1. Vulnerability
in HP Network Node Manager I (c04378450)
[12/09/2014] Vulnerability was identified in the HP Network Node Manager I
for Windows and Linux. An attacker could bypass security restriction and execute
arbitrary code. This vulnerability affects multiple versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:h20566.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c04378450
2. Vulnerabilities in IBM Products (1682396, 1679568,
1681644, 1682395, 1682396, 1682398, 1682645)
[12/09/2014] Vulnerabilities were identified in the IBM Cognos TM1, IBM
Rational Test Control Panel component in Rational Test Virtualization Server and
Rational Test Workbench, IBM InfoSphere Discovery and IBM FileNet Services. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21682396
URL:www.ibm.com/support/docview.wss?uid=swg21679568
URL:www.ibm.com/support/docview.wss?uid=swg21681644
URL:www.ibm.com/support/docview.wss?uid=swg21682395
URL:www.ibm.com/support/docview.wss?uid=swg21682396
URL:www.ibm.com/support/docview.wss?uid=swg21682398
URL:www.ibm.com/support/docview.wss?uid=swg21682645
3. Vulnerabilities in Attachmate Products (2288,
2546)
[12/09/2014]
Vulnerabilities were identified in the
Attachmate Reflection for Secure IT and Attachmate INFOConnect products. An
attacker could bypass security restrictions, gain elevated privileges, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:support.attachmate.com/techdocs/2288.html
URL:support.attachmate.com/techdocs/2546.html
4. Vulnerability in CacheGuard OS
(VU#241508)
[12/09/2014] Vulnerability was identified in the CacheGuard OS. An
attacker could perform cross-site request forgery attacks. This vulnerability
affects version v5.7.7 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/241508
5. Vulnerability in Sophos UTM
Manager
[12/09/2014]
Vulnerability was identified in the Sophos UTM
Manager. An attacker could cause a denial of service condition. This
vulnerability affects versions prior to 9.206 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:blogs.sophos.com/2014/09/10/utm-up2date-9-204-released-2/
6. Vulnerability in Embarcadero Delphi and C++
Builder
[12/09/2014]
Vulnerability was identified in the Embarcadero
Delphi and C++ Builder Visual Component Library (VCL) bitmap (BMP) file. An
attacker could execute arbitrary code. The affected version was not specified.
Security patches are available to resolve this
vulnerability.
URL:support.embarcadero.com/article/44015
URL:www.kb.cert.org/vuls/id/646748
7. Vulnerability in acpi-support
(95871)
[12/09/2014]
Vulnerability was identified in the
acpi-support. An attacker could gain elevated privileges. This vulnerability
affects version 0.140 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/95871
8. Security Updates in Oracle Linux (ELSA-2014-1166,
95881)
[12/09/2014]
Oracle has released security update packages for
fixing the vulnerability identified in the procmail package for Oracle Linux 5,
6 and 7, and the Oracle MySQL Server 5.5.38 and 5.6.19. An attacker could
execute arbitrary code and compromise a vulnerable
system.
URL:linux.oracle.com/errata/ELSA-2014-1172.html
URL:xforce.iss.net/xforce/xfdb/95881
9. Security Updates in Debian (DSA-3020-1,
DSA-3022-1)
[12/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the acpi-support and curl packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, obtain sensitive information, execute arbitrary code and
compromise a vulnerable
system.
URL:www.debian.org/security/2014/dsa-3020
URL:www.debian.org/security/2014/dsa-3022
10.
Security Updates in FreeBSD
(FreeBSD-SA-14:18.openssl)
[12/09/2014] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the openssl packages for multiple versions of FreeBSD. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system..
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
11.
Security Updates in SUSE
(openSUSE-SU-2014:1100-1, openSUSE-SU-2014:1110-1, openSUSE-SU-2014:1114-1,
openSUSE-SU-2014:1115-1, SUSE-SU-2014:1116-1, SUSE-SU-2014:1119-1,
SUSE-SU-2014:1120-1)
[12/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the procmail, Adobe Flash Player, MozillaFirefox, Mozilla NSS and glibc packages
for openSUSE 11.4, 12.3 and 13.1, the LibreOffice, glibc and MozillaFirefox
packages for SUSE Linux Enterprise 10 and 11. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html
URL:lists.opensuse.org/opensuse-updates/2014-09/msg00012.html
URL:lists.opensuse.org/opensuse-updates/2014-09/msg00015.html
12.
Security Updates in Red Hat Products
(RHSA-2014:1184-1, RHSA-2014:1186-1)
[12/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the spacewalk-java package for Red Hat Satellite 5.4, 5.5 and 5.6, and the
katello-configure package for Red Hat Subscription Asset Manager. Due to
multiple errors, an attacker could bypass security restrictions and execute
arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-1184.html
URL:rhn.redhat.com/errata/RHSA-2014-1186.html
13.
