Tuesday, October 21, 2014

IT Security Alerts Weekly Digest (12 Oct ~ 18 Oct 2014)

1. Information Updates on Microsoft Security Advisory (3009008)
[17/10/2014] Microsoft has updated information on the Advisories for the SSL 3.0 protocol in Microsoft Windows. KB3009008 was revised to include a workaround of disabling the SSL 3.0 protocol in Windows.

URL:technet.microsoft.com/library/security/3009008
2. Vulnerability in NetIQ Access Manager (5193750)
[17/10/2014] Vulnerability was identified in the NetIQ Access Manager. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:download.novell.com/Download?buildid=GQCffFuR3Yc~
3. Vulnerability in Foxit PDF SDK (97612)
[17/10/2014] Vulnerability was identified in the Foxit PDF SDK ActiveX control. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/97612
4. Vulnerability in SAP Netweaver (97610)
[17/10/2014] Vulnerability was identified in the SAP Netweaver. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects versions 7.01 and 7.20 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/97610
5. Security Updates in Oracle Solaris
[17/10/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the Xscreensaver, OpenSSL, Apache HTTP Server and WAN Boot packages for Oracle Solaris 10 and 11.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:blogs.oracle.com/sunsecurity/entry/cve_2003_1294_symlink_attack
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
URL:blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wan_boot
6. Security Updates in Debian (DSA-3051-1, DSA-3052-1, DSA-3053-1)
[17/10/2014] Debian has released security update packages for fixing the vulnerabilities identified in the drupal7, wpa and openssl packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform SQL injection attacks, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2014/dsa-3051
URL:www.debian.org/security/2014/dsa-3052
URL:www.debian.org/security/2014/dsa-3053
7. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1635-1, RHSA-2014:1647-1, RHSA-2014:1652-1, RHSA-2014:1653-1, RHSA-2014:1654-1, RHSA-2014:1655-1, RHSA-2014:1657-1)
[17/10/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the firefox, thunderbird, openssl, rsyslog7, libxml2 and java-1.7.0-oracle packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.

URL:rhn.redhat.com/errata/RHSA-2014-1635.html
URL:rhn.redhat.com/errata/RHSA-2014-1647.html
URL:rhn.redhat.com/errata/RHSA-2014-1652.html
URL:rhn.redhat.com/errata/RHSA-2014-1653.html
URL:rhn.redhat.com/errata/RHSA-2014-1654.html
URL:rhn.redhat.com/errata/RHSA-2014-1655.html
URL:rhn.redhat.com/errata/RHSA-2014-1657.html
8. Security Updates in Ubuntu GNU/Linux (USN-2385-1, USN-2386-1)
[17/10/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl and openjdk-6 packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2385-1/
URL:www.ubuntu.com/usn/usn-2386-1/
9. Vulnerabilities in Cisco Products (cisco-sa-20141015-poodle, cisco-sa-20141015-mcu, cisco-sa-20141015-vcs)
[16/10/2014] Vulnerabilities were identified in the Cisco TelePresence MCU, Cisco TelePresence Video Communication Server, Cisco Expressway Software, Cisco Prime Optical and other Cisco products using a block cipher in Cipher Block Chaining (CBC) mode. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a user's system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3408
10. Vulnerabilities in HP Products (c04471532, c04475466)
[16/10/2014] Vulnerabilities were identified in the HP StoreAll Operating System and HP TippingPoint Next-Generation Firewall (NGFW). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a user's system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04471532
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04475466
11. Vulnerabilities in IBM Products (T1021316, T1021317, S1004897, S1004903, S1004904, S1004905, S1004915, S1004917, 1682681, 1683744, 1683965, 1684444, 1685137, 1685332, 1686084, 1686230, 1686233, 1686238, 1686240)
[16/10/2014] Vulnerabilities were identified in the IBM General Parallel File System, IBM SAN Volume Controller, IBM Storwize, IBM Flex System, IBM Scale Out Network Attached Storage, IBM TSSC, IBM Real-time Compression Appliance, IBM WebSphere Message Broker, IBM Integration Bus, IBM Watson Explorer, IBM PureApplication System, IBM Tivoli Workload Scheduler, IBM Tivoli Monitoring, IBM SmartCloud Provisioning , IBM TRIRIGA Application Platform. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=isg3T1021316
URL:www.ibm.com/support/docview.wss?uid=isg3T1021317
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004897
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004903
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004904
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004905
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004915
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004917
URL:www.ibm.com/support/docview.wss?uid=swg21682681
URL:www.ibm.com/support/docview.wss?uid=swg21683744
URL:www.ibm.com/support/docview.wss?uid=swg21683965
URL:www.ibm.com/support/docview.wss?uid=swg21684444
URL:www.ibm.com/support/docview.wss?uid=swg21685137
URL:www.ibm.com/support/docview.wss?uid=swg21685332
URL:www.ibm.com/support/docview.wss?uid=swg21686084
URL:www.ibm.com/support/docview.wss?uid=swg21686230
URL:www.ibm.com/support/docview.wss?uid=swg21686233
URL:www.ibm.com/support/docview.wss?uid=swg21686238
URL:www.ibm.com/support/docview.wss?uid=swg21686240
12. Vulnerability in Juniper Junos (JSA10656)
[16/10/2014] Vulnerability was identified in the Juniper Junos devices with a block cipher in Cipher Block Chaining (CBC) mode. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products.

URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10656
13. Vulnerabilities in Google Chrome
[16/10/2014] Vulnerabilities were identified in the Google Chrome for Windows, Mac and Linux. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 38.0.2125.104 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:googlechromereleases.blogspot.hk/2014/10/stable-channel-update_14.html
URL:www.hkcert.org/my_url/en/alert/14101601
14. Vulnerability in MIT Kerberos (97028)
[16/10/2014] Vulnerability was identified in the MIT Kerberos. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 5 1.12.2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/97028
15. Vulnerabilities in OpenSSL
[16/10/2014] Vulnerabilities were identified in the OpenSSL. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions 0.9.8, 1.0.0 and 1.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.openssl.org/news/secadv_20141015.txt
URL:www.hkcert.org/my_url/en/alert/14101603
URL:xforce.iss.net/xforce/xfdb/97035
URL:xforce.iss.net/xforce/xfdb/97036
URL:xforce.iss.net/xforce/xfdb/97037
16. Vulnerability in vBulletin (97026)
[16/10/2014] Vulnerability was identified in the vBulletin. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects multiple versions of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/97026
17. Security Updates in Debian (DSA-3049-1)
[16/10/2014] Debian has released security update packages for fixing the vulnerabilities identified in the wireshark packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2014/dsa-3049
18. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1397-1, RHSA-2014:1620-1, RHSA-2014:1626-1)
[16/10/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the rsyslog, java-1.7.0-openjdk and chromium-browser packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.

URL:rhn.redhat.com/errata/RHSA-2014-1397.html
URL:rhn.redhat.com/errata/RHSA-2014-1620.html
URL:rhn.redhat.com/errata/RHSA-2014-1626.html
19. Security Updates in Slackware (SSA:2014-288-01)
[16/10/2014] Slackware has released security update packages for fixing the vulnerability identified in the openssl package for multiple versions of Slackware Linux. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.846452
20. Security Updates in Ubuntu GNU/Linux (USN-2373-1, USN-2384-1)
[16/10/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the thunderbird and mysql-5.5 packages for versions 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.

