and
cross-site scripting attacks, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
URL:www.ibm.com/support/docview.wss?uid=isg3T1021104
URL:www.ibm.com/support/docview.wss?uid=swg21679918
URL:www.ibm.com/support/docview.wss?uid=swg21680564
URL:www.ibm.com/support/docview.wss?uid=swg21681020
URL:www.ibm.com/support/docview.wss?uid=swg21681752
URL:www.ibm.com/support/docview.wss?uid=swg21682642
URL:www.ibm.com/support/docview.wss?uid=swg21682643
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155
42.
Vulnerability in Trend Micro
OfficeScan
[02/09/2014]
Vulnerability was identified in the Trend Micro
OfficeScan. An attacker could bypass security restrictions. This vulnerability
affects versions prior to 10.6 Service Pack 3 Patch 2 - Build 5614 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:files.trendmicro.com/documentation/readme/OSCE_10.6_WIN_SP3_Patch2_Readme.txt
43.
Vulnerabilities in pfSense
(pfSense-SA-14_14.openssl, pfSense-SA-14_17.webgui)
[02/09/2014] Vulnerabilities were identified in the pfSense. An attacker
could bypass security restrictions, obtain sensitive information, cause a denial
of service condition and compromise a vulnerable system. These vulnerabilities
affect versions prior to 2.1.5 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:pfsense.org/security/advisories/pfSense-SA-14_14.openssl.asc
URL:pfsense.org/security/advisories/pfSense-SA-14_17.webgui.asc
44.
Security Updates in Oracle Linux
(ELSA-2014-1110)
[02/09/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the glibc package for Oracle Linux 6 and 7. Due to multiple errors, an attacker
could bypass security restrictions, gain elevated privileges and execute
arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2014-1110.html
45.
Security Updates in Gentoo Linux (GLSA
201409-01, GLSA 201409-02)
[02/09/2014] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the wireshark and net-snmp packages for multiple versions of Gentoo Linux. Due
to multiple errors, an attacker could cause a denial of service condition and
crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201409-01.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-02.xml
46.
Vulnerabilities in IBM Emptoris Contract
Management (1680370)
[01/09/2014] Vulnerabilities were identified in the IBM Emptoris Contract
Management. An attacker could execute arbitrary code, obtain sensitive
information, perform code injection and cross-site scripting attacks. These
vulnerabilities affect versions 9.5.0.0 through 10.0.2.2 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21680370
47.
Vulnerability in Clipboard module for
Perl (95618)
[01/09/2014] Vulnerability was identified in the Clipboard module for
Perl. An attacker could gain elevated privileges and execute arbitrary code.
This vulnerability affects version 0.13 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95618
48.
Vulnerability in Kindle App for Android
(95617)
[01/09/2014]
Vulnerability was identified in the Kindle App
for Android. An attacker could perform spoofing attacks and obtain sensitive
information. This vulnerability affects versions prior to 4.5.0 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95617
49.
Vulnerability in GNU C Library
(95616)
[01/09/2014]
Vulnerability was identified in the GNU C
Library (glibc). An attacker could cause a denial of service condition and crash
the system.
URL:xforce.iss.net/xforce/xfdb/95616
50.
Security Updates in Gentoo Linux (GLSA
201408-08, GLSA 201408-09, GLSA 201408-10, GLSA 201408-11, GLSA 201408-12, GLSA
201408-13, GLSA 201408-14, GLSA 201408-15, GLSA 201408-16, GLSA 201408-17, GLSA
201408-18, GLSA 201408-19)
[01/09/2014] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the file, libtasn1, libgcrypt, php, apache, jinja2, stunnel, postgresql-server,
chromium, qemu, nrpe, openOffice and libreOffice packages for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201408-08.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-10.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-11.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-12.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-13.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-14.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-15.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-16.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-17.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-18.xml
URL:www.gentoo.org/security/en/glsa/glsa-201408-19.xml
51.
Security Updates in Red Hat Products
(RHSA-2014:1110-1)
[01/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the glibc packages for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated privileges
and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-1110.html
52.
Security Updates in SUSE
(SUSE-SU-2014:0993-1, SUSE-SU-2014:1037-1, SUSE-SU-2014:1055-1,
SUSE-SU-2014:1055-2)
[01/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the IBM Java and Oracle Database Server packages for SUSE Linux Enterprise 11.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.suse.com/support/update/announcement/2014/suse-su-20140993-1.html
URL:www.suse.com/support/update/announcement/2014/suse-su-20141037-1.html
URL:www.suse.com/support/update/announcement/2014/suse-su-20141055-1.html
URL:www.suse.com/support/update/announcement/2014/suse-su-20141055-2.html
No comments:
Post a Comment