Security Updates in Ubuntu GNU/Linux
(USN-2330-1)
[12/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the thunderbird package for versions 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2330-1/
14.
Vulnerabilities in Cisco
Products
[11/09/2014]
Vulnerabilities were identified in the Cisco IOS
XR Software, Cisco TelePresence System Edge MXP Series Software and Cisco
Unified Communications Manager. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, perform cross-site
scripting attacks, cause a denial of service condition and crash the system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3342
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3362
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119
15.
Vulnerabilities in Juniper Products
(JSA10644, JSA10645, JSA10646, JSA10647)
[11/09/2014] Vulnerabilities were identified in the Juniper Installer
Service client in Windows and Juniper Networks SSL VPN/UAC products. An attacker
could bypass security restrictions, gain elevated privileges, execute arbitrary
code, perform cross site scripting and clickjacking attacks. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10644
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10645
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10646
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10647
16.
Vulnerabilities in VMware Products
(VMSA-2014-0008)
[11/09/2014] Vulnerabilities were identified in the VMware vCenter Server,
VMware vCenter Update Manager and VMware ESXi. An attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and compromise a vulnerable
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.vmware.com/security/advisories/VMSA-2014-0008.html
17.
Vulnerability in PowerDNS Recursor
(2014-01)
[11/09/2014]
Vulnerability was identified in the PowerDNS
Recursor. An attacker could cause a denial of service condition. This
vulnerability affects versions prior to 3.6.1 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:doc.powerdns.com/html/powerdns-advisory-2014-01.html
URL:doc.powerdns.com/html/changelog.html
18.
Vulnerabilities in Puppet Enterprise
Apache HTTP Server
[11/09/2014] Vulnerabilities were identified in the Puppet Enterprise
Apache HTTP Server. An attacker could cause a denial of service condition. These
vulnerabilities affect versions prior to 2.8.8 or 3.3.2 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:puppetlabs.com/security/cve/cve-2014-0118
URL:puppetlabs.com/security/cve/cve-2014-0231
19.
Security Updates in SUSE
(SUSE-SU-2014:1107-1, SUSE-SU-2014:1112-1, openSUSE-SU-2014:1099-1,
openSUSE-SU-2014:1110-1)
[11/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox packages for SUSE Linux Enterprise 11, and the Adobe Flash
Player, MozillaFirefox and Mozilla NSS packages for openSUSE 12.3 and 13.1. Due
to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, obtain sensitive information, execute arbitrary code, cause
a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html
URL:lists.opensuse.org/opensuse-updates/2014-09/msg00011.html
20.
Security Updates in Red Hat Products
(RHSA-2014:1172-1, RHSA-2014:1173-1)
[11/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the procmail and Adobe Flash Player packages for Red Hat Enterprise Linux 5,
6, and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1172.html
URL:rhn.redhat.com/errata/RHSA-2014-1173.html
21.
Vulnerabilities in Microsoft Products
(2977629, 2990931, 2988948, 2990928)
[10/09/2014] Vulnerabilities were identified in the Microsoft Internet
Explorer, Microsoft .NET Framework, Microsoft Windows and Microsoft Lync Server.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise a
vulnerable system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/library/security/ms14-sep
URL:technet.microsoft.com/library/security/MS14-052
URL:technet.microsoft.com/library/security/MS14-053
URL:technet.microsoft.com/library/security/MS14-054
URL:technet.microsoft.com/library/security/MS14-055
URL:www.hkcert.org/my_url/en/alert/14091001
URL:www.hkcert.org/my_url/en/alert/14091002
URL:www.hkcert.org/my_url/en/alert/14091003
URL:www.hkcert.org/my_url/en/alert/14091004
URL:xforce.iss.net/xforce/xfdb/95544
URL:xforce.iss.net/xforce/xfdb/95545
URL:xforce.iss.net/xforce/xfdb/95546
URL:xforce.iss.net/xforce/xfdb/95547
22.
Information Updates on Microsoft Security
Advisories (2755801, 2871997, 2905247)
[10/09/2014] Microsoft
has updated information on the Security Advisories for Internet Explorer,
Microsoft Windows and Microsoft ASP.NET. (a) KB2755801 was added the 2987114
update to the Current Update section. (b) KB2871997 was re-released to announce
the release of update 2982378 to provide additional protection for
users新細明體">’credentials when
logging into a Windows 7 or Windows Server 2008 R2 system. (c) KB2905247 was
rereleased to announce the offering of the security update via Microsoft Update,
in addition to the Download-Center-only option that was provided when this
advisory was originally released. Additionally, some of the updates were
reissued to improve their
quality.