URL:www.ubuntu.com/usn/usn-2373-1/
URL:www.ubuntu.com/usn/usn-2384-1/
21. Vulnerabilities in Microsoft Products (2987107, 2990942, 2993254, 2998579, 3000061, 3000414, 3000434, 3000869)
[15/10/2014] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft .NET Framework, Microsoft Windows, Microsoft ASP.NET MVC and Microsoft Office. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:technet.microsoft.com/library/security/ms14-oct
URL:technet.microsoft.com/library/security/MS14-056
URL:technet.microsoft.com/library/security/MS14-057
URL:technet.microsoft.com/library/security/MS14-058
URL:technet.microsoft.com/library/security/MS14-059
URL:technet.microsoft.com/library/security/MS14-060
URL:technet.microsoft.com/library/security/MS14-061
URL:technet.microsoft.com/library/security/MS14-062
URL:technet.microsoft.com/library/security/MS14-063
URL:www.hkcert.org/my_url/en/alert/14101501
URL:www.hkcert.org/my_url/en/alert/14101502
URL:www.hkcert.org/my_url/en/alert/14101503
URL:www.hkcert.org/my_url/en/alert/14101504
URL:www.hkcert.org/my_url/en/alert/14101505
URL:www.hkcert.org/my_url/en/alert/14101506
URL:www.hkcert.org/my_url/en/alert/14101507
URL:www.hkcert.org/my_url/en/alert/14101508
URL:xforce.iss.net/xforce/xfdb/95550
URL:xforce.iss.net/xforce/xfdb/96742
URL:xforce.iss.net/xforce/xfdb/96771
URL:xforce.iss.net/xforce/xfdb/96773
URL:xforce.iss.net/xforce/xfdb/96995
URL:www.us-cert.gov/ncas/current-activity/2014/10/14/Microsoft-Releases-October-2014-Security-Bulletin
22. Vulnerability in Microsoft Windows (3009008)
[15/10/2014] Vulnerability was identified in the SSL 3.0 protocol in Microsoft Windows. An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned products.

URL:technet.microsoft.com/en-us/library/security/3009008
23. Information Updates on Microsoft Security Advisories (2871997, 2949927, 2977292)
[15/10/2014] Microsoft has updated information on the Advisories for Microsoft Windows. (a) KB2871997 was rereleased to announce the release of updates that provide additional protection for users' credentials when logging on to a remote host server. (b) KB2949927 announced the availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2. (c) KB2977292 announced the availability of an update for supported editions of Windows for Microsoft EAP Implementation that Enables the Use of TLS.

URL:technet.microsoft.com/en-us/library/security/2871997
URL:technet.microsoft.com/en-us/library/security/2949927
URL:technet.microsoft.com/en-us/library/security/2977292
24. Vulnerabilities in Adobe Products (APSB14-22, APSB14-23)
[15/10/2014] Vulnerabilities were identified in the Adobe Flash Player and Adobe ColdFusion. An attacker could bypass security restriction, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:helpx.adobe.com/security/products/flash-player/apsb14-22.html
URL:helpx.adobe.com/security/products/flash-player/apsb14-23.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/14101511
URL:www.hkcert.org/my_url/en/alert/14101509
URL:www.us-cert.gov/ncas/current-activity/2014/10/14/Adobe-Releases-Security-Updates-ColdFusion-and-Flash-Player
25. Vulnerabilities in Mozilla Products (MFSA 2014-74, MFSA 2014-75, MFSA 2014-76, MFSA 2014-77, MFSA 2014-78, MFSA 2014-79, MFSA 2014-80, MFSA 2014-81, MFSA 2014-82)
[15/10/2014] Vulnerabilities were identified in Mozilla Firefox, Firefox ESR and Thunderbird. An attacker could execute arbitrary code, obtain sensitive information, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.mozilla.org/security/announce/2014/mfsa2014-74.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-75.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-76.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-77.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-78.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-79.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-80.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-81.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-82.html
URL:www.hkcert.org/my_url/en/alert/14101510
26. Vulnerability in Cisco Intrusion Prevention System
[15/10/2014] Vulnerability was identified in the Cisco Intrusion Prevention System (IPS). An attacker could bypass security restrictions, cause a denial of service condition and crash the application. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406
27. Vulnerability in TigerVNC (96947)
[15/10/2014] Vulnerability was identified in the TigerVNC. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/96947
28. Vulnerabilities in Python
[15/10/2014] Vulnerabilities were identified in the Python. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise a user's system.. These vulnerabilities affect versions 2.7, 3.3 and 3.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:hg.python.org/cpython/raw-file/v3.3.6/Misc/NEWS
URL:www.hkcert.org/my_url/en/alert/14101401
29. Vulnerabilities in Oracle Products
[15/10/2014] Vulnerabilities were identified in the Oracle Database, Oracle Fusion Applications and Middleware, Oracle Hyperion, Oracle E-Business Suite, Oracle Supply Chain Product Suite, Oracle PeopleSoft Enterprise, Oracle Siebel, Oracle Communications Applications, Oracle Retail Industry Suite, Oracle Java SE, Oracle and Sun Systems Products Suite, Oracle Solaris and Virtualization Products and Oracle MySQL Product Suite. An attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products.

URL:www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
URL:blogs.oracle.com/sunsecurity/entry/cve_2003_1294_symlink_attack
URL:blogs.oracle.com/sunsecurity/entry/cve_2009_2409_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_6151_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2013_4396_use_after
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3517_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3613_cookie_leak
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3618_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3621_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5461_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wan_boot
URL:www.us-cert.gov/ncas/current-activity/2014/10/14/Oracle-Releases-October-2014-Security-Advisory
30. Security Updates in SUSE (SUSE-SU-2014:1294-1)
[15/10/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the rsyslog package for SUSE Linux Enterprise Server 11. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html
31. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1388-2, RHSA-2014:1389-2, RHSA-2014:1390-2, RHSA-2014:1391-2, RHSA-2014:1392-2, RHSA-2014:1436-2, RHSA-2014:1507-2, RHSA-2014:1552-2)
[15/10/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the cups, krb5, luci, glibc, kernel, X11 client libraries, trousers and openssh packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.

URL:rhn.redhat.com/errata/RHSA-2014-1388.html
URL:rhn.redhat.com/errata/RHSA-2014-1389.html
URL:rhn.redhat.com/errata/RHSA-2014-1390.html
URL:rhn.redhat.com/errata/RHSA-2014-1391.html
URL:rhn.redhat.com/errata/RHSA-2014-1392.html
URL:rhn.redhat.com/errata/RHSA-2014-1436.html
URL:rhn.redhat.com/errata/RHSA-2014-1507.html
URL:rhn.redhat.com/errata/RHSA-2014-1552.html
32. Security Updates in Ubuntu GNU/Linux (USN-2345-1, USN-2372-1, USN-2382-1, USN-2383-1)
[15/10/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt, firefox, requests, wpa and wpasupplicant packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.

URL:www.ubuntu.com/usn/usn-2345-1/
URL:www.ubuntu.com/usn/usn-2372-1/
URL:www.ubuntu.com/usn/usn-2382-1/
URL:www.ubuntu.com/usn/usn-2383-1/
33. Vulnerability in Cisco Email Security Appliance
[14/10/2014] Vulnerability was identified in the Cisco Email Security Appliance (ESA). An attacker could bypass security restrictions. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3381
34. Vulnerabilities in IBM Products (S1004879, S1004898, S1004929, S1004930, S1004931, S1004932, 1680795, 1684704, 1684716, 1684769, 1684838, 1684903, 1685178, 1685733, 1686142, 1686194, MIGR-5096315)
[14/10/2014] Vulnerabilities were identified in the IBM DS8000 HMC, IBM System Storage Storwize V7000 Unified, IBM FlashSystem 840 and V840, IBM Business Process Manager, IBM WebSphere Lombardi Edition, IBM Rational Application Developer, IBM Security Network Protection, IBM WebSphere Business Events, IBM WebSphere ILOG JRules, IBM WebSphere Operational Decision Management, IBM Operational Decision Manager, IBM Security Access Manager for Mobile and Web, IBM Content Manager Enterprise Edition, IBM Tivoli Application Dependency Discovery Manager and IBM Flex System Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=ssg1S1004879
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004898
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004929
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004930
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004931
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004932
URL:www.ibm.com/support/docview.wss?uid=swg21680795
URL:www.ibm.com/support/docview.wss?uid=swg21684704
URL:www.ibm.com/support/docview.wss?uid=swg21684716
URL:www.ibm.com/support/docview.wss?uid=swg21684769
URL:www.ibm.com/support/docview.wss?uid=swg21684838
URL:www.ibm.com/support/docview.wss?uid=swg21684903
URL:www.ibm.com/support/docview.wss?uid=swg21685178
URL:www.ibm.com/support/docview.wss?uid=swg21685733
URL:www.ibm.com/support/docview.wss?uid=swg21686142
URL:www.ibm.com/support/docview.wss?uid=swg21686194
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
35. Vulnerabilities in Bugzilla
[14/10/2014] Vulnerabilities were identified in the Bugzilla. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.bugzilla.org/security/4.0.14/
URL:www.hkcert.org/my_url/en/alert/14101302
36. Vulnerability in Joomla!
[14/10/2014] Vulnerability was identified in the Joomla!. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:developer.joomla.org/security/596-20140904-core-denial-of-service.html
URL:www.hkcert.org/my_url/en/alert/14101301
37. Vulnerabilities in NeuroML (96942, 96943)
[14/10/2014] Vulnerabilities were identified in the NeuroML. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect versions prior to 2.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xforce.iss.net/xforce/xfdb/96942
URL:xforce.iss.net/xforce/xfdb/96943
38. Vulnerabilities in Pale Moon
[14/10/2014] Vulnerabilities were identified in the Pale Moon. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and compromise a user's system. These vulnerabilities affect versions prior to 25.0.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.palemoon.org/releasenotes.shtml
39. Security Updates in SUSE (SUSE-SU-2014:1287-1)
[14/10/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Containment-Studio package for SUSE Studio Onsite 1.3. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.