URL:technet.microsoft.com/library/security/2755801
URL:technet.microsoft.com/library/security/2871997
URL:technet.microsoft.com/library/security/2905247
23.
Vulnerabilities in Adobe Products
(APSB14-20, APSB14-21)
[10/09/2014] Vulnerabilities were identified in the Adobe Flash Player,
Adobe Reader and Acrobat. An attacker could bypass security restriction, execute
arbitrary code and compromise a vulnerable system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve the vulnerabilities for Adobe Flash
Player.
URL:helpx.adobe.com/security/products/flash-player/apsb14-21.html
URL:helpx.adobe.com/security/products/reader/apsb14-20.html
URL:www.hkcert.org/my_url/en/alert/14091005
URL:www.hkcert.org/my_url/en/alert/14091006
24.
Vulnerabilities in Cisco Products
(cisco-sa-20140908-ucse)
[10/09/2014] Vulnerabilities were identified in the Cisco Unified
Computing System (UCS) E-Series Blade Servers and Cisco IOS XR Software. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3343
URL:www.hkcert.org/my_url/en/alert/14091008
URL:xforce.iss.net/xforce/xfdb/95781
25.
Vulnerabilities in IBM Products (1682393,
1683330, 1683551)
[10/09/2014] Vulnerabilities were identified in the IBM UrbanCode Deploy
and IBM QRadar Incident Forensics. An attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21682393
URL:www.ibm.com/support/docview.wss?uid=swg21683330
URL:www.ibm.com/support/docview.wss?uid=swg21683551
26.
Vulnerability in Juniper Junos OS
(JSA10615)
[10/09/2014]
Vulnerability was identified in the Juniper
Junos. An attacker could cause a denial of service condition. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10613
27.
Vulnerabilities in Google
Chrome
[10/09/2014]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and compromise a vulnerable system. These
vulnerabilities affect versions prior to 37.0.2062.120 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/09/stable-channel-update_9.html
URL:www.hkcert.org/my_url/en/alert/14091007
28.
Vulnerability in Netgear ProSafe Plus
Configuration Utility (VU#396212)
[10/09/2014] Vulnerability was identified in the Netgear ProSafe Plus
Configuration Utility. An attacker could obtain sensitive information. The
affected version was not
specified.
URL:www.kb.cert.org/vuls/id/396212
URL:xforce.iss.net/xforce/xfdb/95780
29.
Vulnerability in ALCASAR
(95779)
[10/09/2014]
Vulnerability was identified in the ALCASAR. An
attacker could execute arbitrary code. This vulnerability affects version 2.8 of
the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95779
30.
Vulnerability in Ruby on Rails
(95778)
[10/09/2014]
Vulnerability was identified in the Ruby on
Rails. An attacker could bypass security restrictions. This vulnerability
affects versions 3.1.2, 3.2 and 3.2.2 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95778
31.
Vulnerabilities in Waterfox
Firefox
[10/09/2014]
Vulnerabilities were identified in the Waterfox
Firefox. An attacker could bypass security restrictions, obtain sensitive
information and compromise a vulnerable system. These vulnerabilities affect
versions prior to 32.0 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:www.waterfoxproject.org/development.php?fn_mode=fullnews&fn_id=71
32.
Security Updates in Oracle Linux
(ELSA-2014-1166)
[10/09/2014] Oracle has
released security update packages for fixing the vulnerability identified in the
jakarta-commons-httpclient package for Oracle Linux 5, 6 and 7. An attacker
could perform spoofing
attacks.
URL:linux.oracle.com/errata/ELSA-2014-1166.html
33.
Security Updates in Debian
(DSA-3021-1)
[10/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the file package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3021
34.
Security Updates in Mageia
(MGASA-2014-0373)
[10/09/2014] Mageia has
released security update package for fixing the vulnerability identified in the
procmail package for multiple versions of Mageia. An attacker could execute
arbitrary code and cause a denial of service
condition.
URL:advisories.mageia.org/MGASA-2014-0373.html
35.
Security Updates in Slackware
(SSA:2014-252-01)
[10/09/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the seamonkey package for multiple versions of Slackware Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
cause a denial of service
condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.481154
36.
Security Updates in SUSE
(openSUSE-SU-2014:1098-1, openSUSE-SU-2014:1100-1)
[10/09/2014] SUSE has released security update packages for fixing the
vulnerabilities identified in the MozillaThunderbird and Firefox packages for
openSUSE 11.4, 12.3 and 13.1. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html
37.
Security Updates in Red Hat Products
(RHSA-2014:1165-1, RHSA-2014:1166-1, RHSA-2014:1167-1,
RHSA-2014:1168-1)
[10/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the nss, jakarta-commons-httpclient and kernel packages for Red Hat
Enterprise Linux 4, 5, 6, and 7, and the rhev-hypervisor6 package for Red Hat
Enterprise Virtualization 3. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1165.html
URL:rhn.redhat.com/errata/RHSA-2014-1166.html
URL:rhn.redhat.com/errata/RHSA-2014-1167.html
URL:rhn.redhat.com/errata/RHSA-2014-1168.html
38.
Security Updates in Ubuntu GNU/Linux
(USN-2306-3, USN-2341-1, USN-2342-1, USN-2343-1,
USN-2344-1)
[10/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the eglibc, cups, qemu, qemu-kvm, nss and php5 packages for versions 10.04 LTS,
12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2306-3/
URL:www.ubuntu.com/usn/usn-2341-1/
URL:www.ubuntu.com/usn/usn-2342-1/
URL:www.ubuntu.com/usn/usn-2343-1/
URL:www.ubuntu.com/usn/usn-2344-1/
39.
Vulnerability in Cisco Unified Computing
System E-Series Software
[08/09/2014] Vulnerability was identified in the Cisco Unified Computing
System E-Series Software. An attacker could cause a denial of service condition
and crash the system. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3348
40.
Vulnerability in HP IceWall SSO
(c04424322)
[08/09/2014] Vulnerability was identified in the HP IceWall SSO. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects multiple versions of mentioned product. Security
patches are available to resolve this
vulnerability.
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c04424322
41.
Vulnerabilities in IBM Products (1681966,
1682094, 1682644)
[08/09/2014] Vulnerabilities were identified in the IBM AIX, IBM
InfoSphere Information Server, IBM InfoSphere Data Click, IBM SDK and IBM
Security SiteProtector System. An attacker could bypass security restrictions,
gain elevated privileges, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple firmware versions of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
URL:www.ibm.com/support/docview.wss?uid=swg21681966
URL:www.ibm.com/support/docview.wss?uid=swg21682094
URL:www.ibm.com/support/docview.wss?uid=swg21682644
42.
Vulnerabilities in Sensys Networks
products (ICSA-14-247-01)
[08/09/2014] Vulnerabilities were identified in multiple Sensys Networks
products. An attacker could bypass security restrictions and obtain sensitive
information. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-14-247-01
URL:xforce.iss.net/xforce/xfdb/95765
URL:xforce.iss.net/xforce/xfdb/95766
43.
Vulnerabilities in TYPO3
(TYPO3-EXT-SA-2014-010)
[08/09/2014] Vulnerabilities were identified in multiple third party
extensions for TYPO3. An attacker could bypass security restrictions, obtain
sensitive information and compromise a vulnerable system. These vulnerabilities
affect multiple versions of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010/
44.
Vulnerability in vBulletin
(95699)
[08/09/2014]
Vulnerability was identified in the vBulletin.
An attacker could bypass security restrictions, execute arbitrary code and
perform code injection attacks. This vulnerability affects versions 4.0.1, 4.0.2
and 4.0.8 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/95699
45.
Security Updates in Debian
(DSA-3019-1)
[08/09/2014] Debian has
released security update packages for fixing the vulnerability identified in the
procmail package for multiple versions of Debian GNU/Linux. An attacker could
execute arbitrary code and cause a denial of service
condition.
URL:www.debian.org/security/2014/dsa-3019
46.
Security Updates in Mageia
(MGASA-2014-0370, MGASA-2014-0372)
[08/09/2014] Mageia has
released security update package for fixing the vulnerabilities identified in
the graphicsmagick, firefox & thunderbird packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
execute arbitrary code, cause a denial of service condition and compromise a
vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0370.html
URL:advisories.mageia.org/MGASA-2014-0372.html
47.
Security Updates in Mandriva
(MDVSA-2014:175, MDVSA-2014:176, MDVSA-2014:177, MDVSA-2014:178,
MDVSA-2014:179)
[08/09/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the glibc, libgcrypt, squid, ppp and python-django packages for version MBS1
of Mandriva GNU/Linux. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition, gain elevated privileges
and obtain sensitive
information.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A175/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A176/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A177/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A178/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A179/
48.
Security Updates in Red Hat Products
(RHSA-2014:1161-1)
[08/09/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the Red Hat Enterprise Virtualization Manager 3.4. An attacker could bypass
security restrictions, obtain sensitive information and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-1161.html
No comments:
Post a Comment