URL:lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
40. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1397-1)
[14/10/2014] Red Hat has released security update packages for fixing the vulnerability identified in the rsyslog package for Red Hat Enterprise Linux 7. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:rhn.redhat.com/errata/RHSA-2014-1397.html
41. Vulnerabilities in HP Sprinter (c04454636)
[13/10/2014] Vulnerabilities were identified in the HP Sprinter. An attacker could bypass security restrictions and execute arbitrary code. These vulnerabilities affect multiple versions of mentioned products. Security patches are available to resolve these vulnerabilities.

URL:h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04454636-1
URL:xforce.iss.net/xforce/xfdb/96923
42. Vulnerabilities in IBM Products (1682663, 1683429, 1684466, 1685242, 1685246, 1685350, 1686238, 1686240)
[13/10/2014] Vulnerabilities were identified in the IBM Sterling Connect:Direct, IBM Security Access Manager For Mobile, IBM Security Access Manager for Web, IBM Tivoli Storage Productivity Center and IBM TRIRIGA Application Platform. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=swg21682663
URL:www.ibm.com/support/docview.wss?uid=swg21683429
URL:www.ibm.com/support/docview.wss?uid=swg21684466
URL:www.ibm.com/support/docview.wss?uid=swg21685242
URL:www.ibm.com/support/docview.wss?uid=swg21685246
URL:www.ibm.com/support/docview.wss?uid=swg21685350
URL:www.ibm.com/support/docview.wss?uid=swg21686238
URL:www.ibm.com/support/docview.wss?uid=swg21686240
URL:xforce.iss.net/xforce/xfdb/95630
URL:xforce.iss.net/xforce/xfdb/95631
43. Vulnerabilities in Huawei Products (Huawei-SA-20141010-01-VRP, Huawei-SA-20141011-01-E355)
[13/10/2014] Vulnerabilities were identified in Huawei Versatile Routing Platform (VRP) and Huawei 3G wireless routers. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-373182.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-373306.htm
44. Vulnerabilities in SAP BusinessObjects (96933, 96934, 96935)
[13/10/2014] Vulnerabilities were identified in the SAP BusinessObjects. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect version 14.0.5 build 882 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xforce.iss.net/xforce/xfdb/96933
URL:xforce.iss.net/xforce/xfdb/96934
URL:xforce.iss.net/xforce/xfdb/96935
45. Vulnerabilities in Jenkins (2014-10-01)
[13/10/2014] Vulnerabilities were identified in the Jenkins. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
46. Vulnerability in Linux Kernel (96922)
[13/10/2014] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. The affected version was not specified. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/96922
47. Security Updates in Gentoo Linux (GLSA 201410-02)
[13/10/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the Perl Locale-Maketext module packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, gain elevated privileges, cause a denial of service condition and crash the system.

URL:www.gentoo.org/security/en/glsa/glsa-201410-02.xml
48. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1371-1)
[13/10/2014] Red Hat has released security update packages for fixing the vulnerability identified in the nss packages for Red Hat Enterprise Linux 4, 5 and 6. An attacker could bypass security restrictions.

URL:rhn.redhat.com/errata/RHSA-2014-1371.html
Source(s) of above information:AdobeBugzillaCiscoDebianGentooGoogle Chrome ReleasesHKCERTHPHuaweiIBMIBM ISSJenkinsJoomla!JuniperMicrosoftMozillaNovellOpenSSLopenSUSEOraclePale MoonPython.orgRed HatSlackwareUbuntuUS-CERT
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)